OSX.LamePyre

Short bio

OSX.LamePyre is Malwarebytes' detection name for a Trojan targeting MacOS systems.

Symptoms

OSX.LamePyre uses a generic Automator applet icon, and all that happens when running is that a gear icon appears in the menu bar (as is normal for any Automator script).

Type and source of infection

OSX.LamePyre is distributed as a malicious copy of Discord, an app for gamers to communicate with other gamers. OSX.LamePyre is an Automator script that decodes and executes a Python payload, then begins repeatedly taking screenshots and uploading them to a command-and-control (C&C) server.

Protection

Malwarebytes for Mac detects and removes OSX.LamePyre

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Related blog content

Flurry of new Mac malware drops in December

The state of Mac malware

Select your language

New Buy Online Partner Icon Warning Icon Edge icon