"(), deputy director of Threat Intelligence for Unit 42, told Threatpost that researchers are not certain how victims are first infected by the shell script, but they suspect victims download a malicious program from a third-party store." However, a ThreatPost writeup states that: Unit 42 (of Palo Alto Networks) who uncovered CookieMiner and wrote the original report on the malware, made no mention the malware’s initial infection vector. “Mac ‘CookieMiner’ Malware Aims to Gobble Crypto Funds”.“Mac Malware Steals Cryptocurrency Exchanges’ Cookies”.“How to Reverse Malware on macOS Without Getting Infected”ĬookieMiner is a cryptominer that also steals user cookies and passwords, likely to give attackers access to victims online accounts and wallets.ĭownload: OSX.CookieMiner (password: infect3d) “Lets Play Doctor: Practical OSX Malware Detection & Analysis” If you’re interested in general Mac malware analysis techniques, check out the following resources: Installed (to /usr/bin/lldb) as part of Xcode.Ī “reverse engineering tool (for macOS) that lets you disassemble, decompile and debug your applications” …or malware specimens! The de-facto commandline debugger for macOS. Our ( open-source) utility that displays code-signing information, via the UI. Our user-mode ( open-source) utility monitors file events (such as creation, modifications, and deletions) providing detailed information about such events. Our user-mode ( open-source) utility that monitors process creations and terminations, providing detailed information about such events. Throughout this blog, we’ll reference various tools used in analyzing the malware specimens. The “ malwareland” channel on the MacAdmins slack / / / and others who choose to remain unnamed. I’d personally like to thank the following organizations, groups, and researchers for their work, analysis, & assistance! □□
0 Comments
Leave a Reply. |