Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » New Bird Miner Mac cryptominer leverages Ableton Live 10 cracked installer for propagation

New Bird Miner Mac cryptominer leverages Ableton Live 10 cracked installer for propagation

  • The Ableton Live 10 cracked installer can be downloaded from a pirate website called VST Crack.
  • Ableton Live is a high-end music production software and is used as an instrument for live performance by DJs.

A new Mac cryptocurrency miner detected as Bird Miner has been found leveraging craked installer for Ableton Live 10 software for propagation. Ableton Live is a high-end music production software and is used as an instrument for live performance by DJs. The software is also used for composing, recording, mixing and mastering music.

How does it propagate?

According to Malwarebytes, the Ableton Live 10 cracked installer can be downloaded from a pirate website called VST Crack. The software is more than 2.6 GB. Once installed, the software downloads Bird Miner’s post-install script among other things. The cracked installer also copies some installed files to new locations with random names.

The files that get dropped on the infected system with random names have a variety of functions. This includes launching three different shell scripts.

Malicious scripts

One of the scripts launched is called Crax and its installed in the /usr/local/bin/ directory. Crax ensures that the malware gains persistence on the victim’s system without being detected by security solutions.

“The first thing it does is check to see if Activity Monitor is running and, if it is, unload the other processes. If Activity Monitor isn’t running, the malware then goes through a series of CPU usage checks. If the results show that it’s pegging the CPU at more than 85 percent, it again unloads everything,” explained the researchers.

After Crax completes its check process, it loads two more processes named ‘com.Flagellariaceae.plist’ and ‘com.Dail.plist’. While the first one runs a script named Pecora, the second runs a script called Krugerite.

These two scripts once again check for Activity Monitor and later launches an executable named Nigel which is an old version of open-source software called Qemu. The Nigel enables attackers to execute the miner code by hiding it inside Qemu images.

Worth noting

Malwarebytes highlights that the malware was first spotted in a pirated Ableton Live 10 installer. Since then, it has been found to be distributed via other software through the same site. The site has been distributing the malware in one form or the other for at least four months.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket