KeRanger Ransomware Takes Macs Ransom for Bitcoin – Ransomware Information & Removal Mac

KeRanger Ransomware Takes Macs Ransom for Bitcoin – Ransomware Information & Removal Mac

BitTorrent Client Exposes Users to First Known Piece of OS X Ransomware

Unlucky BitTorrent users who installed the latest version of Transmission over the weekend unwittingly exposed themselves to the first known piece of ransomware seen in the wild for OS X. According to a report published on March 4th by the Palo Alto Networks Research Center, hackers figured out a way to bundle ransomware with two different installers for Transmission 2.90. Transmission bills itself as a “fast, easy, and free BitTorrent client.”

According to the Palo Alto Networks report, …

March 7, 2016 • 4 min read
MacKeeper URL handler remote code execution vulnerability and proof-of-concept (Zero-Day)

MacKeeper URL handler remote code execution vulnerability and proof-of-concept (Zero-Day)

Security Advisory update issued: 05/08/2015

MacKeeper has posted an advisory on their blog detailing the security issue and the steps they have taken in response. A new version of MacKeeper has been released to address the vulnerability, and MacKeeper users should update to the latest version as soon as possible. By default, MacKeeper automatically checks for updates, and users should click OK when prompted in order to install the update.

Original advisory follows:

Date issued: 05/07/2015

Risk: Critical (for users running MacKeeper)

A vulnerability has been discovered in MacKeeper, a utility program for OS X. …

May 7, 2015 • 4 min read
OSX/CoinThief Manual Identification and Removal Instructions

OSX/CoinThief Manual Identification and Removal Instructions

Updated: February 12, 2014

OSX/CoinThief has been distributed under four different names so far: BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker.

BitVanity and StealthBit were distributed on Github, while Bitcoin Ticker TTM and Litecoin Ticker were distributed on Download.com and MacUpdate.com. Both app names appear to have been taken from legitimate apps in the Mac App Store. The malicious payload was not found in Mac App Store copies of these apps.

When run, the malware installs a browser extension in Chrome, Safari, and Firefox, which will appear in those apps as "Pop-Up …

February 9, 2014 • 4 min read
New Apple Mac Trojan Called OSX/CoinThief Discovered

New Apple Mac Trojan Called OSX/CoinThief Discovered

Malware: OSX/CoinThief.A
Date Discovered: February 9th, 2014
Updated: February 13, 2014

Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.

SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior:

The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file. This makes it so …

February 9, 2014 • 6 min read
CNet Adware Identification and Removal Guide for Mac OS X

CNet Adware Identification and Removal Guide for Mac OS X

The links for many popular Mac apps on CNET’s download.com have been replaced with a “CNET installer” that installs toolbar adware and changes browser settings. This guide shows how to identify affected apps, how to avoid the toolbar installer, how to determine if it has been installed on your system, and how to remove it if so.

Adware can be a threat to user privacy, and is used to track a user’s browsing habits online. For example, the permissions for one of the Google Chrome extensions shows what these toolbars can …

October 13, 2013 • 4 min read
CNET’s Download.com Adware Installer Bundled with Popular Apps – Advisory

CNET’s Download.com Adware Installer Bundled with Popular Apps – Advisory

Update (10/29/13 12:15pm): SecureMac has prepared a guide to help users identify and remove the adware being distributed by CNET’s download.com in place of popular Mac apps. The guide provides detailed information, including step-by-step instructions to determine if the adware is installed on your system, and the steps to remove it. View CNet Adware Identification and Removal Guide for Mac OS X.

Direct download links for a variety of popular Mac software products have been replaced on CNET’s Download.com with installers for browser toolbars, commonly used by adware to track user …

October 13, 2013 • 2 min read
Flashback Trojan Security Fix Update Released by Java

Flashback Trojan Security Fix Update Released by Java

From Doctor Web, the Russian anti-virus vendor—”conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X. Now BackDoor.Flashback botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada. This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.”

April 4, 2012 • 1 min read
New Malware Security Bulletin

New Malware Security Bulletin

SecureMac has learned of a new piece of Mac malware that is currently in the wild and infecting computers running OS X. As first reported at http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/ this piece of malware exploits a vulnerability in computers running older, unpatched versions of Java.

March 20, 2012 • 2 min read
Mac OS X Lion (10.7) Security Issue

Mac OS X Lion (10.7) Security Issue

Mac OS X Lion (10.7) contains a security issue which can allow non-root users access to the password hashes as well as ability to change the password without authenticating the current password. Read more at “Defence in Depth” including full details, scenarios and temporary fixes.

August 19, 2011 • 1 min read
MACDefender Analysis

MACDefender Analysis

 SecureMac Security Bulletin

Posted: May 2nd, 2011

Security Risk: Low

A new privacy and security threat is targeting computers running Apple’s Mac OS X disguised as an anti-virus program called MAC Defender. The fake anti-virus program will “detect” nonexistent threats as being present on the user’s system in an effort to persuade them to hand over their credit card information and purchase a “subscription” to the program. If that doesn’t do enough to convince the user to buy the fake anti-virus program, it will start popping up pornographic websites to create an actual …

May 12, 2011 • 6 min read
MAC Defender Technical Analysis

MAC Defender Technical Analysis

Posted: May 2nd, 2011

Security Risk: Low
RELATED: MAC Defender Security Bulletin & Removal Instructions

PDF: https://www.securemac.com/pdf/macdefender.pdf

As noted in our security advisory at https://www.securemac.com/MAC-Defender-Rouge-Anti-Virus-Analysis-Removal.php there is a new piece of malware in the wild that is targeting computers running OS X. The following is a technical analysis of the malware sample that we analyzed; this analysis assumes familiarity with our original security advisory.

While this particular piece of malware is new to OS X, it follows the general modus operandi of most fake anti-virus programs that target Microsoft Windows. First, the user is presented …

May 2, 2011 • 5 min read
MAC Defender Rogue Anti-Virus Analysis and Removal

MAC Defender Rogue Anti-Virus Analysis and Removal

SecureMac Security Bulletin

Due to the easy removal of the currently identified variant of this malware, SecureMac rates this threat as low. This Security Bulletin will be updated if the threat changes.

Updated: May 9th, 2011
Updated: May 4th, 2011
Posted: May 2nd, 2011

Security Risk: Low

UPDATE, May 9th, 2011: SecureMac has discovered a new version of the previously identified MAC Defender malware. The new variant, just like the previous identified “Mac Security” version, is an updated version of the original malware, rebranded as “Mac Protector.”

UPDATE, May 4th, 2011: SecureMac has discovered a new version …

May 2, 2011 • 10 min read