Uploadminer.sh contains routines capable of stealing saved information from Google Chrome browsers. The file uploadminer.sh will be saved to the system and executed. It will receive a command to download Bash scripts from hxxp://46226108171:4444/uploadminersh once the backdoor runs. If it’s not, the script will connect to hxxp://46226108171:4444/login/process.php, which hosts an encrypted Empyre backend capable of pushing arbitrary commands to an infected macOS system. We also found out that the malware connects to hxxps:///jj9a, which contains an encrypted Python script that checks if Little Snitch - a host-based application firewall for macOS - is running. This is the original Adobe Zii.app used to camouflage its malicious background activities. The contents are then extracted and executed in the system. While running a copy of Adobe Zii.app, we observed that it downloads sample.app from hxxp://46226108171:80/sample.zip and saves it to the user directory ~/. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.Īs a user-friendly and classic screen recording software, Adobe Captivate makes any people who has no programming knowledge or multimedia editing skills be able to quickly create Flash based interactive content (such as powerful and attractive simulation, software demonstration and training based on scenario), and doesn’t need the user to learn Flash technology at all.Figure 2. Otherwise, please bear all the consequences by yourself.
Otherwise, you may receive a variety of copyright complaints and have to deal with them by yourself.īefore using (especially downloading) any resources shared by AppNee, please first go to read our F.A.Q. page more or less. To repost or reproduce, you must add an explicit footnote along with the URL to this article!Īny manual or automated whole-website collecting/crawling behaviors are strictly prohibited.Īny resources shared on AppNee are limited to personal study and research only, any form of commercial behaviors are strictly prohibited. This article along with all titles and tags are the original content of AppNee.
0 kommentar(er)
