Hunting for Honkbox - Multistage macOS Cryptominer May Still Be Hiding
Perhaps the most distinctive file characteristic of the newer Honkbox variants is the many 2044-byte that together constitute the encrypted blob the malware uses to write and execute a working copy of the legitimate software that the victim is lured into downloading. ... As the research by Jamf and previously by Trend Micro on one of the earlier variants described, com.apple.acc.network is in fact a masquerade for the I2P command line tool. Malware: XMRigMiner, XMRig, HONKBOX [View Article](https://www.sentinelone.com/blog/hunting-for-honkbox-multistage-macos-cryptominer-may-still-be-hiding/)