New Mac Malware Invades Slack and Discord Crypto Channels
A new OSX malware that has been popping up on Discord and Slack has been identified by security experts. Discovered by Remco Verhoef, the malware was found to be promoted through cryptocurrency-oriented channels on both platform.
DutchSec’s founder said that many were posing as administrators and moderators on these channels and presenting users with a command to input into their computers under the pretense that it would solve issues they may have.
Once the command was implemented, a large code is downloaded onto the computer. Through a process known as a “script”, a reverse shell is implemented which gives complete access to hackers through any infected computer.
Thomas Reed, a malware and security expert, said that the intentions behind those utilizing the new malware have yet to be revealed, although it was possible that cryptocurrency theft or mining was the intended purpose of infecting computers due to the channels on which they were advertised.
Dubbed the OSX.Dummy by experts studying the new malware, Patrick Wardle said the virus itself acquires a password for a user’s root system and in turn infects the computer.
Unlike other malware attacks which save a user’s root password on a separate platform, this new type of malware saves the password under the “share” file of a computer, which can be accessed at a later date for any number of illegal activities. Experts continue to warn OSX users that root passwords are not encrypted, which could be a clear giveaway to any foul play. Thorough checking is heavily recommended by security experts since the malware may continue to exist anywhere on a computer even after completely removing OSX.Dummy.
All three experts that observed the new malware said that at its core, it functions like any basic version of infectious programming, and that many of the new tools designed for Macs will be able to efficiently remove the malware.