Task Automations on MacOS – AppleScript

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Task Automations on MacOS – AppleScript

Author: cyberwriter | Published on November 3, 2018 | Views: 788

AppleScript (AS) is not a name frequently used in cybersecurity. This specific language is based on JavaScript and is used exclusively for automation tasks within the Mac OS. AppleScript can be used to move and click a mouse, enter text, resize windows, change volume levels, and generally carry out any input function the user does. The power of this lies in the ability to quickly, efficiently, and quietly carry out any task on the user’s device. These scripts can be loaded and run with physical access, transferred and run via remote access, and even downloaded and run unintentionally by users.

AppleScript Attack?

One popular cybersecurity application of AppleScript is the creation and execution of trojans. These trojans rely on transferring and executing a hidden AppleScript to an unsuspecting user within a downloaded file. This attack is not particularly difficult, and it has been employed by a number of organizations to varying success. One approach is to give the name of another type of file to an AppleScript application. For example, an AS application file can be disguised as a ‘.gif’ or ‘.png’ file by naming it as such.
applescript automation
Learning to create your own AppleScript exploits is not very difficult. The language itself is written very naturally and is limited to a specific set of functions. The entire language is broken down into basic commands such as “beep”, “display dialogue”, “say” and “tell” as well as standard syntax statements for object-oriented programming.

This is an example of AppleScript in the classic “Hello World!” program:
	display dialogue “Hello World!”

The true potential for AppleScript is in the ability to combine these functions in complex and novel ways. You could load a script that renders the mouse unusable, loads several loud music files, and sets the device’s volume to maximum. This could be useful as a distraction or simply a prank, but more advanced scripts can do things like collect and send off system information for storage, search for important files to copy and download, spread to other systems, or shut down several devices. Imagine any task a user can do at the device, and then imagine these tasks can be carried out automatically as quickly and as frequently as possible. Some versions of Mac OS come with an AppleScript “recorder” that you can use to record your input actions, translate it to code, and compile it for execution. These compiled applications can be executed locally, executed remotely, and transferred covertly.

TLDR;

AppleScript is JS based and can be loaded and run with physical access, and transferred and run via remote access. Its specialty is creating trojans that rely on transferring and executing a hidden script to an unsuspecting user within a downloaded file. Because of this, it can be downloaded and unintentionally run by users. The application file can also be disguised as a different file type by altering the name to mimic standard acceptable files like ‘.jpg’ or ‘.png’.

Resources:

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel