Sentinellabs has published a report on a new malware targeting Mac users of blockchain technologies, such as Crypto. The threat agents behind the attack are based in North Korea, according to research from Huntabil.it, as mentioned by Sentinellabs.
The attack involves executable scripts written in AppleScript, C ++ and NIM. Targeted users are sent a meeting invitation via Calendly, a cloud-based B2B planning service. The contact is created over telegram as the striker mimics a trusted contact with the target. The invitation includes what appears as a link to a “ZOOM SDK UPDATE SCRIPT”, but is actually a link to download and install malware.
Once installed, malware collects “general system data”, browser data and telegram -chat stories. It collects user data such as the login information for Mac, the version of MACOs used, and passwords in MacOS’s keychain. Sentinellabs also reports that it is aimed at data from ARC, Brave, Firefox, Google Chrome and Microsoft Edge; Safari was not erected.
How to protect you from malware
Given the nature of the attack reported by Sentinellabs -Mac users of blockchain technologies using calendar and telegram -it seems that most Mac users are not targets. However, the report points out that the use of NIM-based software along with AppleScript is a relatively new development. This combination helps malware avoid detection and could eventually be used in a wider attack.
The easiest way to protect yourself as an individual user from malware is to avoid downloading software from storage sites such as GitHub and other download sites. Apple has monitored software in the Mac App Store and is the safest way to get apps. If you prefer not to condescending the Mac App Store, buy software directly from the developer and their site. If you insist on using cracked software, you will always risk exposure to malware.
Never open links IE emails or texts you receive from unknown and unexpected sources. If you get a message that looks like it is from a device you are doing business with, check the sender’s e -mail address and inspect the URL carefully. If you see a link or button, you can check it, select Copy Link, and then paste it into a Textsteditor to see the actual URL and check it.
Apple releases security fixes through us updates, so it is important to install them as soon as possible. Macworld has several guides to help, including a guide on whether you need antivirus software, a list of Mac viruses, malware and Trojans and a comparison of Mac safety software.