OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

HandBrake hacked to drop new variant of Proton malware

Posted on May 8th, 2017 at 1:30 PM EDT

Last year, the Transmission torrent app was hacked not just once, but twice, to install the KeRanger ransomware and, later, the Keydnap backdoor. Now, the same thing has happened to the popular DVD-ripping HandBrake app, which is installing a new variant of the Proton malware.

Read the full story on Malwarebytes Labs

Leave a comment

Snake malware ported from Windows to Mac

Posted on May 5th, 2017 at 11:06 AM EDT

Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.

Read the full story on Malwarebytes Labs

Leave a comment

Another OSX.Dok dropper found installing new backdoor

Posted on May 1st, 2017 at 3:24 PM EDT

This morning, Adam Thomas, a Malwarebytes researcher, found a variant of the OSX.Dok dropper that behaves altogether differently and installs a completely different payload.

Read the full story on Malwarebytes Labs

Leave a comment

PCVARK plays dirty

Posted on August 19th, 2016 at 11:58 AM EDT

Recently, Jérôme Segura forwarded me a link to a fake virus scam page that seemed to be Mac-related. I began to look into it, and very quickly found myself in a deep rabbit-hole of Mac crapware, all from a major developer of Mac PUPs (potentially unwanted programs), PCVARK.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Cross-platform malware Adwind infects Mac

Posted on July 26th, 2016 at 12:58 PM EDT

A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.

This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac backdoor malware: Eleanor

Posted on July 6th, 2016 at 9:34 AM EDT

A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.

This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)

Read the full story on Malwarebytes Labs

5 Comments

Was Mac OS X really the most vulnerable in 2015?

Posted on January 8th, 2016 at 12:19 PM EDT

Much has been said in the security world about the recent release of data on vulnerabilities discovered in 2015. Due to the way this data has been presented, many news outlets have been reporting that Mac OS X was the “most vulnerable” OS in 2015. But was it really?

Read the rest of the story on Malwarebytes Unpacked.

5 Comments

Multiple vulnerabilities found in Mac OS X

Posted on June 17th, 2015 at 3:30 PM EDT

A group of six researchers at several universities in the US and China published a paper last weekend revealing the details of several different vulnerabilities in Mac OS X. These vulnerabilities all provide ways for a malicious app to gain access to data from another app. Frighteningly, these vulnerabilities can be exploited from a Mac App Store app, and can even allow an attacker to gain access to keychain entries!
Read the rest of this entry »

26 Comments

Apple cracks down on adware

Posted on February 13th, 2015 at 7:25 AM EDT

Apple has used the XProtect anti-malware protection in Mac OS X to block a few pieces of adware in the past. Yesterday, they cracked down on adware again, adding a slew of new items to XProtect’s signatures, used for identifying and blocking malicious apps. Three are updated signatures, while one is for adware never before blocked by XProtect.
Read the rest of this entry »

50 Comments

New WireLurker malware infects Mac OS X and iOS

Posted on November 6th, 2014 at 10:31 AM EDT

Palo Alto Networks announced yesterday their discovery of new malware for Mac OS X, which they are calling WireLurker. This malware has been distributed in 467 known pirated apps distributed in China’s Maiyadi App Store (not affiliated with Apple’s Mac App Store). To make matters worse, this malware is known to infect iOS devices that are connected to infected Macs, even if those iOS devices have not been jailbroken!
Read the rest of this entry »

17 Comments