Published On: Wed, Feb 8th, 2017

Think You’re Safe with Apple? Hackers Use Mac Malware to Steal Data, Track Users

Think you’re protected since we use a Mac? Two confidence researchers have expelled an endless news warning that most of a macOS confidence is indeed an arrogance of larger insurance opposite malware than it indeed exists. While Windows attracts some-more malware campaigns, interjection to being a most-used desktop handling system, Mac isn’t as protected as we might wish to believe.

While documenting an unassuming square of malware, researchers pronounced that macOS users are indeed during larger risk since of this insincere protection.

Much of a combined confidence afforded to macOS users stems from an expectancy of Windows by enemy and reduction readily-available remote entrance collection for a OS, rather than improved in-built defenses.

Thus, macOS users are during risk of presumption larger insurance opposite malware than indeed exists, and could be some-more exposed as a result.

Security researchers also combined that a flourishing series of tellurian rights activists and dissidents opt for Apple devices, heading to targeted attacks by worldly hazard groups.

It’s not only Windows – Meet a latest Mac malware

Security researchers Claudio Guarnieri and Collin Anderson specialize in Iranian notice and espionage campaigns targeting tellurian rights and polite multitude entities. The confidence investigate twin reported that a cyber espionage organisation related to Iran has been regulating an unassuming square of malware named MacDownloader to take information from macOS computers.

MacDownloader was sheltered as a Flash Player Update and a Bitdefender adware dismissal tool. This Mac malware was initial speckled on a (fake) website of a US aerospace organisation United Technologies Corporation. Researchers pronounced a malware was combined towards a finish of 2016, and a formula has been copied from other sources, divulgence that this is substantially a developer’s initial try during formulating a Mac data-stealing malware.

Based on observations on infrastructure, and a state of a code, we trust these incidents paint a initial attempts to muster a agent, and facilities such as diligence do not seem to work. Instead, MacDownloader is a elementary exfiltration agent, with broader ambitions.

The researchers pronounced they knew a feign US aerospace website was formerly used for Windows malware. However, responding to their changing sourroundings with activists opting for Apple products, a same website was unexpected found portion Mac-specific malware. They combined that while MacDownloader appears to be targeted during invulnerability sector, it has been used against a tellurian rights advocate.

How MacDownloader works

The investigate organisation pronounced that once a aim downloads a update, a module connects to an outmost server, presumably to download some-more malware. MacDownloader steals some information from a complement and sends it to a server. This information includes a essence of Mac’s keychain folder and a list of commissioned applications.

MacDownloader also displays a feign System Preferences prompt seeking for system’s username and password.

Armed with a user’s credentials, a enemy would afterwards be means to entrance a encrypted passwords stored within a Keychain database. While Chrome and Firefox do not store certification in Keychain, Safari and macOS’s complement use do save passwords to sites, remote record systems, encrypted drives, and other criteria resources there.

The news combined that justification links a latest Mac malware to Charming Kitten – also famous as Newscaster and NewsBeef – a suspected Iranian hazard actor famous for harvesting information from a targets. The organisation gained prominence a few years ago for posing as reporters to take user certification and corporate and personal emails of targets. These targets enclosed domestic dissidents, US invulnerability contractors, Congressional staff, journalists, and others from a NATO countries.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>