“If you have installed and run Firefox 58.0.2, OnyX or Deeper since 1 February 2018, please accept my apologies, but you will need to follow these steps to remove a Bitcoin miner which hacked versions of those apps installed. When MacUpdate learned about the issue, it immediately apologized and a statement as issued by the site’s editor apart from offering instructions on removing the malware: In the case of the Deeper app, the hackers got even sloppier, including an OnyX app instead of a Deeper app as the decoy by mistake, making it fail similarly but for a more laughable reason.” This means that on any system between 10.7 and 10.12, the malware will run, but the decoy app won’t open to cover up the fact that something malicious is going on.
#HACK APP STORE FOR MAC MAC OS X#
“For example, the malicious OnyX app will run on Mac OS X 10.7 and up, but the decoy OnyX app requires macOS 10.13. The success rate of this method isn’t hundred percent always. When the fake apps are installed, a payload is installed from the legitimate URL, which opens a copy of the original app and activates the malware. “This means the creation of these applications had a low bar for entry,” noted Abbati.ĭecoy copies of the authentic app are also present in the malware so that users don’t get suspicious. MacUpdate trojan/miner is a Platypus dropper downloading a miner from Adobe Creative Cloud servers.
#HACK APP STORE FOR MAC FULL#
The applications have been created by Platypus, a developer tool that produces full macOS apps from various scripts like Python or Shell scripts. What happens is that the user is requested to store the app into the Applications folder, which is a common requirement even with the original apps. Conversely, the unauthentic Firefox app is being distributed through fake URL instead of. This new domain was registered on 23rd January but its owner is remained obscured. OnyX and Deeper are developed by Titanium Software, which can be accessed at, but the link has been maliciously altered as to redirect users to download URLs from this unauthentic address.
According to Thomas Reed from Malwarebytes, the fake domains show URLs that were already modified but looked legit and convincing to users. They installed modified copies of the cryptomining apps OnyX, Firefox and Deeper and replaced the download links for each of these modified apps with links that led users to malicious domains. Cybercriminals apparently infiltrated the MacUpdate website to distribute the malware.
0 kommentar(er)
