And Delivers Screenshots To Cyber-Cons
seems to be never ending as it recently welcomed another one in, which goes by
the name of OSX.LamePyre and delivers screenshots to the cyber-con behind it.
the newly discovered malware is restricted to taking screenshots and running
Friday, the malware was revealed to be prevailing in the camouflage of a copy
of Discord, a proprietary freeware used by video-gaming communities.
the citing of malware researchers, the disguise was not meant to go further
than the initial stage of obscurity and hence was quite plainly perceptible.
Discord, the malware was found in wasn’t performing its functions at all and
hence raised doubts. The reason was believed to be the fact that it was merely
an Automator script.
runs in a typical way which is the same for every script of this kind. It works
on the system in a way that users seem to perceive the generic Automator icon
on the menu bar.
written in the ‘Python’ language is then decoded by the script and is run on
the victim’s device.
function of the malware starts, that is, taking pictures, rather screenshots
and uploading them on the cyber-con attacker’s “Command and Control” server.
aforementioned malware researcher had also come across the point that a part of
the Python-written code was fabricated to organize the open source EmPyre backdoor
onto the system.
backdoor has been found with other malware as well, DarthMiner (macOS) to name
one, with cryptocurrency mining abilities.
ability of LamePyre to disguise itself and function as the actual Discord application
makes it, like its name, reasonably “lame” as a malware or it could be
considered as a soon-to-emerge risk.
the researcher cited, the Discord app’s copy wasn’t even modified
appropriately. It didn’t comprise of as much as the launch copy of the Discord
chat app and therefore failed miserably at seeming legitimate.
set-up a launch agent in the code and keep the malicious code working, the
author had inserted a special code of the name, “com.apple.systemkeeper.plist”.
all that’s wrong with the malware, there is a huge probability that before the
users get aware of the abnormal behavior of their Discord application, the
malware would have done enough damage and would have sent the screenshots.
There have been quite a fair number of
macOS malware attacks this month along with the discovery of a couple of other
the Adobe Zii piracy software, also made it to the list. The Author here had
forgotten or rather committed a huge mistake of using the wrong icon which
attracted a lot of glances.
is another macOS malware threat which was delivered through a malicious macro
in a Microsoft Word document. The sandbox escape vulnerability was exploited by
it and a launch agent was hence fabricated to set-up a “Meterpreter backdoor”.
duplicate creation, OSX.BadWord differs from the original only by the backdoor
it employs. The con of a maker, did neither want recognition nor a proper malware.