02-21-2021, 07:55 PM
I’m having deja vu :hamsterdance:
MacResource
›
My Category
›
Tips and Deals
Nearly 30,000 Macs reportedly infected with mysterious malware
Nearly 30,000 Macs reportedly infected with mysterious malware
|
Nearly 30,000 Macs reportedly infected with mysterious malware
|
02-21-2021, 07:56 PM
More... https://www.macrumors.com/2021/02/20/m1-...w-malware/
- Look for a process that appears to be PlistBuddy executing in conjunction with a command line containing the following: LaunchAgents and RunAtLoad and true. This analytic helps us find multiple macOS malware families establishing LaunchAgent persistence. - Look for a process that appears to be sqlite3 executing in conjunction with a command line that contains: LSQuarantine. This analytic helps us find multiple macOS malware families manipulating or searching metadata for downloaded files. - Look for a process that appears to be curl executing in conjunction with a command line that contains: s3.amazonaws.com. This analytic helps us find multiple macOS malware families using S3 buckets for distribution. 
02-22-2021, 02:36 AM
C(-)ris wrote: Amen... Wish I could explain this to the new boss!
02-23-2021, 04:13 AM
Paul F. wrote: Amen... Wish I could explain this to the new boss! I am fortunate to work under people who think rationally and understand valid concerns and risk mitigation techniques. I cannot even fathom giving anyone admin rights in an environment with vast amounts of PII, especially PII of a minor.
02-23-2021, 04:29 AM
Ammo wrote: Malwarebytes will find and I think they quarantine it. They were instrumental in identifying it. Not a lot of info from them on the subject, but this thread seems to indicate that they've got a handle on it. https://forums.malwarebytes.com/topic/27...nt-1440442 |
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 1 Guest(s)