The research team stated that while AppleScript incorporates more powerful features, the authors of OSAMiner are not currently taking advantage. It finds them by checking a hardcoded list. The script is designed to kill processes belonging to popular tools for system monitoring and cleaning. Supporting this conclusion is killing the Activity Monitor, which is the equivalent of the Task Manager in Windows, likely to prevent users from checking the system's resource usage. Its purpose is to download the open-source XMR-Stak Monero miner that works on Linux, Windows, and macOS.Īccording to a SentinelOne researcher, the second script is intended to prevent analysis and evade detection. This was the third run-only AppleScript, downloaded to the ~/Library/11.PNG. The researchers say that the main script also sets up a persistence agent and downloads the first stage of the miner from a URL set on a public page. #Macos malware runonly avoid detection for serial numberOther tasks it runs include collecting the serial number of the device, restarting the 'launchctl' job responsible for loading and unloading daemons or agents, and to kill the Terminal application. It also checks if the machine has enough free space and exits if there isn't sufficient storage. The main role of the parent script is to write the embedded AppleScript to ~/Library/k.plist using a "do shell script" command and execute it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |