dcsimg

Yes, Chromebooks can and do get infected

As a Mac malware specialist, I’ve seen more than my share of folks saying “Macs don’t get viruses” over the years. I’ve seen and experienced first-hand that this isn’t true—even on iOS, where despite having tight, built-in security, iPhones are still capable of getting infected by rare malware. I suppose that I shouldn’t be surprised, then, when I hear … [Read more...]

Flurry of new Mac malware drops in December

Last week, we wrote about a new piece of malware called DarthMiner. It turns out there was more to be seen, as not just one but two additional pieces of malware had been spotted. The first was identified by Microsoft’s John Lambert and analyzed by Objective-See’s Patrick Wardle, and the second was found by Malwarebytes’ Adam Thomas. A Word document with a malicious macro Lambert … [Read more...]

Mac malware combines EmPyre backdoor and XMRig miner

Earlier this week, we discovered a new piece of Mac malware that is combining two different open-source tools—the EmPyre backdoor and the XMRig cryptominer—for the purpose of evil. The malware was being distributed through an application named Adobe Zii. Adobe Zii is software that is designed to aid in the piracy of a variety of Adobe applications. In this case, however, the app was called Adobe … [Read more...]

Mac cryptocurrency ticker app installs backdoors

An astute contributor to our forums going by the handle 1vladimir noticed that an app named CoinTicker was exhibiting some fishy behavior over the weekend. It seems that the app is covertly installing not just one but two different backdoors. Behaviors The CoinTicker app, on the surface, appears to be a legitimate application that could potentially be useful to someone who has invested in … [Read more...]

Mac malware intercepts encrypted web traffic for ad injection

Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let’s take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see how it’s installed, its behavior, and the implications of this kind of … [Read more...]

Holes found in Mojave’s privacy protection

macOS Mojave was released on Monday, September 24, with much promise of increased privacy protections. In particular, apps are now required to get permission from users before they can access data in certain locations, such as Mail data, contacts, calendar events, Safari user data, and more. Blocking access to Safari user data would have prevented the issue brought to light earlier this month, in … [Read more...]

Mac App Store apps are stealing user data

There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around … [Read more...]

New strain of Mac malware Proton found after two years

Last week, Kaspersky reported on a new variant of the Mac malware Proton, which they have dubbed Calisto, that has been around for at least two years. Calisto is thoroughly dead at this point, but there are still potential security implications involved with these older infections. Proton was first revealed to the world back in February 2017 via an Apple security update. It was later seen in the … [Read more...]

Mac malware targets cryptomining users

Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy. The malware was being distributed by chat users posing as admins, who posted the following shell script for users to run: cd /tmp … [Read more...]

New Mac cryptominer uses XMRig

A new Mac cryptominer was discovered this week, after affected users saw their fans whirring out of control and a process named “mshelper” gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove. The malware became public knowledge in a post on Apple’s discussion forums, where the “mshelper” process was found … [Read more...]