Have you ever downloaded an app thinking it was legitimate, only to discover later that it hid malicious intentions? A new malware, disguised as an artificial intelligence application, is now endangering the security of Mac users. Beware, as this malware does not just remain inactive. It can mine cryptocurrencies without your knowledge!
The 3 must-know facts
- A malware called SimpleStealth specifically targets Mac users by posing as the Grok application.
- The malware’s code is generated by artificial intelligence, making its development quick and accessible to cybercriminals.
- SimpleStealth hides among system processes, making it difficult to detect by traditional antivirus software.
How SimpleStealth infiltrates Macs
SimpleStealth enters systems by posing as the Grok application, an artificial intelligence associated with Elon Musk. Users are directed to a fraudulent website, xaillc[.]com, which perfectly mimics the Grok interface. On this site, a file named Grok.dmg is offered for download, presenting itself as a legitimate application.
During installation, the program requests the administrator password, a ploy that allows the malware to bypass macOS quarantine protection and install its files discreetly. This installation process deceives many users, making them believe they are performing a normal installation.
Characteristics of AI-generated code
According to researchers at Mosyle, a company specializing in Apple device management, SimpleStealth’s code bears the marks of artificial intelligence generation. It exhibits unusual characteristics, such as excessive comments and redundant logic, as well as a linguistic mix of English and Brazilian Portuguese. This AI-generated code facilitates the work of cybercriminals, allowing them to create malware without possessing advanced technical skills.
The stealthy operation of the malware
SimpleStealth acts as a cryptocurrency miner, but in a particularly stealthy manner. It only starts mining when the user has been absent for at least a minute and stops as soon as the user returns. This behavior allows it to go unnoticed, especially since it hides under common system process names such as kernel_task or launchhd. This technique makes it difficult to detect in macOS’s Activity Monitor.
Recommendations for protection
Despite the built-in protections in macOS, users must remain vigilant. Apple recommends downloading apps only from the App Store, but this approach may seem limiting for those who wish to avoid paying commissions to the company. Fortunately, there are security solutions for Mac that regularly update their virus database, providing additional protection against new threats.
History of malware evolution on macOS
Historically, Mac users have been less targeted by malware than those on Windows systems. However, in recent years, the growing popularity of Apple devices has attracted the attention of cybercriminals. The discovery of SimpleStealth is part of a trend where malware targeting macOS is becoming increasingly sophisticated. Campaigns like ClickFix, encouraging users to execute malicious commands in the terminal, illustrate this evolution. Mac users must now adopt more rigorous security practices to effectively protect themselves against these threats.