Honkbox malware is distributed via Trojanized, pirated software. What does Honkbox do to an infected computer? Stokes did his own deep dive into the Honkbox malware, published on March 1.
LOGIC PRO X FOR MAC OS X FREE DOWNLOAD SOFTWARE
(This, by the way, is just one reason why it’s so important to use Mac antivirus software Apple’s built-in protection is minimal, incomplete, and rarely updated.) While Trend Micro and Jamf hadn’t given the malware a unique name of its own, Apple first called it “ HONKBOX” in its signatures, with three sub-variants: A, B, and C. And, just in case the user were to use a third-party process monitor, the malware also disguised its processes in plain sight by naming them after legitimate Spotlight system processes, mdworker_local, mdworker_shared, and mdworker_watchd.įollowing Jamf’s report, Apple added signatures for this malware to XProtect, a bare-bones “anti-malware” feature built into macOS Stokes noted that this was the first time in months (three months and twelve days, to be exact, between November 10 and February 22) since the last time Apple had updated its signatures. Then, if the malware detected that Activity Monitor was open, it would instantly terminate the mining processes to prevent the user from figuring out what was causing the system slowdown. Because crypto-mining takes a lot of processing power and can cause a computer to slow down significantly, the malware developer added a function to watch for the user to open Activity Monitor. Over time, the malware maker had found new ways of disguising its malicious behavior to better avoid detection by common antivirus software, such as the following example. SentinelOne’s Phil Stokes points to a NovemReddit post as the first known public request for help from a Honkbox-infected user. Some of these Trojan horses have included Apple’s Logic Pro X, Adobe Photoshop, Adobe Illustrator, Adobe Zii (a product activator), Ableton Live, as well as CleanMyMac X. The same user who had shared the pirated and Trojanized copy of Final Cut Pro had also been offering a number of other apps illegitimately since August 2019. Jamf’s research team was able to locate the malware sample in the wild via a mirror of The Pirate Bay, a BitTorrent file distribution site. Both I2PD and XMRig are open-source utilities. Notably, this is-to our recollection, and that of other researchers-likely the first Mac malware that has leveraged I2P. The malware also employed Invisible Internet Project (I2P, or I2PD) technology (similar to Tor) to mask its bad network behavior, which included downloading payloads and sending any mined cryptocurrency to the malware maker.
(As an aside, Intego has previously written about a PUA in the Mac App Store that utilized similar mining software, XMR-Stak, in violation of Apple’s policies.) New variants of this malware initially came on Jamf’s radar during routine threat hunting, when they noticed that a Trojanized version of Apple’s Final Cut Pro included XMRig, which is cross-platform cryptocurrency mining software. Intego had also internally analyzed many Honkbox-related coin-miner malware samples months prior to Jamf’s write-up. According to their report, Jamf had been tracking recent developments of the malware family for a few months prior to publishing their research. On February 23, 2023, Jamf researchers published their own research, calling it “evasive cryptojacking malware” found in pirated Mac apps. Magisa described the malware as the “latest Mac coinminer,” noting that it “utilizes open-source binaries and the I2P network” (more on that in a moment). What is Honkbox’s history, and how was it discovered?Įarly last year, on February 21, 2022, Trend Micro researcher Luis Magisa wrote what may have been the first public report about the malware that later became known as Honkbox. Honkbox indicators of compromise (IoCs).How can one remove or prevent Honkbox and other Mac malware?.What else is noteworthy about Honkbox malware?.What does Honkbox do to an infected computer?.What is Honkbox’s history, and how was it discovered?.
LOGIC PRO X FOR MAC OS X FREE DOWNLOAD HOW TO
Let’s examine what we know about this malware, and how to safely remove it from infected systems. Apple calls this Trojan horse malware “Honkbox.” Over the past couple weeks, multiple reports about cryptojacking and cryptocurrency-stealing Mac malware have surfaced. Malware Cryptojacking Mac malware “Honkbox” found in pirated apps
0 kommentar(er)
