DEFCON: Offensive Malware Analysis: Dissecting OSX FruitFly

Making a custom command and control (C&C) server for another person’s malware has a heap of advantages. If you can take over it a domain, you then may able to fully hijack other hackers’ infected hosts. A more common advantage is speeding up investigation. While programmers and governments might be more inspired by the previous, malware experts can profit by the later.

FruitFly, the main OS X/macOS malware of 2017, is a somewhat interesting example. Specifically focusing on biomedical research foundations, it is thought to have flown under the radar for a long time. In this discussion, we’ll concentrate on the ‘B’ variation of FruitFly that even now, is just recognized by a modest bunch of security items.

This DEFCON talk start by breaking down the malware’s dropper, obfuscated perl script. As this dialect is somewhat antiquated and remarkable in malware droppers, we’ll talk about some investigating methods and completely deconstruct the script.

While this dropper part additionally speaks with the C&C server and backings some essential orders, it drops a twofold payload keeping in mind the end goal to perform more perplexing activities. Be that as it may, rather than completely switching this bit of the malware, the discussion will concentrate on an underlying triage and show how this was adequate for the production of a custom C&C server. With such a server, we can without much of a stretch pressure the malware to uncover it’s full capacities. For instance, the malware summons a modest bunch of low-level mouse and illustrations APIs, going in an assortment of dynamic parameters. Rather than investing hours turning around and investigating this mind boggling code, through the C&C server, we can just send it different orders and watch the impacts.

Obviously this approach relies on the capacity to nearly watch the malware’s activities. In that capacity, Patrick will examine macOS-particular devices that can screen different occasions, and where essential detail the formation of custom ones (e.g. a ‘mouse sniffer’ that locally watches and unravels summons sent from the malware to the OS, keeping in mind the end goal to control the mouse).

While some of this discussion is FruitFly and additionally macOS particular, adroitly it ought to extensively apply to dissecting other malware, even on other operating frameworks.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...