MacOS-based computers have long been used by scammers for hidden cryptocurrency mining. For five years,
OSAMiner managed to evade detection, cybersecurity experts at SentinelOne said.
Malicious software appeared on the network no later than 2015. It was distributed through pirated games and other programs, including League of Legends and Microsoft Office for Mac.
OSAMiner primarily targets China and the Asia-Pacific region, according to researchers.
The specialists faced serious problems in obtaining the complete code of the malicious program; according to their statement, the final run only script was loaded already in a compiled form. This code is not human readable, which makes it difficult to analyze its safety
"However, with the help of a little-known applescript-disassembler project and a decompiler tool we developed here at SentinelLabs, we have been able to reverse these samples and can now reveal for the first time their internal logic along with further IoCs used in the campaign".
