How to remove "Your computer is low on memory" malware on Mac

Thursday 16 September 2021, 10:33PM

By David Blaine


Low on memory Mac popup
Low on memory Mac popup Credit: David Blaine

Your computer is low on memory is a really quaint and complex sample of malware which reaches its goals otherwise triggers a self-destruct mechanism and renders the compromised computer unusable. This infection is, obviously, cybercriminals’ response to the state-of-the-art security and analysis tools that, to their credit, are getting continuously better at detecting and eradicating malicious code. The virus in question, however, dodges the prevalent sophisticated protection routines by leveraging smart and never-seen-before countermeasures.

This digital threat relies mainly on phishing techniques to infiltrate a Mac. Potential victims receive an email that looks like it was sent by a trusted company such as Microsoft. The message contains an attachment camouflaged as a PDF file or ZIP archive, and the information provided lures the user into clicking and opening the object. At that point, if the trick ends up being a success, the contamination takes place.

While operating on the machine, Your computer is low on memory does a fantastic job evading the regular sandboxing features built into AV software. Its creators are apparently well aware of the way security tools work in this context, so it halts its execution for a certain amount of time and commences running only after the standard sandboxing procedure has been completed. Another peculiar feature of this pest is about its code, which is deliberately inflated with a bit amount of junk data making the analysis lengthy and complicated.

Once Your computer is low on memory makes sure it’s undetected, it determines what web browsers are used on the infected computer. It then interferes with the respective API functions, thus obtaining access to the textual data that the victim types when surfing the web. Obviously, it’s not only online search history that the hackers are after. It’s usernames and passwords for the most part. The spyware harvests this personally identifiable data and exfiltrates it over to a remote server. Unlike most of the known identity theft application samples, this one isn’t selective about what sites to monitor on Mac, so it logs and processes all plain text information regardless of whether or not it was typed on ecommerce or banking pages.

In the event Your computer is low on memory spots some signs of detection activity, it tries to erase the Master Boot Record of the hard drive. Doing so makes the machine inoperable and forces the user to reinstall the operating system. If the spyware lacks authorization to overwrite the MBR, it encrypts the files stored inside the home folder. Effectively, the security industry is now facing a new nontrivial challenge due to the evasion and destruction features hard coded into this virus. The use of reliable, up-to-date antimalware is what experts recommend to prevent the infection and collateral damage. Practicing caution on the Internet, especially with emails, is another prerequisite of security.
