OSX.DarthMiner
The OSX.DarthMiner malware is a threat designed to Mac users specifically. According to researchers, the OSX.DarthMiner threat is being propagated with the help of bogus activators and cracked versions of widely used applications such as Adobe Illustrator, Adobe Photoshop, etc.
If the OSX.DarthMiner infiltrates your Mac, you may end up having two malware types planted on your system. It would appear that the OSX.DarthMiner is used for propagating a copy of the EmPyre threat alongside the notorious XMRig cryptocurrency miner. The EmPyre malware is an open-source project that can be utilized as a backdoor, which would allow its operators to introduce additional threats to the infected system. The XMRig miner would use the compromised host's computing power to mine for cryptocurrency, namely the Monero cryptocurrency. This is likely to cause the machine to overheat and thus reduce its lifespan and cause performance and stability issues. Having a cryptocurrency miner present on your computer may damage your hardware, as it will be used by the miner without any regard for its health. Needless to say, the victim does not get any of the mined cryptocurrency. All the cryptocurrency mined by the OSX.DarthMiner threat would be transferred to the wallets of the attackers.
At first glance, "DarthMiner" looks like the name of the newest Star Wars villain. OSX.DarthMiner is, in fact, the name of a recently discovered Mac malware. The malware stands out because it combines a backdoor virus with a cryptocurrency miner. Specifically, it combines the EmPyre backdoor virus with a Monero coin miner. It spreads through fake versions of the popular Adobe Zii app.
OSX.DarthMiner likely spreads through a fake version of Adobe Zii to appear legitimate and trick users. Another notable thing about this virus is that it checks to see if the targeted computer is running Little Snitch. This popular firewall program alerts users of any backdoor connections, such as the ones OSX.DarthMiner makes.
The malware abandons an attack if it detects Little Snitch on the computer. According to researchers, though, the initial check for Little Snitch is redundant. If the firewall program were on the computer, it would block the connection to download and run the script that checks for Little Snitch, so the point is moot.
What Does OSX.DarthMiner Do?
OSX.DarthMiner doesn’t appear too dangerous on the surface. If anything, it seems to be a relatively harmless cryptominer virus. These viruses slow computers down because cryptocurrency mining is such a resource-heavy process, but that’s about all they do.
Keep in mind that this is no ordinary cryptominer, though. The cryptominer is installed on systems through a backdoor established by the virus. That backdoor could also be used to download and install other programs or steal information to be sent to the original attacker.
Researchers say it’s impossible to tell for sure how much damage OSX.DarthMiner could do it to an infected system. Just because researchers have only seen mining behavior from the virus doesn’t mean it isn’t capable of doing other things. There’s the chance that the virus is already completing different tasks, and researchers simply haven’t noticed it.
Outside of cryptomining, researchers warn that the virus could be stealing files and passwords. One thing is for sure, though: that this virus even exists is proof that cybercriminals are developing more and more Mac malware. Mac users should always remember their computers aren’t magically secure. If you want to avoid any of the issues that the OSX.DarthMiner malware would cause, you should protect your Mac with a genuine anti-virus application. Update all your software regularly, including your anti-malware utility.
