⭐ Merited by taufik123 (1)
-snip-
Saya pun menggunakan Parallels Desktop untuk menjalankan Windows 7 dan mengaktifkan fitur Share Mac Clipboard untuk memudahkan copy-paste antar OS.
Dari pernyataan kondisi user tersebut:
I am running a Windows 10 VM in Parallels. This shares its clipboard with MacOS. Presumably it could push those values, but I've found no infection using several AV tools.
Saya tidak tahu persis apakah Clipboard Hijacked tersebut terjadi ketika copy dari OS Windows kemudian paste MacOS atau terjadi ketika proses copy dan paste keduanya di MacOS, karena saya tidak melihat jawaban berikutnya dari user tersebut pada pertanyaan dibawahnyaCan you turn the VM off and check?
How the infection loads
This infection was spotted as part of the All-Radio 4.27 Portable malware package that was distributed this week. When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called "DirectX 11" will be created to run the DLL when a user logs into the computer.
This DLL will be executed using rundll32.exe with the "rundll32 C:\Users\[user-name]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded" command.
This infection was spotted as part of the All-Radio 4.27 Portable malware package that was distributed this week. When installed, a DLL named d3dx11_31.dll will be downloaded to the Windows Temp folder and an autorun called "DirectX 11" will be created to run the DLL when a user logs into the computer.
This DLL will be executed using rundll32.exe with the "rundll32 C:\Users\[user-name]\AppData\Local\Temp\d3dx11_31.dll,includes_func_runnded" command.
Quote from: https://www.2-spyware.com/file-rundll32-exe.html
Rundll32.exe is a legitimate file which runs in the background of all Windows-based operating systems and is located in the \Windows\System32 folder.
Kalau melihat dari keumuman bentuk file dari Clipboard Malware ini seperti yang saya kutip diatas(dan jenis file tersebut setahu saya tidak dikenali/running di MacOS ataupun Linux),
besar kemungkinan yang terkena hijack adalah clipboard dari Windows OS nya, sehingga file/data yang hendak di copy sudah dirubah di clipboard-nya Windows OS. Dengan kata lain Mac OS hanya menerima data terakhir di clipboard yang sudah berubah di Windows OS tersebut.