MalwareThough many of its now-famous hidden marketplaces have been taken down by law enforcement, the darknet continues to be a home for the web’s seediest characters. The latest item to hit the market and generate buzz isn’t an illegal substance — instead, it’s illegal software. Several outlets have reported that an anonymous darknet user is currently making attempts to sell an allegedly unreleased “remote administration tool,” or RAT, for Macs.
Dubbed “Proton,” when installed this software gives attackers full control over a user’s machine. That includes downloading more …
March 22, 2017 •
2 min read
macOSA brand-new type of malware affecting Macs is in the wild, and this time there are definite signs of development in conjunction with a foreign nation. Designed (albeit rather poorly) to look like a Flash update, this malware, dubbed MacDownloader, is a unsophisticaed attempt to glean user passwords. Uncovered by security researchers after the malware targeted major defense contractors, the program may feature amateurish code, but its threat is very real.
After fooling a user into downloading the false Flash update, the malware quickly goes to work profiling the …
February 17, 2017 •
2 min read
MalwareThe latest item of Mac malware to be uncovered is actually not new at all; in fact, it may have been around for several years. Dubbed “Fruitfly” by Apple, this malware has some novel features. In particular, its function depends upon using both an outdated library from the late 90s, libjpeg, as well as pre-OS X system calls. Why the malware was designed to use outdated methods is unknown, but in the wake of the malware’s discovery, Apple promptly issued an update to XProtect to reduce the threat to users. …
January 31, 2017 •
2 min read
iPhoneThough the threat of computer viruses once lurked primarily in the domain of email attachments and suspicious file downloads, the current landscape is vastly different. Simply doing damage to a system and spreading a virus further is no longer the biggest threat. From spyware to any of the many flavors of malware, there are many new and evolving security issues facing computer systems globally. Ransomware continues its rise to prevalence as infections rise year over year, compromising more machines. Ransomware, a type of malware which locks down user access to …
September 16, 2016 •
3 min read
Mac OS XLast year, the spyware developer Hacking Team seemed to go down in flames after a massive internal leak exposed the company’s dirty secrets for the world to see. Prior to that occurrence, the Milan-based firm had been in operation since 2003, selling products to governments, law enforcement, corporations, and other entities to help them spy on customers or private citizens. From monitoring emails to breaking encrypted communications, all the way to covertly activating webcams, Hacking Team traded in software that gleefully wrecked privacy rights and laundry lists of other …
March 14, 2016 •
3 min read
MacScanUpdated: February 12, 2014
OSX/CoinThief has been distributed under four different names so far: BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker.
BitVanity and StealthBit were distributed on Github, while Bitcoin Ticker TTM and Litecoin Ticker were distributed on Download.com and MacUpdate.com. Both app names appear to have been taken from legitimate apps in the Mac App Store. The malicious payload was not found in Mac App Store copies of these apps.
When run, the malware installs a browser extension in Chrome, Safari, and Firefox, which will appear in those apps as "Pop-Up …
February 9, 2014 •
4 min read
MacScanMalware: OSX/CoinThief.A
Date Discovered: February 9th, 2014
Updated: February 13, 2014
Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.
SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior:
The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file. This makes it so …
February 9, 2014 •
6 min read
AdwareThe links for many popular Mac apps on CNET’s download.com have been replaced with a “CNET installer” that installs toolbar adware and changes browser settings. This guide shows how to identify affected apps, how to avoid the toolbar installer, how to determine if it has been installed on your system, and how to remove it if so.
Adware can be a threat to user privacy, and is used to track a user’s browsing habits online. For example, the permissions for one of the Google Chrome extensions shows what these toolbars can …
October 13, 2013 •
4 min read
AdwareUpdate (10/29/13 12:15pm): SecureMac has prepared a guide to help users identify and remove the adware being distributed by CNET’s download.com in place of popular Mac apps. The guide provides detailed information, including step-by-step instructions to determine if the adware is installed on your system, and the steps to remove it. View CNet Adware Identification and Removal Guide for Mac OS X.
Direct download links for a variety of popular Mac software products have been replaced on CNET’s Download.com with installers for browser toolbars, commonly used by adware to track user …
October 13, 2013 •
2 min read
MalwareFrom Doctor Web, the Russian anti-virus vendor—”conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X. Now BackDoor.Flashback botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada. This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.”
April 4, 2012 •
1 min read
MalwareSecureMac has learned of a new piece of Mac malware that is currently in the wild and infecting computers running OS X. As first reported at http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/ this piece of malware exploits a vulnerability in computers running older, unpatched versions of Java.
March 20, 2012 •
2 min read
