MacOS Malware Targeting Crypto Community, Spreading Through Admin Impostors
The SANS Internet Storm Center published a report on 29th June 2018 analyzing a new malware that targets the cryptocurrency community. This time the malware targets MacOS, at this stage it is not very sophisticated but as affordable and easy to use as it is, a lot of people will surely try and improve on it.
This particular iteration is a heavy script that downloads a malware package from a cloud host. Victims get to download the installer themselves: The attacker posts a line of code into crypto communities on Slack and Discord from an account with username and avatar similar to the one of an admin or developer.
Since most crypto projects have community beta testing chats, the impostor dev strategy should be reasonably successful even though for an outsider it probably looks quite lame and obvious. It also costs next to nothing, just like email phishing and social engineering, which means we should expect these attacks are here to stay and will only get more intricate with time.
According to trendmicro.com this is also the overall prediction for year 2018 in cyber security: phishing has been a huge success, especially using fake sites and malicious PDF files, of course it will grow. It does not need a lot of technical skill to pull this off, targeted attacks can be sold as a service and literally even a child can afford that from their pocket money.
The particular type of malware is likely going to vary, even ancient OG malware schemes are now getting upgraded to check for cryptocurrency wallet files on the victim machine.
Stay safe out there…Couple years ago that would refer to “Do not get rekt by accidentally entering a trade against Okcoin whale”. We have come a long way.
Related post, as ever: Tiered Device Management for Crypto Holders