Pwnet

This is a malware hidden in a hacked version of the game “Counter Strike: GO”. An infection occurs when a user will download a hack for the game. When executed, the malware will ask the user to run it as root:

Source: CheckPoint

When it achieves root permissions, it will download additional files, one of which is a variant of OSX/Pwnet. Its main payload is using computer resources to mind crypto-currencies. The malware also creates a LaunchDaemon “/Library/LaunchDaemons/com.dynamsoft.WebTwainService.plist” in order to persist on the system.

Links:

CS: GO HACKS FOR MAC – OSX.PWNET.A

Samples:
86216a50a60c08cf1f455ff1a27aaeb62b618bc3

Share this: