(MENAFN- NewsBytes) Often, we run intomalwarestrains designed to compromise computers, steal data from them.
The impact of these programs can vary significantly, but most endpoint detections can flag their activities and prevent attacks.
Now, that is changing, as a new Mac malware is attacking in such a way that it can't even be detected.
Here's all you need to know about it.
Malware File-less malware carrying out stealthy attacks
When malicious programs attack, they create dubious files on the system's hard drive, which are flagged by the anti-virus programs.
But, in this case, the Mac malware in question uses a file-less technique to hide.
Essentially, instead of writing anything on to the hard drive, it deploys the malicious code into the system memory and executes it from there, leaving no sign of detection.
Attack How it attacks?
For an attack, Mac security expert Patrick Wardle says, a system is infected with UnionCryptoTrader.dmg, which is the malware posing as a crypto-app.
At this stage, it can be detected but according toanalysis stats , a mere 18 of nearly 60 antivirus programs were capable of flagging it.
Then, this .dmg file installs unioncryptoupdated, a malicious originally-hidden binary that runs as root.
Details Then, the file-less attack begins
After being delivered, the binary runs and connects with a server at hxxps://unioncrypto[.]vip/update to look and download a second payload.
It then decrypts this payload and usesmacOS ' programming interface to create an object file, which allows the malicious program to run in memory, without even touching the hard drive, and compromise the system and its data.
Perpetrator North Korea's Lazarus group said to be behind this malware
Though details are limited, the technique is said to be similar to the one employed byLazarus Group , the North Korean hackers who were also behind WannaCry ransomware.
It appears they are targeting the crypto wallets of unsuspecting Mac users this time around.
But, no need to worry, you can stay protected by using a capable anti-virus program and being more careful online.
MENAFN0912201901650000ID1099391432
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.