Notably, this is-to our recollection, and that of other researchers-likely the first Mac malware that has leveraged I2P. The malware also employed Invisible Internet Project (I2P, or I2PD) technology (similar to Tor) to mask its bad network behavior, which included downloading payloads and sending any mined cryptocurrency to the malware maker. (As an aside, Intego has previously written about a PUA in the Mac App Store that utilized similar mining software, XMR-Stak, in violation of Apple’s policies.) New variants of this malware initially came on Jamf’s radar during routine threat hunting, when they noticed that a Trojanized version of Apple’s Final Cut Pro included XMRig, which is cross-platform cryptocurrency mining software. Intego had also internally analyzed many Honkbox-related coin-miner malware samples months prior to Jamf’s write-up. According to their report, Jamf had been tracking recent developments of the malware family for a few months prior to publishing their research. On February 23, 2023, Jamf researchers published their own research, calling it “evasive cryptojacking malware” found in pirated Mac apps. Magisa described the malware as the “latest Mac coinminer,” noting that it “utilizes open-source binaries and the I2P network” (more on that in a moment). What is Honkbox’s history, and how was it discovered?Įarly last year, on February 21, 2022, Trend Micro researcher Luis Magisa wrote what may have been the first public report about the malware that later became known as Honkbox. Honkbox indicators of compromise (IoCs).How can one remove or prevent Honkbox and other Mac malware?.What else is noteworthy about Honkbox malware?.What does Honkbox do to an infected computer?.What is Honkbox’s history, and how was it discovered?.Let’s examine what we know about this malware, and how to safely remove it from infected systems. Apple calls this Trojan horse malware “Honkbox.” Over the past couple weeks, multiple reports about cryptojacking and cryptocurrency-stealing Mac malware have surfaced. So if you wished to share any file with someone, you would have dragged that file to the Bloodrop icon, then related that URL to your friend by pasting (Command-V) the clipboard in an email or in any document (Word, text edit).Malware Cryptojacking Mac malware “Honkbox” found in pirated apps You are then done and can use Bloodrop by dragging ANY file to the Bloodrop icon on the Dock, which will give you Growl message that the URL for this file has been copied to your clipboard. Left mouse click on dock icon and it will give you message to read click OK and it will open another box where you insert your Dropbox ID.ħ. See it bouncing in your dock and select “Options” and choose: keep in dock.Ħ. ![]() Double click on the Bloodrop.app-0.1.4-binary.zip which will unzip the file into your downloads folder.ĥ. The website address for the Download isģ. Download Bloodrop by clicking on the Downloads section next to Project Home. Copy that number so you can use it in step #6 below.ġ. It will be all numbers and usually about 7 digits. The number after is your Dropbox user ID. ![]() That will open a Copy Public Link box that shows the URL. Select any file in that public folder and right click it and choose “copy public link”. Find PUBLIC folder in your collection of Dropbox folders you already have. Here are clearly written steps for the highly useful Bloodrop application which works with the app Dropbox (DB).įirst, get your Dropbox ID by launching Dropbox website via right click on Dropbox menu icon. This app is for users of Dropbox and not to be confused with Drop Box which is not an app but which is on every Mac computer as a folder residing in the Public subfolder in the user’s home folder (house icon). ![]() Description and instructions could be a lot clearer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |