LamePyre backdoors MacOS

There's a new malware threat in the MacOS ecosystem called OSX.LamePyre.  If you haven't heard of it yet, it belongs on your radar.

At the moment, industry experts agree that it's more of a crude work in progress.  Unfortunately, the danger of crude works in progress is that the hackers continue to develop them, making them a threat that gets worse over time.

In this case, LamePyre is limited to maintaining a backdoor into the infected system and taking screenshots at periodic intervals and sends them back to the hacker controlling the malware.

Disguised as the Discord messaging app

The only instance of LamePyre found in the wild so far is one that's disguised as the Discord messaging app, which is widely used by gamers.  Unfortunately, this poisoned version of Discord doesn't actually function.  It's simply a shell that contains an Automator script and displays the generic Automator icon in the menu bar when it's running.

When a user downloads the poisoned version of Discord, the Automator script decodes the malware payload, which is written in Python. Then, the malware begins taking screenshots at predefined intervals and sending them back to the hacker's command and control server.

There are two risks then:  First, the hacker who controls the script will see pretty much everything you're working on.  Second, since it opens a channel between the infected machine and the c2 server, it allows the hacker to inject additional malware onto the system, at will.  Not good.

Our perspective

If you or anyone in your employ uses the Discord messaging app, this is an emerging threat to watch.  Fortunately, it's easily removed and dealt with (for now), but that could easily change as whoever created the app can easily build it out more completely and make it a significantly worse threat.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, law firms, and construction companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business

Used with permission from Article Aggregator