New MAC Malware Detected – OSX/CrescentCore

Mac Malware
Mac Malware

MAC OSX/CrescentCore programmed to Escape Antivirus

The MAC Antivirus providing company Intego published the report and discloses that the MAC Malware known as OSX/CrescentCore that available through search in Google and other channels.

According to Intego’s Chief Security Analyst, Joshua Long, a renowned security researcher and writer said, OSX/CrescentCore is delivered as a Trojan horse application on a .dmg disk image, spreading through fake Adobe Flash Player installer.

OSX/CrescentCore first check right configuration

If the victim is click on the .dmg disk image and opens the fake flash player app, the malware behavior checks, if the system is running under Virtual Machine then it will simply out of the program and not to be executed.

OSX/CrescentCore is powerful Malware and hard to detect by antivirus.

“As a general rule, nobody should be installing Flash Player in 2019 — not even the real, legitimate one,” researchers said in the post. “Nearly all sites have stopped relying on Flash, as Adobe is discontinuing it, the company plans to no longer release security updates for Flash after 2020.”

We have seen many vulnerabilities and malicious activities in Adobe flash. But now, in the collaboration with several technology partners – including Apple, Facebook, Google, Microsoft and Mozilla – Adobe is planning to end-of-life Flash.

Specifically, Adobe will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content to these new open formats.

“The second variant of this malware is currently under analysis,” the post said. “Depending on the variant, the trojan installer may install rogue software known as “Advanced Mac Cleaner” (OSX/AMC) or install a malicious Safari browser extension.”

Who created OSX/CrescentCore?

Security research identifies the company itself as Lights.


OSX/CrescentCore Lights Research

“The malware is signed using multiple Apple Developer IDs registered to someone named Sanela Lovic; known identifiers so far include 5UA7HW48Y7 and D4AYX8GHJS.

OSX/CrescentCore Adobe Flash Research

The users are aware of Google search results, which is redirecting multiple sites.

I found in 2015 that Google Fake Adword website is promoting in Google search result.

Read here- How Hackers are Using Google AdWords Service to Hack AdWords Users

How to Protect?

  • Do not install MAC software through unknown sources.
  • Always install Adobe Flash through its website.
  • Keep update your MAC OS regularly.
For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Subscribe to HackersOnlineClub via Email

Enter your Email address to receive notifications of Latest Posts by Email | Join over Million Followers

Leave a Reply
Related Posts