BSV
$67.23
Vol 205.81m
0.44%
BTC
$97866
Vol 122680.32m
3.96%
BCH
$483.33
Vol 2167.75m
10.93%
LTC
$88.68
Vol 1403.12m
6.35%
DOGE
$0.38
Vol 9326.03m
3.05%
Getting your Trinity Audio player ready...

Security researchers have uncovered a new type of malware aimed at those using MacOS devices to discuss cryptocurrencies.

The malware attacks users participating in cryptocurrency discussions on chat apps Discord and Slack, with hackers gaining access to conversations and posing as administrators to share malicious code. The code, identified by Sans Institute security researcher Remco Verhoef, connects to a C&C (Command and Control) server run by the hackers, which allows them to run code on the user’s MacOS device remotely. The malware also harvests passwords, in addition to seizing control of the victim’s device.

Verhoef suggested the hack server appeared to be situated in the Netherlands, saying, “CrownCloud, a German-based provider is the owner of the block of 185.243.115.230 and the server appears to be located in the Netherlands.”

Patrick Wardle, founder at Digita Security, described the malware as “dumb.”

“The capabilities are rather limited (and thus rather dumb), it’s trivial to detect at every step (that dumb)…and finally, the malware saves the user’s password to dumpdummy…I guess the take away here is (yet again) the built-in macOS malware mitigations should never be viewed as a panacea,” Wardle said in a blog post.

The dean of Research at the Sans Institute, Dr. Johannes Ullrich, said the best protection for users was to be wary of the software they install. In an interview with SC Media UK, Ullrich said, “This is probably the number one defence in this particular case, since anti-malware does not protect users until a signature is added to it. OS X tools like ‘LittleSnitch’ can also warn the user when new software like this establishes outbound network connections.”

Meanwhile, Alex Hinchliffe, an analyst at Unit 42, Palo Alto Networks, warned the “crude” malware could be expected to improve over time.

“We should expect such attacks to improve over time. As for organisations, they have some benefits in that they can typically control their network and environment more tightly than home users,” Hinchliffe told the UK news outlet. “In-house instances of such chat groups therefore can be rigorously checked for membership and the content being shared. Multi-factor authentication should be used to ensure that leaked or stolen credentials do not allow simply anyone to join an organisations chat room.”

Recommended for you

Blockchain enables autonomous AI agents to learn
Utilizing blockchain tech, a group of Belgian scientists enabled autonomous AI agents to learn and communicate securely, contributing to the...
September 17, 2024
WhatsOnChain gets own UTXO endpoints for BSV blockchain services
With ElectrumX set to retire in October, WhatsOnChain is gearing up to implement a new UTXO set of API endpoints,...
September 16, 2024
Advertisement