YEARS USED RUNONLY TO AVOID DETECTION CODE
Run-only AppleScript … makes decompiling them into source code a tall order.
Yet analyzing it is difficult because … it embeds a run-only AppleScript into another script and uses URLs in public web pages to download the actual … payloads. has been in the wild since at least 2015. What’s the craic? Ionut Ilascu reports- Mac malware uses ‘run-only’ AppleScripts to evade analysis:Ī cryptocurrency mining campaign … is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. Not to mention: What everyone really wants. Your humble blogwatcher curated these bloggy bits for your entertainment. What can DevOps learn from this? In this week’s Security Blogwatch, we learn lessons (not “learnings”).
So it’s hard to extract indicators of compromise out of malware obfuscated by them. So-called run-only scripts-what we might today call “bytecode”-are poorly documented and difficult to analyze. This cryptominer Trojan spread unchecked for some five years. An AppleScript feature designed to compress scripts into pre-compiled form has allowed bad actors to evade security researchers for years.
0 kommentar(er)
