![]() ![]() ![]() It supports backing up your data to a local disk, Acronis’ own cloud-based service, or a network-attached storage device. Our reviews of tools here that create bootable clones should be read in that context.Īcronis is a name well known in the Windows world, but less so to Mac users.Ĭyber Protect Home Office is the new name for Acronis True Image and is its personal backup solution. There is no single solution to the problem, currently. As one developer told us, “it’s a bit hit and miss”. The net result is that, depending on which version of macOS you’re running and whether you have an Intel or Apple silicon Mac, bootable clones don’t always work. That means that the old way of creating bootable clones no longer works and developers have had to find ways to work with and around Apple’s new way of doing things. Copies of the Signed System Volume are not bootable without a cryptographic seal applied by Apple. One example of this is the introduction of the Signed System Volume in Big Sur. One of the consequences of those changes is that is harder for third-party applications that need deep access to the system to work. However, over the last few versions of macOS Apple has been making changes to make it more secure. Some apps are focused on creating clones of your hard drive and offer incremental backup as an extra feature. ![]() Apple’s own Time Machine, which is included with macOS, is an example of this kind of solution. In July 2020, the security firm ESET reported a group of spoofed cryptocurrency trading apps was targeting devices running macOS to install malware called Gmera (see: Malicious Cryptocurrency Trading Apps Target MacOS Users).Many options are focused solely on making backing up your Mac regularly as easy as as possible. The malware used an updated backdoor and multistage payloads as well as anti-detection techniques to help bypass security tools (see: Fresh MacOS Backdoor Variant Linked to Vietnamese Hackers). In December, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. Other security researchers have reported attacks targeting macOS devices to plant cryptominers or other types of malware.Įarlier this month, researchers at Intezer Labs uncovered a campaign using a remote access Trojan dubbed ElectroRAT that had been stealing cryptocurrency from digital wallets on Windows, Linux and macOS platforms (see: ElectroRAT Malware Targets Cryptocurrency Wallets). The researchers say that once the malware has compromised a macOS device, it will seek to kill several processes, including Activity Monitor, which prevents the user from inspecting resource usage. A script that downloads and sets up XMR-STAK-RX, a free, open-source monero RandomX miner software package.An anti-analysis AppleScript to perform evasion tasks from certain consumer-level monitoring and cleanup tools.A parent script for gathering the device serial number and for killing all the running processes in the device.A script to ensure persistence for the parent script.Once those embedded scripts were decompiled, the researchers determined the malware uses four methods to execute the run-only AppleScript: The Sentinel Labs team found the malware authors had embedded additional characters to obfuscate its processes. To decompile the malicious malware scripts, Sentinel Labs researchers had to use a relatively lesser-known AppleScript-disassembler project and another custom tool developed by the security firm. OSAMiner uses run-only AppleScripts to make reverse-engineering of its code difficult, the researchers say. ![]() "Recent versions of macOS.OSAMiner add greater complexity by embedding one run-only AppleScript inside another, further complicating the already difficult process of analysis." Security Evasion "In late 2020, we discovered that the malware authors, presumably building on their earlier success in evading full analysis, had continued to develop and evolve their techniques," says Phil Stokes, a threat researcher at Sentinel Labs. OSAMiner's operators released the latest version of the cryptominer in 2020, but researchers only recently discovered the enhancements, according to the researchers' report. The malware now uses multiple versions of AppleScript - a scripting language used in macOS devices - to support obfuscation. OSAMiner, which has been active since 2015, has been distributed through hacked video games, such as League of Legends, as well as compromised versions of software packages, including Microsoft Office for macOS, Sentinel Labs says. The latest iteration uses new techniques to help prevent detection by security tools, the researchers report. See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |