OSX.LamePyre
OSX.LamePyre is a backdoor Trojan and spyware that helps a threat actor administrate over your PC remotely while collecting information through screenshots. Screenshots are uploaded automatically very frequently and may contain sensitive information, such as passwords or credit card numbers. Users of macOS systems should have appropriate anti-malware tools for removing OSX.LamePyre and avoid its known infection vectors: fake Discord installers.
A Particularly Discordant Note in Your Chatting Software
Ricepaper-thin disguises aren't always that much less effective than their more intricately-designed counterparts at sneaking into unauthorized places. Some Trojans, like EvilEgg and its CoinTicker, mask themselves with incredibly fleshed-out software. Others, like OSX.LamePyre, make do with less, but might not be suffering for the lesser effort.
OSX.LamePyre's installer pretends that it's for Discord, a mic and text chatting application that's particularly popular amongst gamers. Its actual nature is that of an Automator script – a task-automating application for macOS or OS X environments – without bundling Discord or displaying any Discord-reminiscent GUI elements. During the installation, OSX.LamePyre even displays the same gear icon as any 'normal' Automator script.
The payload is, unfortunately, where most of OSX.LamePyre's effort lies and where it endangers users. Through Python scripting, it can take screenshots every few seconds and upload them to an attacker's server. It also provides a general-purpose backdoor or connection for letting hackers exercise administrative control over the system.
Proving Your Security Less Lame than a Bare Minimum-Effort Trojan
As spyware, OSX.LamePyre may capture credentials like passwords or transaction details relatively quickly, and deliver it to threat actors without any notice. It also should be treated just as the first of the possibility of multiple threats. Nearly all backdoor Trojans may download, execute, and install other threats, although the means of doing so could be nothing more involved than the hacker's entering manual commands at a prompt.
Since OSX.LamePyre's disguise is so simple, most users should recognize its falsity by looking at the file's size or other, stand-out characteristics. They also can dodge possible infection exposure by avoiding websites that aren't official sources for software. Discord, for example, has an official domain at discordapp.com. Torrents are notable as being especially risky sources of free software.
While macOS has some innate defenses against harmful software, malware experts also see many Trojan campaigns subverting or disabling these features. All users should have trustworthy anti-malware products, compatible with their OS, for removing OSX.LamePyre or other threats at will.
OSX.LamePyre doesn't make much of an effort at hiding, but sometimes, it's not worth the trouble of adding more tricks to a Trojan that's performing adequately. Any users falling for this 'lame vampire' of a disguise is likely endangering their computer with more than just spyware – although screen grabbers are bad enough, as it is.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.