OSX/CrescentCore
OSX/CrescentCore is a Trojan downloader that installs other threats and Potentially Unwanted Programs (PUPs) onto your computer. Its campaign is using Adobe Flash-themed disguises and corrupted websites for circulating it onto the computers of Web surfers with poor downloading habits. Mac users should run a compatible anti-malware service immediately for uninstalling OSX/CrescentCore or implementing preventative protection.
The Core of a New Trojan Distribution Model
OS X is not as frequently the target of unique threats in comparison to Windows environments, but this trait is less a matter of superior security than it is a natural fallout of demographics. There still are enough users on Mac PCs for the occasional Trojan business's thriving on victimizing them, as the newest OSX/CrescentCore shows so adequately. This Trojan is a configurable, threat-downloading service, with at least two variations out in the wild.
OSX/CrescentCore is spreading through a combination of fake media piracy-downloading sites and domains that are using SEO-crafted content for achieving high rankings on search engines like Google. However, instead of representing itself as being a crack or movie, OSX/CrescentCore's installer is an imitation of an update for Adobe's Flash Player. Although most sites are pivoting away from using Flash, due to its security risks, the disguise may be effective at tricking Web surfers with interests in online games or streaming media.
Although malware analysts can't confirm all known variations of OSX/CrescentCore's payload, some versions of the Trojan install a corrupted extension for Safari. A secondary installation consists of a fake system-cleaning application by the name of Advanced Mac Cleaner. Readers may remember that this scamware has connections to OSX/SurfBuyer, a piece of adware that uses OSX/Linker for working around Gatekeeper defensive protocols.
Dulling the Sharp Edges of a Crescent Trojan
Some of OSX/CrescentCore's distribution exploits use JavaScript redirectors with notable obfuscation for keeping themselves out of the sights of security products. Others have no obfuscation but have disguises with a focus on in-demand media products like recent releases of DC comic franchises, such as Batman Detective. In all cases, the Web surfer is the lynchpin of the procedure and is navigating intentionally to the site before any attacks commence.
Users can protect themselves in multiple ways from the current implementations of OSX/CrescentCore's drive-by-downloads. OSX/CrescentCore auto-terminates itself upon detecting any sandbox or virtual environments, as well as whenever it finds well-known brands of anti-malware products on the computer. It's only compatible with OS X environments – although malware researchers find similar, unique Trojan downloaders on Windows and Linux nearly daily.
Although protected PCs should be pre-immunized to OSX/CrescentCore infections, users who don't have security software, or whose software doesn't fall into OSX/CrescentCore's blacklist, are at risk. They can disinfect their Macs by running system scans with a compatible anti-malware application and uninstalling OSX/CrescentCore, along with Advanced Mac Cleaner et al.
OSX/CrescentCore does harm to victims who are all but asking for the trouble that it brings to their hard drives. Browsing illegal website content, downloading illegitimate updates, and not using AV solutions are all invitations for criminal interests, as even the newest Mac owner should know.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.