The attack is so dumb, that its success questions whether many Mac users have the right to be in the gene pool at all. The social engineering campaign consists of posting a script in discussions and encouraging people to copy and paste that script into a Terminal window on their Macs. The command downloads a huge (34 megabyte) file and executes it, establishing a remote connection that acts as a backdoor for the attacker.
That is right, the attack calls for the user to consciously install the malware themselves.
Patrick Wardle, a Mac malware expert [I thought Macs didn't have malware. ed] , also examined the malware and dubbed it "OSX.Dummy" because:
- the infection method is dumb
- the massive size of the binary is dumb
- the persistence mechanism is lame (and thus also dumb)
- the capabilities are rather limited (and thus rather dumb)
- it's trivial to detect at every step (that dumb)
- the malware saves the user's password to dumpdummy
Because all of this executes through a Terminal window, it bypasses MacOS's GateKeeper malware protection, despite being unsigned code. And it gives the attacker the ability to execute command-line code as the root user on infected Macs. Of course, the code has to overcome the common sense of the victim as well.
In this case it is not Apple that is the direct problem – other than the fact that it targets people who have no clue about technology and believe the company's PR that what ever they do on their Mac will be safe.
