Hidden cryptocurrency miner that operated on macOS for more than five years uncovered.

macOS-based computers have long been used by criminals for covert cryptocurrency mining. For five years the OSAMiner program managed to evade detection, according to cybersecurity specialists at SentinelOne.

#DarkReading: «Ordinary AppleScript is increasingly used by malware targeting the #macOS, and run-only compiled #AppleScript is becoming more popular» SentinelOne’s @philofishal stated in its analysis, published today.» To read more:https://t.co/AluAz6dAnP#infosec

— SentinelOne (@SentinelOne) January 12, 2021

The malware appeared in circulation no later than 2015. It spread via pirated games and other software, including League of Legends and Microsoft Office for Mac.

According to the researchers, OSAMiner is primarily aimed at China and the Asia-Pacific region.

In August and September 2018, two Chinese firms discovered and analysed older versions of OSAMiner. But their reports did not provide a complete picture of OSAMiner’s capabilities,” SentinelOne’s Phil Stokes said.

“The final run-only script was loaded in compiled form. This code is unreadable to humans, making its security analysis difficult”, added SentinelOne.

Researchers believe that their publication of the full attack chain, as well as indicators of compromise for old and new versions of OSAMiner, will help protect macOS users from hackers.

In October 2020, a hidden Monero miner was found that could steal passwords and halt execution of competing malware.

Follow ForkLog news on Twitter.