09 Dec 2019
Watch out! This Mac malware can carry out stealthy attacks
Often, we run into malware strains designed to compromise computers, steal data from them.
The impact of these programs can vary significantly, but most endpoint detections can flag their activities and prevent attacks.
Now, that is changing, as a new Mac malware is attacking in such a way that it can't even be detected.
Here's all you need to know about it.
File-less malware carrying out stealthy attacks
When malicious programs attack, they create dubious files on the system's hard drive, which are flagged by the anti-virus programs.
But, in this case, the Mac malware in question uses a file-less technique to hide.
Essentially, instead of writing anything on to the hard drive, it deploys the malicious code into the system memory and executes it from there, leaving no sign of detection.
How it attacks?
For an attack, Mac security expert Patrick Wardle says, a system is infected with UnionCryptoTrader.dmg, which is the malware posing as a crypto-app.
At this stage, it can be detected but according to analysis stats, a mere 18 of nearly 60 antivirus programs were capable of flagging it.
Then, this .dmg file installs unioncryptoupdated, a malicious originally-hidden binary that runs as root.
Then, the file-less attack begins
After being delivered, the binary runs and connects with a server at hxxps://unioncrypto[.]vip/update to look and download a second payload.
It then decrypts this payload and uses macOS' programming interface to create an object file, which allows the malicious program to run in memory, without even touching the hard drive, and compromise the system and its data.
North Korea's Lazarus group said to be behind this malware
Though details are limited, the technique is said to be similar to the one employed by Lazarus Group, the North Korean hackers who were also behind WannaCry ransomware.
It appears they are targeting the crypto wallets of unsuspecting Mac users this time around.
But, no need to worry, you can stay protected by using a capable anti-virus program and being more careful online.