OSAMiner Malware Description
The OSAMiner Malware is a cryptocurrency-mining Trojan that targets macOS systems. Its campaign uses pirated software as a favored infection vector, and users can increase their safety by avoiding torrents and illegal software websites. Traditional security solutions should remove the OSAMiner Malware, which users should do as quickly as possible to prevent potential hardware damage or performance issues.
A Trojan Russian Nesting Doll Inside an Apple
Mining cryptocurrency is a business for crooks as well as legitimate investors. The OSAMiner Malware's legacy, only recently excavated due to its extensive obfuscation, tells just how far back that motive goes for Black Hat software. This threat hijacks macOS devices, uses a highly-effective way of hiding itself, and turns infected systems into miners for the attacker's wallet.
Malware researchers estimate that the OSAMiner Malware's campaign goes back to 2015. Its infection vectors are well-understood and include cracked games and pirated software downloads, such as Microsoft's Office or the League of Legends. Its primary feature is generating cryptocurrency by harnessing the device's CPU or graphics card power, which can induce instability, performance problems and even overheat and burn out the hardware.
However, much of this has gone unnoticed by the Western cyber-security industry until more recently. While one explanation for this avoidance is the Trojan's geographical preferences (see next section), a more compelling one is the OSAMiner Malware's structural stealth advantage. It uses a nesting-doll structure that handles installation through a series of downloadable, run-only AppleScript components. This method adds a potent layer of obfuscation specific to macOS environments and keeps the Trojan's code from being recognizable to many threat-detecting metrics.
The World's Responsibility to Stop Illicit Money-Miners
The OSAMiner Malware has no specific limits on which macOS devices it could take over for generating money, and the structure of these crimes encourages taking easy-opportunity targets wherever they're available. Still, malware experts connect most flags of the OSAMiner Malware infections to Pacific-Asia nations and, particularly, China. The OSAMiner Malware versions outside of macOS devices, such as in Windows or Android, are not a verifiable phenomenon, despite the capacity for cryptocurrency-mining in other operating systems.
The OSAMiner Malware's campaign places an overwhelming emphasis on two security issues. One that users downloading illicit content put their systems at risk from various threats, many of which can inflict long-term damage. Secondly, the OSAMiner Malware also shows the extent of exploitation possible with run-only AppleScripts, which can download corrupted files and perform numerous other operations without triggering normally-effective security alarms.
Users with up-to-date security solutions have the best chances of detecting Trojan installers, bundles and similar threats. Removing the OSAMiner Malware from infected systems should use dedicated security software as appropriate, after which users should double-check for any remaining processes or services related to the mining feature.
A Trojan can hide for years at a time if that's what its operational goals include. The OSAMiner Malware is a forceful note of the sometimes-threatening power of AppleScripts, but it's unhappily not likely of being the last time this feature turns sour.