OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Mac anti-virus testing 2014

Posted on January 27th, 2014 at 8:49 AM EDT

Update: Many people have completely ignored some of the cautionary information mentioned in the Scope section, and have erroneously assumed that the anti-virus apps at the top of the test results are the best to use overall. For this reason, I will not be repeating these tests. Feel free to read on to see the results of the testing, but please read the entire article, and don’t just skip ahead to the results. If you are looking for advice about what anti-virus software to use, you would be better served by reading my Mac Malware Guide.
Read the rest of this entry »

46 Comments

Preliminary anti-virus testing comments

Posted on January 22nd, 2014 at 1:06 PM EDT

I have been working on another round of testing of anti-virus apps. The last time I did this was one year ago, in January of 2013, so I decided it was probably time to repeat it. I have finished all the scanning, but still have a pile of work in front of me to get all the data tabulated. Still, this experience has been frustrating enough that I want to make some preliminary comments, before I have the full results in-hand.
Read the rest of this entry »

21 Comments

Delivery notice trojan targeting Mac users

Posted on January 21st, 2014 at 2:48 PM EDT

Sophos reported today the discovery of a new Mac trojan, which they are calling OSX/LaoShu-A, that is spreading through fake FedEx delivery e-mails. It’s unknown how widespread these e-mails might be, but this method of infection has the potential to reach a lot of people! Although a savvy Mac user will see the warning signs, many people will probably not understand the implications of those signs and will open the trojan anyway.
Read the rest of this entry »

12 Comments

New variant of Crisis found

Posted on January 21st, 2014 at 2:12 PM EDT

Intego reported yesterday that they have discovered a new variant of the Crisis malware, which they are calling Crisis.C. The new variant does not yet have a very high detection rate on VirusTotal… perhaps because the code has been obfuscated using MPacker. It is unknown at this time, however, how this malware gets installed.
Read the rest of this entry »

1 Comment

Misinformation about “acoustical infections”

Posted on December 5th, 2013 at 2:13 PM EDT

There has been much ado in the tech media lately about new malware that can infect another computer through nothing but sound. In other words, an infected computer could use nothing more than sounds played through the computer’s speaker to infect another computer that has a microphone (as most laptops do these days). Here’s the thing, though… it’s all crap! (Pardon the harsh language.) No such thing is actually possible.
Read the rest of this entry »

3 Comments

Crisis continues to make appearances

Posted on November 14th, 2013 at 12:39 PM EDT

Crisis, a high-priced remote access tool mostly used in targeted, government-sponsored attacks, was first discovered more than a year ago. Its high price tag (200,000 euros, according to Intego’s findings at the time) and targeted nature has meant that I have never yet seen a case of Crisis infection, nor have I ever located anything but bits and pieces of the malware. However, as Intego reported earlier this week, Crisis is not only still out there, but a new variant has appeared with some new tricks up its sleeve!
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Invisible malware

Posted on October 15th, 2013 at 11:08 AM EDT

There has been a bit of talk in the security industry about a recent blog post by Daniel Pistelli, who reported on a technique that could be used to create what some are calling “invisible” malware. This technique does represent a bit of a problem to the anti-virus industry. However, it’s important to understand the full context of how Mac OS X protects against malware, and to recognize that this technique means very little to Mac users in the current malware climate.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac malware discovered: Icefog

Posted on September 26th, 2013 at 1:53 PM EDT

Kaspersky Lab has released a 68-page report on cross-platform malware that has been active since 2011, and which they are calling Icefog. According to the report, this malware has been used in targeted espionage attacks in Asia, primarily in Japan and South Korea. It affects both Windows and Mac OS X, although the Mac version seems to be new, and installs a backdoor that communicates with a command & control server for instructions.
Read the rest of this entry »

9 Comments

New Mac malware discovered: OSX/Leverage

Posted on September 17th, 2013 at 5:21 PM EDT

Intego announced the discovery of a new trojan today, which they are calling OSX/Leverage. According to Intego’s observations, it would appear that this malware has some association with the Syrian Electronic Army. What is still unknown is exactly what its goal is, who it is being sent to and how. Like other similar malware that has appeared recently, though, it’s probably being used in targeted attacks on specific individuals or groups.
Read the rest of this entry »

9 Comments

New signed malware called Janicab

Posted on July 15th, 2013 at 2:27 PM EDT

F-Secure announced the discovery today of a new trojan, which they have named Janicab. This malware makes use of a familiar old trick – disguising an application as a document to trick the user into opening it – but applies a couple newer twists. At this time, the built in defenses in Mac OS X will allow this trojan to run without much in the way of warnings, so users are advised to be on their guard.
Read the rest of this entry »

11 Comments