O'Grady's PowerPage

Tag: trojan

  • Security researchers look into “Calisto” malware two years after it surfaces for the Mac

    Roughly two years after their circulation, security researchers have discovered infections of macOS malware named “Calisto”. The malware was seemingly developed in 2016 and may have been a precursor to the “Proton” macOS trojan that started to circulate in 2017.

    Calisto functions as a trojan that takes the form of an unsigned DMG for Intego’s Mac Internet Security X9, an antivirus and security suite. Kaspersky’s Secure List notes it is similar to the official release, so it is likely meant to try and fool users wanting to install the software and acquiring it by other means than directly from Intego itself.

    After asking users to accept an agreement, Calisto asks for the user’s login and password via a convincing authentication box. After the credentials are entered, the software shows an installation error message advising to redownload the official software. By doing this, the malware acquires the user’s login details, which it can then use to perform other actions.

    (more…)

  • Komplex trojan surfaces for macOS, thought to exploit vulnerability in MacKeeper antivirus software

    trojanhorse

    Yet another chunk of malware for OS X/macOS to worry about.

    Security researchers at Palo Alto Networks have identified a new trojan known as “Komplex”, which can download, execute, and delete files from an infected Mac. Interestingly, the Trojan will also save a PDF document to the infected system concerning the Russian space program.

    The PDF document details planned Russian space projects from 2016 to 2025, but also acts as a decoy.

    (more…)

  • Researchers demonstrate proof of concept for firmware worm that can directly target Macs

    trojanhorse

    It’s generally been accepted that Apple’s computers are much more secure than their Windows PC counterparts.

    This isn’t entirely true, as a part of researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

    (more…)

  • WireLurker security paper released, discusses potential next generation of OS X, iOS malware

    trojanhorse

    Not that you should be entirely paranoid about malware on your OS X and iOS devices, but a little caution couldn’t hurt.

    Per Palo Alto Networks, a new paper has been published on WireLurker, a family of malware targeting both Mac OS and iOS systems for the past six months. It’s believed that WireLurker could herald in a new generation of malware on Apple’s desktop and mobile platforms given the following characteristics:
    – It is only the second known malware family that attacks iOS devices through OS X via USB.

    – It is the first malware to automate generation of malicious iOS applications, through binary file replacement.

    – It is the first known malware that can infect installed iOS applications similar to a traditional virus.

    – It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

    WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

    (more…)

  • iWorm trojan quietly added to Apple’s Xprotect definition list

    The bad news is that there’s another chunk of malware on the OS X platform to worry about.

    The good news is that Apple included a backdoor fix over the weekend to take care of it.

    Per The Mac Observer, Apple pushed an update to its Xprotect malware list for the Mac that includes the Mac.BackDoor.iWorm malware over the weekend. Xprotect watches for telltale signatures from known malware threats and attempts to stop them from invading your computer.

    The iWorm threat installs through a Trojan horse masquerading as an installer for other apps. Mac owners that have fallen victim to iWorm picked up the malware through installers for pirated apps such as Adobe Photoshop.

    iworm

    Once installed, iWorm looks to Reddit for posts that include server addresses it can link to for instructions on what nasty activities it should undertake. Reddit has shut down the forum iWorm checked, but that doesn’t mean hackers won’t be able to find an alternate method for delivering server locations.

    (more…)