Kaiji malware: a new IoT threat

Security researchers have discovered a new family of malware, dubbed “Kaiji”, that targets Internet of Things (IoT) devices and Linux servers.

Why you should update Firefox right now, according to the U.S. Department of...

The U.S. Department of Homeland Security has issued an alert about a “critical vulnerability” affecting Mozilla’s Firefox browser. The DHS has advised all Firefox users to update their browser software immediately.

In this short article, we’ll explain what the vulnerability is, help you parse the language used in the security advisory, tell you who is affected, and let you know how to get your updates and stay safe.

What is the vulnerability?

According to the Mozilla security advisory, the vulnerability was due to a flaw in the “IonMonkey JIT compiler”, which could “lead …

New fileless malware for macOS linked to Lazarus Group

The new malware sample bears similarities to the well-known AppleJeus malware, which targets cryptocurrency exchanges. AppleJeus is the product of Lazarus Group, a shadowy cybercrime organization believed by many to be linked to North Korea.

Apple AirDrop Vulnerability Broadcasts User Phone Numbers to Potential

iPhone users who frequently use the AirDrop feature to share images, videos, or other files may unwittingly be broadcasting their phone numbers to people nearby. According to a recent Ars Technica report, a hacker would need to have a laptop and a “wireless packet sniffer” dongle to exploit the vulnerability. Armed with those components, a security researcher testing the proof-of-concept software designed to exploit the vulnerability was able to see “details of more than a dozen iPhones and Apple Watches that were within radio range” and use this information to …

Flaw in Bluetooth Protocols Could Allow Tracking of iPhone, MacBook Users

Bluetooth is one of the most common wireless protocols in the world, allowing a vast range of devices to connect together for shared functionality. From playing music in your car to controlling the temperature of your flatiron, Bluetooth enables us to do many things — and as a result, Bluetooth protocols are standard on iPhones, in MacBooks, and in many other products, too. According to a new study published by researchers from Boston University, though, almost all those devices currently contain a Bluetooth flaw that can erase a user’s privacy.

Bluetooth’s …

Zoom security flaw puts you at risk (even after you uninstall)

Security researcher Jonathan Leitschuh has discovered a major vulnerability in the popular Zoom video conferencing app that could allow malicious actors to turn on your Mac’s camera without your permission.

Google Shares Details about a New macOS Vulnerability

On Friday, March 1, 2019, Google’s Project Zero announced that it had discovered a “high severity” vulnerability in Apple’s macOS operating system. The Project Zero team constantly works to find vulnerabilities in software and code from other companies and developers. When Project Zero does identify a weakness, it notifies the coder or developer behind the software. The developer then has a 90-day window to fix the issue before Project Zero announces the vulnerability to the world. In other words, Apple has known about this issue for a while and has …

Breach of Spyware Company mSpy Exposes iCloud Account Information for Millions

Apple users should consider changing their iCloud passwords after a recent breach reportedly exposed the account information of millions of people. The breach involved a company called mSpy, a spyware-as-a-service business. mSpy sells mobile and computer software that allows users to spy on their friends or family members. The software is also marketed to allow parents to see what their children are doing on their devices. However, this type of software is technically illegal and mSpy has a shady reputation.

At the end of August, security researchers Brian Krebs …

Major macOS Mail App Harbors Major Vulnerabilities

How do you manage your email? For those who receive a high volume of messages every day and depend on their email for work purposes, answering this question is essential. Most stock mail clients don’t always offer the capabilities you need from them; for that reason, many people choose to use third-party email management programs. macOS users are no exception. However, it is important to be aware that this software, like any other, can put your data at risk if the developers fail to take appropriate security measures. That appears …

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …

Apple Confirms Fixes for Major CPU Vulnerability, More on the Way

Apple has confirmed that a pair of critical security vulnerabilities uncovered by security researchers late in 2017, and now filtering out into media reports, does affect “all Mac systems and iOS devices.” These bugs, dubbed Meltdown and Spectre, affect the clear majority of computers and a vast number of mobile devices, regardless of make, model, or manufacturer. Though tricky to exploit, these bugs could allow an attacker untraceable access to a wide variety of user data.

By exploiting a weakness in an advanced function within the processor, Meltdown allows …

Apple Reassures Users: Flaws in WikiLeaks/CIA Vault7 Leak Already Patched

On March 7th, WikiLeaks entered the news and made waves again by releasing almost nine thousand documents they claimed came from within the US Central Intelligence Agency. Contained in the leak was a vast range of information about the CIA’s intelligence gathering practices regarding technology. The revelations included information that the agency had undertaken spying efforts through exploiting vulnerabilities in various technologies, including some “smart” TVs and mobile operating systems. Also, contained within the documents, however, were fourteen previously undisclosed flaws in iOS. Through these flaws, an attacker could …

Newly-Discovered “Fruitfly” Backdoor Allows Remote Access to Macs

The latest item of Mac malware to be uncovered is actually not new at all; in fact, it may have been around for several years. Dubbed “Fruitfly” by Apple, this malware has some novel features. In particular, its function depends upon using both an outdated library from the late 90s, libjpeg, as well as pre-OS X system calls. Why the malware was designed to use outdated methods is unknown, but in the wake of the malware’s discovery, Apple promptly issued an update to XProtect to reduce the threat to users. …

Malvertising Hits macOS Users Through Google AdWords

With the huge number of ads present on the web today, it’s no surprise that they’re often a target and an attack vector for hackers looking for an open door. We’ve discussed malvertising here before to alert our readers to the potential threat. Now there comes word from security researchers that malvertisers executed a campaign specifically targeting macOS users early in November. This time the target was users who were hoping to install Google Chrome.

When searching for the keywords “Google Chrome,” a malicious ad purchased by the …

Apple Releases Important iOS Update to guard against Malware

iPhone and iPad users should update to the latest version of iOS as soon as possible, following the latest security update from Apple. The new patch—iOS 9.3.5—arrived on Thursday, August 25th and was dubbed by Apple as an “important security update.” It addresses dangerous malware that was recently developed in the Middle East.

Writing for ZDNet, Zack Whittaker noted that iOS 9.3.5 is a patch for three different malware vulnerabilities, not just one. Working together, security researchers Citizen Lab and Lookout discovered the vulnerabilities and notified Apple about their existence. Lookout …

Meet AceDeceiver: The First iOS Trojan Horse

Users of iOS devices should be on alert after the arrival of what looks like the first Trojan Horse malware developed for Apple’s mobile operating system. According to a post by Palo Alto Networks, this malware—which is known as AceDeceiver—is unique among other iOS threats in that it doesn’t use counterfeit enterprise certificates to gain access to your device. AceDeceiver doesn’t use an enterprise certificate at all. Rather, it manipulates a major vulnerability in Apple’s DRM (digital rights management) and uses it to install malicious apps on your phone …

KeRanger Ransomware Takes Macs Ransom for Bitcoin – Ransomware...

BitTorrent Client Exposes Users to First Known Piece of OS X Ransomware

Unlucky BitTorrent users who installed the latest version of Transmission over the weekend unwittingly exposed themselves to the first known piece of ransomware seen in the wild for OS X. According to a report published on March 4th by the Palo Alto Networks Research Center, hackers figured out a way to bundle ransomware with two different installers for Transmission 2.90. Transmission bills itself as a “fast, easy, and free BitTorrent client.”

According to the Palo Alto Networks report, …

MacKeeper URL handler remote code execution vulnerability and proof-of-concept...

Security Advisory update issued: 05/08/2015

MacKeeper has posted an advisory on their blog detailing the security issue and the steps they have taken in response. A new version of MacKeeper has been released to address the vulnerability, and MacKeeper users should update to the latest version as soon as possible. By default, MacKeeper automatically checks for updates, and users should click OK when prompted in order to install the update.

Original advisory follows:

Date issued: 05/07/2015

Risk: Critical (for users running MacKeeper)

A vulnerability has been discovered in MacKeeper, a utility program for OS X. …

OSX/CoinThief Manual Identification and Removal Instructions

Updated: February 12, 2014

OSX/CoinThief has been distributed under four different names so far: BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker.

BitVanity and StealthBit were distributed on Github, while Bitcoin Ticker TTM and Litecoin Ticker were distributed on Download.com and MacUpdate.com. Both app names appear to have been taken from legitimate apps in the Mac App Store. The malicious payload was not found in Mac App Store copies of these apps.

When run, the malware installs a browser extension in Chrome, Safari, and Firefox, which will appear in those apps as "Pop-Up …

New Apple Mac Trojan Called OSX/CoinThief Discovered

Malware: OSX/CoinThief.A
Date Discovered: February 9th, 2014
Updated: February 13, 2014

Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.

SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior:

The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file. This makes it so …