LamePyre virus is a Mac trojan that disguises itself as Discord messaging app
LamePyre virus is a trojan horse that is initially disguised as Discord app
LamePyre virus is a limited functionality trojan that was discovered by security researchers at the end of December 2018. Malware's scripts are run as soon as users launch what appears to be Discord – a gaming community-orientated communications app. OSX.LamePyre seems to be a virus in development with many bugs and lack of obfuscation techniques, and its functionality is limited to running a backdoor on the system and taking screenshots that are sent to Command & Control server. While the capabilities of malware are far from those of modern viruses, the sensitive information leak should warrant LamePyre virus removal as soon as it is detected.
|Elimination||Use security software Malwarebytes Malwarebytes|
|Optimization||Use Reimage to fix the damage done to macOS|
LamePyre virus, which is written in Phyton programming language, uses Automator icon when it runs the script, and the gear icon appears on the menu bar with the name “Discord App.” Crooks really did a lousy job when disguising the malware, as the shell script does not even show the official Discord logo. OSX.LamePyre then starts taking screen prints and sending them to a remote server controlled by hackers.
Another key function of the LamePyre virus is to run a backdoor on the infected macOS. It uses EmPyre open-source backdoor, which was previously used to distribute the DarthMiner malware. This feature might allow the access of other cyber infections like a worm or ransomware. For that reason, users infected with the trojan should remove LamePyre as soon as possible.
Nevertheless, some security software for Mac might not recognize the threat or fail to eliminate it. Malwarebytes Malwarebytes detects and removes the infection automatically. After the elimination, we suggest you scan your device with Reimage – it can ensure the LamePyre's system modifications are reversed.
In order to keep functioning, LamePyre virus runs a launch agent under a misleading name com.apple.systemkeeper.plist. Nevertheless, victims will most likely not realize they are infected, and their machines will already be running backdoors and sending out screenshots to the remote server.
Avoid malicious software by downloading apps from official sources
While some people might not realize what the difference between an app downloaded from the official website and the one obtained from a third-party site is, others simply act careless and neglect general cybersecurity practices. Additionally, many users opt for torrent and video streaming sites to view copyrighted material for free. However, this type of behavior can easily result in malicious software infiltration.
Therefore, it is vital to use caution, such as:
- Employ anti-malware application and internet security suite;
- Patch system and software with new updates as soon as available;
- Download apps from official sources (Apple Store, Amazon, App's developers sites, etc.);
- Use ad blocker to stop scam messages;
- Beware of fake updates (Flash player especially);
- Use a VPN to protect your privacy.
Remove OSX.LamePyre from Mac to stay safe online
LamePyre malware is a trojan, which means that other malicious programs could have sneaked into your machine without you noticing. Therefore, while the initial malware is not utterly devastating, the possibility of more severe infections should warrant LamePyre virus removal.
To remove LamePyre virus from your macOS, you should perform a full system scan using potent anti-malware software. Malwarebytes Malwarebytes is anti-virus application that is capable of doing so safely and quickly. Nevertheless, we also advise you download Reimage to fix up your system and make it run smoothly again.