Tech 4 July 2018

Ed Drake

MacOS malware targets crypto-discussing Slack, Discord users

Security researchers have uncovered a new type of malware aimed at those using MacOS devices to discuss cryptocurrencies.

The malware attacks users participating in cryptocurrency discussions on chat apps Discord and Slack, with hackers gaining access to conversations and posing as administrators to share malicious code. The code, identified by Sans Institute security researcher Remco Verhoef, connects to a C&C (Command and Control) server run by the hackers, which allows them to run code on the user’s MacOS device remotely. The malware also harvests passwords, in addition to seizing control of the victim’s device.

Verhoef suggested the hack server appeared to be situated in the Netherlands, saying, “CrownCloud, a German-based provider is the owner of the block of 185.243.115.230 and the server appears to be located in the Netherlands.”

Patrick Wardle, founder at Digita Security, described the malware as “dumb.”

“The capabilities are rather limited (and thus rather dumb), it’s trivial to detect at every step (that dumb)…and finally, the malware saves the user’s password to dumpdummy…I guess the take away here is (yet again) the built-in macOS malware mitigations should never be viewed as a panacea,” Wardle said in a blog post.

The dean of Research at the Sans Institute, Dr. Johannes Ullrich, said the best protection for users was to be wary of the software they install. In an interview with SC Media UK, Ullrich said, “This is probably the number one defence in this particular case, since anti-malware does not protect users until a signature is added to it. OS X tools like ‘LittleSnitch’ can also warn the user when new software like this establishes outbound network connections.”

Meanwhile, Alex Hinchliffe, an analyst at Unit 42, Palo Alto Networks, warned the “crude” malware could be expected to improve over time.

“We should expect such attacks to improve over time. As for organisations, they have some benefits in that they can typically control their network and environment more tightly than home users,” Hinchliffe told the UK news outlet. “In-house instances of such chat groups therefore can be rigorously checked for membership and the content being shared. Multi-factor authentication should be used to ensure that leaked or stolen credentials do not allow simply anyone to join an organisations chat room.”

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

Dr. Craig Wright: Bitcoin needs simplified payment verification

Tech 8 hours ago

Dr. Craig Wright: Bitcoin needs simplified payment verification

In an effort to break down the lies that BTC developers have propped up, Dr. Wright explains orphan blocks and 0-conf in his latest article

Read More
Bitcoin SV shatters 1GB block size in testnet

Tech 13 hours ago

Bitcoin SV shatters 1GB block size in testnet

The Bitcoin SV team, using the Scaling Test Network, have proven that with a few minor adjustments, BSV is cleared to handle 1GB+ blocks.

Read More
New Firefox option allows users to block crypto mining scripts

Tech 16 hours ago

New Firefox option allows users to block crypto mining scripts

Mozilla has included an option under “Privacy & Security” tab allowing users to automatically block “cryptominers” from running in their browser.

Read More
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]