Even though it was corrected, this could be called a snafu.
Download aggregator web site MacUpdate briefly linked to three malicious applications masquerading as legitimate downloads for Firefox, OnyX, and Deeper, that not only install the apps, but also deposit Monero, a cryptocurrency miner on downloader’s systems.
On February 1st, MacUpdate updated its legitimate download links to installers for the three apps. Over the course of the incident, download links to OnyX and Deeper by Titanium Software were replaced with similar URLs and Firefox downloads were redirected to a bogus installed.
The payload was delivered as a .dmg file, but the installers were scripts that download and install the payload, plus retrieved a legitimate copy of the app in question to convince the user that the app installed properly.
Representatives from MacUpdate have since fixed the download links and offered the following instructions for removal of the malware as well as offered apologies for the incident.
This is not the first time that MacUpdate has hosted malware in downloads. The company itself was installing its own adware to non-subscribers computers for a few months in 2015. A second event in 2016 found fake application EasyDoc Converter distributing the OSX Eleanor ransomware for a period of time.
Stay tuned for additional details as they become available.
Via AppleInsider and Malwarebytes