OSX.Dummy Malware Targeting Cryptocurrency Community

Objective-See reported on a new piece of macOS malware dubbed OSX.Dummy targeting the cryptocurrency community. The report details how their tools can generically thwart this threat at various stages of execution. While specific technical details of the malware’s operation and delivery are not provided, the report highlights its existence and potential impact on cryptocurrency users. Defenders should be aware of this emerging threat and consider implementing generic detections to catch this and similar malware families. The original report was published in June 2018.

Attack Chain

1. Initial Access: The report does not specify the initial access vector.
2. Execution: The report does not specify how the malware executes.
3. Persistence: The report does not specify the persistence mechanisms.
4. Defense Evasion: The report does not specify defense evasion techniques.
5. Credential Access: The report does not specify credential access techniques.
6. Discovery: The report does not specify discovery techniques.
7. Collection: The report does not specify data collection techniques.
8. Impact: Cryptocurrency theft from infected macOS systems.

Impact

The primary impact of OSX.Dummy is likely the theft of cryptocurrency from infected macOS systems. The specific number of victims and the extent of the damage are not specified in the provided source. Successful infection could result in significant financial loss for affected individuals within the cryptocurrency community.

Recommendation

• Investigate common macOS malware persistence locations for unusual files or processes.
• Monitor network connections for unusual outbound traffic, which could indicate communication with a C2 server.
• Deploy behavioral detection rules focusing on suspicious process execution patterns on macOS.