According to ibtimes media reported on February 6, security researcher SentinelOne network security company found that hackers use the popular software download site MacUpdate to Mac users to distribute a named OSX.CreativeUpdate encrypted currency mining mine, the main purpose is to hijack user devices CPU, secretly steal Monero.
According to the researchers, the official download link provided by the MacUpdate website has been replaced by a hacker, resulting in a user device being infected. In addition, the fake link domain names have been subtly changed to make them appear legitimate and convincing. Once a user downloads and installs, the legitimate website public.adobecc.com will be forced to install a payload and attempt to open a copy of the original application as a decoy to trigger malware activation.
Now through the investigation found that Firefox, OnyX and Deeper applications such as hackers replaced the download link. The reason why researchers think hackers choose these three applications is that they were developed by Platypus. Because Platypus development tools generate complete macOS applications from various scripts, such as shells or Python scripts, this means that the threshold for creating an application is not high.
It is reported, MacUpdate respect for the incident has apologized to the user, and how to delete the malware provides instructions.
- Delete any copies of the above titles [Firefox, Onyx, Deeper] you might have installed.
- Download and install fresh copies of the titles.
- In Finder, open a window for your home directory (Cmd-Shift-H).
- If the Library folder is not displayed, hold down the Option/Alt key, click on the “Go” menu, and select “Library (Cmd-Shift-L)”.
- Scroll down to find the “mdworker” folder (~/Library/mdworker/).
- Delete the entire folder.
- Scroll down to find the “LaunchAgents” folder (~/Library/LaunchAgents/).
- From that folder, delete “MacOS.plist” and “MacOSupdate.plist” (~/Library/LaunchAgents/MacOS.plist and ~/Library/LaunchAgents/MacOSupdate.plist).
- Empty the Trash.
- Restart your system.
The person in charge of MacUpdate advises users to check that they are legal before downloading software, and do not completely believe in the stars or reviews on third-party websites or the Mac App Store as these may be counterfeit.
Source: IBTimes
