|
|
In-the-wild Mac malware kept busy in June - TechAmok
In-the-wild Mac malware kept busy in June - [security]
07:53 AM EDT - Jun,30 2019 - post a comment June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS. The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that's available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe's Flash media player, but it's in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.
OSX/CrescentCore is delivered as a Trojan horse application on a .dmg disk image, masquerading as an Adobe Flash Player installer.
However, unlike the typical, everyday, fake Flash Player updater, OSX/CrescentCore has some extra capabilities in an effort to make it more difficult for antivirus software to detect, and more difficult for malware analysts to examine and reverse engineer.
If a user opens the .dmg disk image and opens the Player app (which has a Flash Player icon), the Trojan horse will first check to see whether it is running inside a virtual machine (VM). Malware analysts often examine malware inside a VM to avoid unintentionally infecting their own computers while working with dangerous files, so malware authors sometimes implement VM detection and behave differently to make it more difficult to analyze the malware's behavior.
The OSX/CrescentCore Trojan app also checks to see whether any popular Mac antivirus programs are installed.
If the malware determines that it's running within a VM environment or with anti-malware software present, it will simply exit and not proceed to do anything further.
For Mac users without antivirus software, however, the Trojan will proceed to install a LaunchAgent-a persistent infection.
A second variant of this malware is currently under analysis. Depending on the variant, the Trojan installer may install rogue software known as "Advanced Mac Cleaner" (OSX/AMC) or install a malicious Safari browser extension.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Aug,03 2025 NURBURGRING HEAVY RAINSTORM! MANY Fails, Spins & Slippery Action! Aug,03 2025 2025 Bentley Continental GTC SPEED // REVIEW on AUTOBAHN Aug,03 2025 F1: Qualifying Highlights | 2025 Hungarian Grand Prix Aug,03 2025 TikTok Adds Community Notes Aug,03 2025 Apple Responds to US Antitrust Lawsuit Aug,03 2025 Nvidia Denies Backdoor, but I thought that's what their logo was Jul,31 2025 Threadripper 64 Core MONSTER - Holy S#!T! Jul,28 2025 HW News - Gigabyte's Motherboard Mess, Linux Gains Market Share, Jul,27 2025 Samsung Z Fold 7 Durability Test - The End is Near Jul,27 2025 Silent Night, Deadly Night - Exclusive Trailer Jul,27 2025 I Bought a Giant Video Wall on Craigslist! Jul,26 2025 My Turn: Lamborghini Revuelto // Nurburgring Jul,26 2025 F1: Qualifying Highlights | 2025 Belgian Grand Prix Jul,26 2025 F1: Sprint Qualifying Highlights | 2025 Belgian Grand Prix Jul,26 2025 I am biased against this laptop - Razer Blade 18 Jul,26 2025 PRISONER OF WAR - Official Trailer | Starring Scott Adkins | In Jul,24 2025 Battlefield 6 reveal trailer Jul,22 2025 Samsung Galaxy Z Fold 7 - Two Week Review Jul,21 2025 Killer 4K 240Hz QD-OLED for just £750: MSI MPG 272URX Jul,20 2025 LAMBORGHINI URUS *STAGE 1* // REVIEW on AUTOBAHN Jul,20 2025 THE BEST VW GOLF GTI I've Driven! Proper ClubSport Jul,19 2025 Intel Core Ultra 9 275HX vs AMD Ryzen 9 9955HX - Which CPU is Best? Jul,18 2025 LAMBORGHINI REVUELTO V12 // 370KMH REVIEW on UNLIMITED AUTOBAHN! Jul,18 2025 Mortal Kombat II - Official Trailer Jul,17 2025 Stranger Things 5 - Official Teaser Jul,14 2025 Google Is Selling Fake Products - WAN Show July 11, 2025 Jul,12 2025 Hacked by playing Call of Duty WW2 on Gamepass? Jul,12 2025 2025 VW Golf GTE // TOP SPEED REVIEW on AUTOBAHN Jul,11 2025 NEW Audi RS3 v cheapest used RS3: DRAG RACE Jul,10 2025 A critical security vulnerability in Microsoft Remote Desktop Client Jul,10 2025 Samsung Z Fold/Flip 7 Impressions: Major Upgrades! Jul,08 2025 Gmail's latest feature helps you get rid of those pesky emails from Jul,06 2025 I'm an idiot and still made top 5... here's how Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$? Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven! Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves, Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass) Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN
>> News Archive <<
| |
|
