/?pid=20931

Updated:05:55 AM EDT Mar 28


this is ggmania.com subsite In-the-wild Mac malware kept busy in June - TechAmok

In-the-wild Mac malware kept busy in June - [security]
07:53 AM EDT - Jun,30 2019 - post a comment

June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS. The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that's available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe's Flash media player, but it's in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.
OSX/CrescentCore is delivered as a Trojan horse application on a .dmg disk image, masquerading as an Adobe Flash Player installer.

However, unlike the typical, everyday, fake Flash Player updater, OSX/CrescentCore has some extra capabilities in an effort to make it more difficult for antivirus software to detect, and more difficult for malware analysts to examine and reverse engineer.

If a user opens the .dmg disk image and opens the Player app (which has a Flash Player icon), the Trojan horse will first check to see whether it is running inside a virtual machine (VM). Malware analysts often examine malware inside a VM to avoid unintentionally infecting their own computers while working with dangerous files, so malware authors sometimes implement VM detection and behave differently to make it more difficult to analyze the malware's behavior.

The OSX/CrescentCore Trojan app also checks to see whether any popular Mac antivirus programs are installed.

If the malware determines that it's running within a VM environment or with anti-malware software present, it will simply exit and not proceed to do anything further.

For Mac users without antivirus software, however, the Trojan will proceed to install a LaunchAgent-a persistent infection.

A second variant of this malware is currently under analysis. Depending on the variant, the Trojan installer may install rogue software known as "Advanced Mac Cleaner" (OSX/AMC) or install a malicious Safari browser extension.


Add your comment (free registrationrequired)

Short overview of recent news articles

Mar,28 2024 Intel's Battle Has Just Begun
Mar,27 2024 Unreal Physics is a new free game on Steam
Mar,27 2024 Is The World's Cheapest Hardware Wallet SafePal S1 Worth It?
Mar,27 2024 Yes, this was a Bad Idea (Emergency Wall-Mounted PC Build)
Mar,27 2024 11 Cool Command Line Programs You Need to See
Mar,26 2024 When you Accidentally Compromise every CPU on Earth
Mar,24 2024 Everyone Who Tried This Has FAILED - Khadas Mind Modular PC
Mar,24 2024 Air Cooling is Dead
Mar,24 2024 US Justice Dept. Sues Apple for Monopolistic Behavior in Smartphones
Mar,24 2024 Beetlejuice Beetlejuice - Official Teaser Trailer (2024) Michael
Mar,22 2024 Alien: Romulus | Teaser Trailer
Mar,22 2024 NVIDIA Is On a Different Planet
Mar,21 2024 Everyone Needs This and it's Under $10 - Handy Tech Under $100
Mar,21 2024 20 COOL GADGETS FOR 2024
Mar,21 2024 Nvidia's 5090 Is Built From WHAT?!
Mar,20 2024 Parasyte: The Grey | Official Trailer | Netflix
Mar,20 2024 Fastest m.2 on Planet EARTH | Crucial T705 Nvme Review
Mar,20 2024 LG's new 480Hz OLED dual-mode monitor
Mar,19 2024 First 9.1 GHz CPU (overclocked 14900KS)
Mar,18 2024 Haley Messick - Saatisfaction @bennybenassi - In10sive Mastercamp
Mar,18 2024 1000W CPU: The Most Powerful Desktop Processor
Mar,18 2024 Expands Snapdragon 8 Series to Cover More Price Points
Mar,17 2024 Train Vs Lamborghini
Mar,16 2024 Don't use a Microsoft Account!
Mar,16 2024 This Ghillie Made from MIRRORS is SHOCKINGLY GOOD
Mar,16 2024 How Hackers Deliver Malware to Hack you using Social Media
Mar,15 2024 Call of Duty: Warzone Mobile - Launch Trailer
Mar,14 2024 Intel's 4th Attempt At Beating Ryzen - "New" 6.2GHz Core
Mar,14 2024 Asus Goes Big with Zenfone 11 Ultra
Mar,14 2024 House Passes Bill to Force Sale of TikTok
Mar,14 2024 Motorola Brings More Affordable 5G Phones to its 2024 Lineup
Mar,14 2024 Capristan Swim - Miami Swim Week | Art Basel Miami
Mar,11 2024 The Most Stunning All SSD NAS Ever? Inside QNAP's All-SSD
Mar,11 2024 M2 vs M3 MacBook Air - ULTIMATE Comparison!
Mar,11 2024 Risky PC Experiment: Direct CPU Water-Cooling! Can It Survive?
Mar,11 2024 SpaceX Falcon 9 rocket launches 23 Starlink satellites from
Mar,10 2024 I tried the Cheapest Arduino Alternative (that Nobody heard of)
Mar,10 2024 This is the WEIRDEST PC I've ever seen.
Mar,10 2024 Nvidia Retires GTX 16 Series, GDDR7 Arrives, FSR Upscaling Going AI?
Mar,09 2024 The New BIOS Hack That Bypasses Every Antivirus
>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs