Well, cyber friends! You won’t believe what we just uncovered on our daily hunt for all things security-related here at the Bay Area cyberhawks HQ. Just another day in the life of us cyberfolk, protecting your precious data from the bad guys!
Okay, so here’s the buzz: There’s a new malware for macOS, disguised as an app used to extract files, called “Unarchiver.” How cheeky is that? It makes me wanna highlight once again – always double-check before installing anything from the internet!
Let me take you on a little journey. We chanced upon a shady-looking website that was trying to pass itself off as theunarchiver[.]com. This entity was trying to serve up a suspicious disc image called TheUnarchiver.dmg… Talk about a wolf in sheep’s clothing!
So what tipped us off? Well, there were a few things that were not quite right. The download button was different, the domain name had been tweaked (to tneunarchiver[.]com)— subtle changes, but enough to make us cyber hawks spread our wings and dig deeper.
Now, this spotting got a low-risk score from some cybersecurity tools and wasn’t even flagged on VirusTotal. But let’s be clear, folks! This doesn’t mean that it’s harmless—it’s like a little devil that’s gotten really good at hiding. Our team had to do some high-grade sleuthing to reveal the actual threat underneath.
We found inside this nifty bit of coding machine language for both ARM and Intel architectures. Even more suspicious was a dodgy file tagged as “CryptoTrade,” showing all indications of being malicious. Our further delving revealed hidden codes designed to nab your passwords!
Wait for it—another twist! A URL inside the codes hinted that there could be more such malware lurking around. Now, don’t ask me why VirusTotal suppliers failed to mark this mischief-making file as malicious; it’s beyond my Bay Area tech-savvy jurisdiction.
This wily piece of malware housed a series of scripts all concentrated on one task: pocketing as much of your valuable data as possible. Every piece of data it grabs is drawn together, compressed, and shipped off to a remote server somewhere. Here’s a clue—there were Russian comments in one script… A trace of who’s behind this, perhaps?
In essence, the malware made to look like an innocent Unarchiver app is not as harmless as one would hope. Despite its sneakiness, it has quite a few tricks up its sleeve, making it a well-concealed threat that’s surprisingly adept at getting past security checks.
In conclusion, friends, while we love our tech here in the Bay Area, bear in mind that not all technology loves us back. Let’s keep our guards up!
by Morgan Phisher | HEAL Security
