You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- New Mac malware LamePyre can spy on you and run a backdoor

New Mac malware LamePyre can spy on you and run a backdoor
New Mac malware LamePyre can spy on you and run a backdoor- December 14, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_149255174.jpg)
- LamePyre takes screenshots and sends them to its C2 server. It uses the open source backdoor EmPyre to inject its functionality in the background.
- The malware tries to appear as a legitimate version of the Discord messenger to fool users.
Though MacOS is generally less targeted when compared to the Windows operating system, it is never all quiet on the western front either. Just this month, we have witnessed significant activity regarding the malware targeting Apple’s MacOS.
The latest MacOS malware, dubbed LamePyre, was discovered by Adam Thomas from Malwarebytes. The malware is capable of taking screenshots and running a backdoor. However, it does not do much beyond, hence the name. Due to its limited capabilities, it still appears to be under development.
Modus Operandi
LamePyre tricks users by appearing as a copy of the Discord messaging app used by gamers. In reality, it is just a shell script which shows up as the typical Automator icon in the menu bar on MacOS when run by the user.The script used in LamePyre first decodes its payload and then runs a loop to capture screenshots and send them to its command and control (C2) server.
Adam Thomas noted that the Python script for the EmPyre open source backdoor to be set up. DarthMiner, another recently discovered malware on MacOS, also uses this backdoor for injecting cryptocurrency mining capabilities in the background.
Additionally, the script adds a launch agent named com.apple.systemkeeper.plist, in order to keep the backdoor and screenshot functionality running persistently. Interestingly, the author has not made much efforts to actually make it appear like an actual copy of the Discord messenger.
“This malware is really unconvincing, as it does nothing at all to pretend that it is a legit Discord app. It is not a maliciously-modified copy of the Discord app,”Thomas wrote. “It doesn’t even include and launch a copy of the Discord app, which it could do easily as a subterfuge to make the app look legit. For that matter, it doesn’t even use a convincing icon!”
However, the malware is still capable of capturing a few screenshots and sending them to the attacker, before users realize that something may be wrong with the app.
MacOs Malware Month
This is the third discovered malware strain affecting MacOS in December. DarthMiner, mentioned earlier, is one among them, which was spread through the Adobe Zii piracy software, which is used for pirating Adobe applications.
The other malware discovered this month is OSX.Badword, which was discovered by John Lambert from Microsoft. It used a malicious macro embedded in a Microsoft Word document and targeted a sandbox escape vulnerability using the Meterpreter backdoor.
The recent malware discoveries call for MacOS users to avoid downloading applications from unverified sources to remain safe from such malware disguised as legitimate software.
- + Aware
Get such articles in your inbox
News
-
-
Next News Kremlin-linked Fancy Bear hit government agencies in four continents
- December 14, 2018
- |
- Threat Actors
Popular News
Related News
-
Mac Malware Masquerades As Trading App To Steal Information
- September 23, 2019
- |
- Malware and Vulnerabilities
Categories
Get such articles in your inbox
News
-
-
Next News Kremlin-linked Fancy Bear hit government agencies in four continents
- December 14, 2018
- |
- Threat Actors
Popular News
Related News
-
Mac Malware Masquerades As Trading App To Steal Information
- September 23, 2019
- |
- Malware and Vulnerabilities
Categories
