New Threats to MacOS From Malware in Cryptocurrency Chats Could Turn Your Investment Dreams to Dust

The general perception that MacOS is a safe OS is increasingly under threat from waves of threats and a wide range of attack vectors that could impact any operating system. The latest threat sees crypto chats laden with malware to tempt those looking to make an online killing, but they could end up as another cyber victim.

By Chris Knight

The move to always online collaboration tools open up MacOS and all PC users to a new range of threats. Users can be talking online about areas of interest, such as cryptocurrency, a popular topic. All of a sudden, they are invited by an admin to download a command line code snippet as part of an intriguing crypto tool. Within seconds, their Mac can be infected by a nasty malware download that can allow for remote command execution.

Crypto is a hot target for hackers, either trying to gain a user’s account details or to replace the user’s account in mining software with the hackers, earning money for them. A recent McAfee Security Report (PDF) shows that cryptojacking attacks have risen by a hefty 629% in the opening months of 2018.

With thousands of coins seeking attention, looking to replicate the success of Bitcoin, and initial coin offerings (ICOs) competing with each other across a wide range of exchanges, there are millions of users looking to make a quick buck. This booming, free-for-all landscape is ripe for hackers to make a killing of their own.

Welcome OSX.Dummy

The early efforts as demonstrated by this recent attack are not particularly sophisticated (hence, the Dummy nickname). But, with people keen to make a profit on the latest crypto news, their guard may be down. The attack was originally reported by a Dutch security analyst and as with most threats, more sophisticated versions will be rapidly developed by better crackers to up the ante.

This latest threat is called OSX.Dummy and during the course of online chats, users are asked to download a code snippet, which becomes an unsigned download that can bypass the MacOS Gatekeeper protection tool.

Command line codes are quite common for bitcoin miners and others interested in crypto and alt coin currencies, so this type of discussion is not out of the ordinary. People use generic bitcoin miners to mine different currencies which often require patches, code updates and other tweaks to keep them working, with many open source projects open to malware injection or other risks.

The trouble is, hackers and scammers are not far behind on any legitimate post or forum. Slack, Twitter, Github messages and other chats are full of them, luring people in. Many are annoyances or obvious to avoid, but now hackers have set their sights on this market, the risk will only grow.

Hopefully, users will become more aware to the threats. But newcomers, tempted by the newer coins coming to market and with crypto currencies gaining wider interest, there will be a constant stream of them who will be at risk.

These non-technical users or experienced users who think they are safe, as they are using a Mac, and trying their luck at crypto could get stung in the process. OSX.Dummy might just be the first effort to take on Mac owners in this battle, but it won’t be the last. Mac owners can’t rely on Gatekeeper to remain safe, so will need all the other firewall, anti-intrusion and other tools to protect their networks.