- Mac OS X
- Last updated:
- 07/01/19 7:45 pm
- Threat Level:
CrescentCore is a trojan horse disguised as an Adobe Flash Player installer. The installer comes on a .dmg file: the same kind of disk image file that can be used to install a legitimate application. The malicious file is served to unsuspecting users as a download on infected websites. First discovered in June 2019, researchers have found CrescentCore on illegal filesharing sites as well as on websites appearing in high-ranking Google search results.
CrescentCore is notable for its sophisticated anti-detection features. Once downloaded, the malware performs a scan to determine if it running inside of a virtual machine (VM), a virtualized operating system used by security researchers to study malware safely. CrescentCore also checks to see if there are any third-party anti-malware tools present on the system. If CrescentCore sees that it is in a VM or discovers an anti-malware program, it will shut down in order to avoid detection. But if it finds itself on an unprotected computer, the malware will install a LaunchAgent file, which will allow it to control system processes in the background and create an infection that will persist even after the machine is rebooted.
CrescentCore Threat Removal
MacScan can detect and remove CrescentCore Malware from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat.