A new form of macOS malwares is being distributed in a novel way by targeting Slack and Discord cryptocurrency fans with fake messages.

The malware, dubbed OSX.Dummy by Remco Verhoef, founder of network security firm DutchSec, involves those behind it impersonating administrators or key people in crypto-related chat groups, sharing “small snippets” that attempt to trick users to download and execute malicious binary code.

Once the malicious binary is downloaded, the script connects to a command-and-control server owned by the attackers, allowing them to remotely access the Mac and run code on it, including code that can steal passwords and other information.

The “Dummy” part of the name comes from the fact that attackers are asking users to infect themselves and that the malware itself is fairly simple, in this case literally dumb.

Ryan Benson, senior threat researcher at Exabeam Inc., told SiliconANGLE that the “malware is fairly rudimentary but I don’t doubt that it has infected people. The infection mechanism (and other parts) look ‘dumb’ to someone technical, but the cryptocurrency targeting is interesting.”

Benson noted that many otherwise nontechnical people have jumped on the cryptocurrency bandwagon. “Cryptocurrencies are inherently technical, so these less-technical users may be used to following technical how-tos without really understanding what the commands they run are doing,” he said. “This puts them in dangerous territory and ripe for an attack like this, even if it is ‘dumb.’”

That said, the malware is not without risk, because once it’s installed, it saves the infected Mac’s root password in plain text. Even if the OSX.Dummy malware is removed, if the cleanup isn’t thorough enough in deleting the plain text file, other malicious programs will have access to a nonencrypted file detailing the password.

Photo: Pixabay