The Mac Malware of 2019
Contents
|Malwarebytes||Airo AV|
All samples covered in this post are available in our malware collection. \
…just make sure not to infect yourself!
A printable (PDF) version of this report can be downloaded here:
Goodbye, 2019! and hello 2020 …a new decade! 🥳
For the fourth year in a row, I’ve decided to put together a blog post that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2019 - in one place …yes, with samples of each malware for download!
However at the end of this blog, I’ve included a brief section dedicated to these other threats, that includes links to detailed write-ups.
For each malicious specimen covered in this post, we’ll identify the malware’s:
Infection Vector
…how it was able …
All samples covered in this post are available in our malware collection. \
…just make sure not to infect yourself!
A printable (PDF) version of this report can be downloaded here:
Goodbye, 2019! and hello 2020 …a new decade! 🥳
For the fourth year in a row, I’ve decided to put together a blog post that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2019 - in one place …yes, with samples of each malware for download!
However at the end of this blog, I’ve included a brief section dedicated to these other threats, that includes links to detailed write-ups.
For each malicious specimen covered in this post, we’ll identify the malware’s:
Infection Vector
…how it was able …
IoC
185.49.69.210
193.37.212.176
23017a55b3d25a2597b7148214fd8fb2372591a5
3d0d7e5fb2ce288813306e4d4636395e047a3d28
46.226.108.171
55554944ee2cb96a1f5132ce8788c3fe0dfe7392
6588d262529dc372c400bef8478c2eec
6850189bbf5191a76761ab20f7c630ef
69.195.124.206
89.34.111.113
8D204E5B7AE08E80B728DE675AEB8CC735CCF6E7
a8096ddf8758a79fdf68753190c6216a
b639bca429778d24bda4f4a40c1bbc64de46fa79
http://46.226.108.171/com.apple.rig2.plist
http://46.226.108.171/com.proxy.initialize.plist
http://46.226.108.171/harmlesslittlecode.py
http://46.226.108.171:8000
http://koto-pool.work:3032
http://message-whatsapp.com
http://owpqkszz.info/link.php
http://people.ds.cam.ac.uk/nm603/awards/Adams_Prize
http://usb.mine.nu/
http://usb.mine.nu/a.plist
http://usb.mine.nu/c.sh
http://usb.mine.nu/p.php
http://zr.webhop.org
http://zr.webhop.org:1337
https://appstockfolio.com/panel/upload.php
https://baseballcharlemagnelegardeur.com/wp-content/languages/common.php
https://beastgoc.com/grepmonux.php
https://github.com/jmttrading/JMTTrader/releases
https://nzssdm.com/assets/mt.dat
https://towingoperations.com/chat/chat.php
https://unioncrypto.vip/
https://unioncrypto.vip/update
https://www.jmttrading.org/
https://www.tangowithcolette.com/pages/common.php
https://www.unioncrypto.vip/download/W6c2dq8By7luMhCmya2v97YeN
193.37.212.176
23017a55b3d25a2597b7148214fd8fb2372591a5
3d0d7e5fb2ce288813306e4d4636395e047a3d28
46.226.108.171
55554944ee2cb96a1f5132ce8788c3fe0dfe7392
6588d262529dc372c400bef8478c2eec
6850189bbf5191a76761ab20f7c630ef
69.195.124.206
89.34.111.113
8D204E5B7AE08E80B728DE675AEB8CC735CCF6E7
a8096ddf8758a79fdf68753190c6216a
b639bca429778d24bda4f4a40c1bbc64de46fa79
http://46.226.108.171/com.apple.rig2.plist
http://46.226.108.171/com.proxy.initialize.plist
http://46.226.108.171/harmlesslittlecode.py
http://46.226.108.171:8000
http://koto-pool.work:3032
http://message-whatsapp.com
http://owpqkszz.info/link.php
http://people.ds.cam.ac.uk/nm603/awards/Adams_Prize
http://usb.mine.nu/
http://usb.mine.nu/a.plist
http://usb.mine.nu/c.sh
http://usb.mine.nu/p.php
http://zr.webhop.org
http://zr.webhop.org:1337
https://appstockfolio.com/panel/upload.php
https://baseballcharlemagnelegardeur.com/wp-content/languages/common.php
https://beastgoc.com/grepmonux.php
https://github.com/jmttrading/JMTTrader/releases
https://nzssdm.com/assets/mt.dat
https://towingoperations.com/chat/chat.php
https://unioncrypto.vip/
https://unioncrypto.vip/update
https://www.jmttrading.org/
https://www.tangowithcolette.com/pages/common.php
https://www.unioncrypto.vip/download/W6c2dq8By7luMhCmya2v97YeN