OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Microsoft Office macro malware targets Macs

Posted on February 10th, 2017 at 11:25 AM EDT

Macro malware – commonly known as a “Word macro virus” – involves maliciously-crafted Microsoft Office documents containing Visual Basic macros. These things have been around for quite some time, but have mostly just been a nuisance to Mac users. Unfortunately, that has now changed.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

MacDownloader malware targeting defense industry

Posted on February 9th, 2017 at 11:48 AM EDT

Researchers Claudio Guarnieri and Collin Anderson recently discovered new Mac malware, which they have dubbed MacDownloader. They report that this malware appears to be the work of Iranian hackers and is targeting US defense contractors, such as Lockheed Martin, Sierra Nevada Corporation, Raytheon, and Boeing.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac backdoor using antiquated code

Posted on January 18th, 2017 at 10:16 AM EDT

The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac. This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to be targeting biomedical research centers.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Updates

Posted on December 9th, 2016 at 3:51 PM EDT

I’ve fallen behind on keeping the posts on this site synced with the posts on the Malwarebytes blog. To find those articles I’ve written that you might have missed, you can find them here:

https://blog.malwarebytes.com/author/treed/

2 Comments

PCVARK plays dirty

Posted on August 19th, 2016 at 11:58 AM EDT

Recently, Jérôme Segura forwarded me a link to a fake virus scam page that seemed to be Mac-related. I began to look into it, and very quickly found myself in a deep rabbit-hole of Mac crapware, all from a major developer of Mac PUPs (potentially unwanted programs), PCVARK.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Cross-platform malware Adwind infects Mac

Posted on July 26th, 2016 at 12:58 PM EDT

A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.

This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac backdoor malware: Eleanor

Posted on July 6th, 2016 at 9:34 AM EDT

A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.

This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)

Read the full story on Malwarebytes Labs

5 Comments

Clipboard poisoning attacks on the Mac

Posted on June 3rd, 2016 at 7:33 AM EDT

Graham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with something else.

Although this seems like an insignificant issue on first glance, it turns out that there are some very serious implications.

Read the full story on Malwarebytes Labs

3 Comments

An iCloud scam that may be worse than ransomware

Posted on March 16th, 2016 at 2:54 PM EDT

Ransomware – malicious software that encrypts your files and then demands payment to unlock them – has become a major scourge of the Windows world.

Mac users just had their first brush with such threats last week, with the appearance of the KeRanger ransomware. However, shortly before KeRanger, I encountered a ransomware event in the Mac world far worse than anything seen for Windows.

This hack seems to have turned an iMac into an expensive paperweight.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

First Mac ransomware spotted

Posted on March 7th, 2016 at 6:16 AM EDT

On Saturday, Apple quietly added detection of something called “KeRanger” to the XProtect anti-malware definitions in OS X. It was revealed on Sunday by Claud Xiao of Palo Alto Networks that KeRanger is the first real Mac ransomware, and it’s not just theoretical. It’s in the wild.

Read the full story on Malwarebytes Labs.

This post is more than 30 days old and has been locked. No further comments are allowed.