216.73.216.170

macOS.OSAMiner

The MITRE Corporation · Published 04/10/2022 08:35 · Modified 27/03/2026 01:03 Family

Essential information

Confidence
100/100
Is family
Yes
Published
04/10/2022 08:35
Modified
27/03/2026 01:03
Revoked
No
Author / Source
The MITRE Corporation
Related entities
12 attack patterns (mitre)

Description

[macOS.OSAMiner](https://attack.mitre.org/software/S1048) is a Monero mining trojan that was first observed in 2018; security researchers assessed [macOS.OSAMiner](https://attack.mitre.org/software/S1048) may have been circulating since at least 2015. [macOS.OSAMiner](https://attack.mitre.org/software/S1048) is known for embedding one run-only AppleScript into another, which helped the malware evade full analysis for five years due to a lack of Apple event (AEVT) analysis tools.(Citation: SentinelLabs reversing run-only applescripts 2021)(Citation: VMRay OSAMiner dynamic analysis 2021)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references