Adware SecureMac Security Bulletin
Posted: May 2nd, 2011
Security Risk: Low
A new privacy and security threat is targeting computers running Apple’s Mac OS X disguised as an anti-virus program called MAC Defender. The fake anti-virus program will “detect” nonexistent threats as being present on the user’s system in an effort to persuade them to hand over their credit card information and purchase a “subscription” to the program. If that doesn’t do enough to convince the user to buy the fake anti-virus program, it will start popping up pornographic websites to create an actual …
May 12, 2011 •
6 min read
AdwarePosted: May 2nd, 2011
Security Risk: Low
RELATED: MAC Defender Security Bulletin & Removal Instructions
PDF: https://www.securemac.com/pdf/macdefender.pdf
As noted in our security advisory at https://www.securemac.com/MAC-Defender-Rouge-Anti-Virus-Analysis-Removal.php there is a new piece of malware in the wild that is targeting computers running OS X. The following is a technical analysis of the malware sample that we analyzed; this analysis assumes familiarity with our original security advisory.
While this particular piece of malware is new to OS X, it follows the general modus operandi of most fake anti-virus programs that target Microsoft Windows. First, the user is presented …
May 2, 2011 •
5 min read
AdwareSecureMac Security Bulletin
Due to the easy removal of the currently identified variant of this malware, SecureMac rates this threat as low. This Security Bulletin will be updated if the threat changes.
Updated: May 9th, 2011
Updated: May 4th, 2011
Posted: May 2nd, 2011
Security Risk: Low
UPDATE, May 9th, 2011: SecureMac has discovered a new version of the previously identified MAC Defender malware. The new variant, just like the previous identified “Mac Security” version, is an updated version of the original malware, rebranded as “Mac Protector.”
UPDATE, May 4th, 2011: SecureMac has discovered a new version …
May 2, 2011 •
10 min read
MalwareAs predicted by the SecureMac team, the new version of BlackHole RAT 2 was officially released on a hacker message board this weekend, with some slight differences from the earlier version analyzed by SecureMac. The trojan horse, once installed, disguises itself as a Java Updater. In addition, the author is now referring to the trojan as Freeze RAT, but it contains much of the same code as BlackHole Rat 2.0a. The new version has a more complicated installation process that requires physical access to the computer, so SecureMac continues to rate this as a low threat.
April 3, 2011 •
3 min read
MalwareThe SecureMac team announced today that a new version of the BlackHole RAT 2.0 Trojan Horse for Mac OS X has been discovered. This new version should be not confused with an older variant from back in February already detected by SecureMac and other anti-malware software.
February 25, 2011 •
4 min read
MalwareThe initial infection vector of the Boonana trojan is through a message on social networking sites similar to “Is this you in this video?” which includes a link to an external site. Upon clicking the link, a java applet will attempt to load in the user’s web browser.
The web browser will then prompt the user to allow content signed by an untrusted certificate to run.
When the user accepts the certificate, the applet loads.
Once the applet is loaded, it displays a fake YouTube interface to simulate a “video” by displaying a …
October 28, 2010 •
3 min read
Mac OS XTrojan Horse Alert: Intego recently alerted users to the presence of a new variant of the HellRaiser Trojan Horse, which they identify as OSX/HellRTS.D. SecureMac has analyzed this new variant and it is detected in the latest MacScan spyware definitions update (Spyware Definitions Version 2010006) as HellRaiser Trojan Horse 4.2. MacScan has detected previous variants of this trojan horse since 2005.
HellRaiser is a trojan horse that allows complete control of a computer by a remote attacker, giving the attacker the ability to transfer files to and from the infected computer, pop up chat messages on the infected system, display pictures, speak messages, and even remotely restart or shut down the infected machine.
The attacker can search through the files on the infected computer, choosing exactly what they want to steal, view the contents of the clipboard, or even watch the user’s actions on the infected computer.
In order to become infected, a user must run the server component of the trojan horse, which can be disguised as an innocent file. The attacker then uses the client component of the trojan horse to take control of the infected system.
Read more about HellRaiser Trojan Horse aka OSX/HellRTS.D
April 16, 2010 •
2 min read
Mac OS XMacScan anti-spyware and privacy for Mac OS X has released new spyware definitions to protect against the latest malware for Mac OS X. Definitions can be downloaded from within MacScan. Download 30 day demo of MacScan for free
August 23, 2009 •
1 min read
Key LoggerDNSChanger Trojan Horse (aka RSPlug Trojan) is running wild lately with multiple variants surfacing rapidly and being distributed through more mainstream sites including gamer and technical download sites as well as pornographic and search engine optimized pages resulting in high rankings in search results.
Learn more about the symptoms of DNSChanger Trojan Horse infected computers or scan your computer for spyware with MacScan or remove DNSChanger Trojan Horse (RSPlug) with DNSChanger Trojan Horse Removal Tool for free.
June 26, 2009 •
3 min read
Mac OS XThe trojan horse OSX/Jahlav-C recently reported in the news is in fact a variant of the already discovered DNSChanger Trojan Horse. Other variant and aliases include OSX.RSPlug, OSX/Puper and OSX/Jahlav.
This variant is already detected by SecureMac’s Anti-Spyware product MacScan as well as the free DNSChanger Trojan Horse Removal Tool. Learn more information on avoiding DNSChanger Trojan Horse and removal tips.
June 12, 2009 •
1 min read
AppleApple has finally acknowledged that spyware and viruses are a threat for Mac OS X, as well as the latest operating system in the works, Snow Leopard. Snow Leopard will be adding new technology to help prevent against attacks such as sandboxing and anti-phishing features in Safari. This, however, is not a 100% solution to protect against malware.
June 10, 2009 •
3 min read
AppleToday, Landon Fuller posted a proof-of-concept exploit for an unpatched vulnerability in the Java Runtime Environment currently in use by OS X. While this particular proof-of-concept is meant to be harmless, the vulnerability itself currently affects OS X, including OS X 10.5.7, the latest shipping version of OS X. This vulnerability could be exploited to perform “drive-by-downloads” commonly used as a means to infect computers with spyware, or any arbitrary command with the permissions of the executing user. All a user has to do is visit a web page hosting a malicious java applet to be exploited. Until Apple patches their implementation of Java, we recommend that users disable Java applets in their web browser.
May 19, 2009 •
2 min read