Security News > 2023 > February > Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware
Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems.
"This malware makes use of the Invisible Internet Project to download malicious components and send mined currency to the attacker's wallet," Jamf researchers Matt Benyo, Ferdous Saljooki, and Jaron Bradley said in a report shared with The Hacker News.
The malicious mining process banks on the user launching the pirated application, upon which the code embedded in the executable connects to an actor-controlled server over i2p to download the XMRig component.
Apple has taken steps to combat such abuse by subjecting notarized apps to more stringent Gatekeeper checks in macOS Ventura, thereby preventing tampered apps from being launched.
"On the other hand, macOS Ventura did not prevent the miner from executing," Jamf researchers noted.
"By the time the user receives the error message, that malware has already been installed."
News URL
https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024 (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)