OSX.CreativeUpdate macOS Cryptocurrency Miner Distributed via MacUpdate
If there’s anything constant in the ever-evolving technology and threat landscapes, it’s that no platform will be truly immune. Cryptocurrency-mining malware, for instance, first gained ground on Windows systems then went to affect Android-run mobile devices. Cryptocurrency-mining malware entered the macOS scene in 2011 as a bitcoin-mining backdoor embedded in applications distributed via torrents.
It’s no surprise that security researcher Arnaud Abbati uncovered a new Monero-mining malware — OSX.CreativeUpdate (detected by Trend Micro as OSX_COINMINE.B) — packaged with decoy copies of Firefox as well as OnyX and Deeper system maintenance and optimization tools. OSX.CreativeUpdate, so named because it was retrieved from abused Adobe Creative Cloud servers, was made with Platypus, an open-source tool for creating macOS applications.
Security researcher Thomas Reed analyzed the ways OSX.CreativeUpdate affected a machine, noting, “For example, the malicious OnyX app will run on Mac OS X 10.7 and up, but the decoy OnyX app requires macOS 10.13. This means that on any system between 10.7 and 10.12, the malware will run, but the decoy app won’t open to cover up the fact that something malicious is going on.”
So how did OSX.CreativeUpdate wound up on the MacUpdate website? MacUpdate admitted that they inadvertently linked the download sites of legitimate Mac applications to fake domains. Users who have downloaded Firefox 58.0.2, OnyX, and Deeper from February 1 to 2 via MacUpdate are urged to delete copies that may have been installed in the system.
While the cyber faux pas has accordingly been fixed, it highlights how adverse the impact can be for what may seem cursory. For instance, investors of Bee Token and Experty were duped into sending their tokens to fraudsters with a simple phishing email, costing them over $1 million in ethereum. Even social media and web stores aren’t spared from abuse.
Indeed, these incidents couldn’t be timelier with Safer Internet Day, especially if these threats put the users’ digital experience at risk and expose their data to theft. And against malware that take advantage of cryptocurrency’s nascent use, being more security-aware can pay dividends.
Some of the best practices users can adopt include regularly updating the system and applications to deter cybercriminals from exploiting their vulnerabilities and ensuring software and applications are downloaded on official websites and trusted marketplaces. Read their ratings or reviews if available, as they can help raise red flags if they are malicious or not. Users can also benefit with multilayered security solutions such as Trend Micro Antivirus for Mac and Maximum Security, which help defend against web threats and malicious websites, keep online scams out of the inbox, ensure privacy on social media, and optimize system performance.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report