OSX.Dummy

Short bio

OSX.Dummy is Malwarebytes’ detection name is a rudimentary backdoor aimed at macOS systems.

Symptoms

Users of affected systems may notice a continuously running shell script and outbound connections to the IP address 185.243.115.230.

Type and source of the infection

OSX.Dummy is a shell script that is kept running by a launch daemon. The shell script itself uses Python to open a reverse shell to port 1337 on a malicious server, giving the hacker behind the malware continued access to the computer.
OSX.Dummy was spread on cryptomining chat groups by chat users posing as admins, who posted a shell script for users to run that downloaded the installer for OSX.Dummy.

OSX.Dummy install script

Protection

Malwarebytes for Mac detects and removes OSX.Dummy.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Select your language