OFFICIAL SECURITY BLOG
Tech News News Favorites Adware Medic Tech Guides About Us
Mac Malware GuideAdware Removal GuideMac Performance Guide

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

HandBrake hacked to drop new variant of Proton malware

Posted on May 8th, 2017 at 1:30 PM EDT

Last year, the Transmission torrent app was hacked not just once, but twice, to install the KeRanger ransomware and, later, the Keydnap backdoor. Now, the same thing has happened to the popular DVD-ripping HandBrake app, which is installing a new variant of the Proton malware.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Snake malware ported from Windows to Mac

Posted on May 5th, 2017 at 11:06 AM EDT

Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Another OSX.Dok dropper found installing new backdoor

Posted on May 1st, 2017 at 3:24 PM EDT

This morning, Adam Thomas, a Malwarebytes researcher, found a variant of the OSX.Dok dropper that behaves altogether differently and installs a completely different payload.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

New OSX.Dok malware intercepts web traffic

Posted on April 28th, 2017 at 2:15 PM EDT

Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

PCVARK plays dirty

Posted on August 19th, 2016 at 11:58 AM EDT

Recently, Jérôme Segura forwarded me a link to a fake virus scam page that seemed to be Mac-related. I began to look into it, and very quickly found myself in a deep rabbit-hole of Mac crapware, all from a major developer of Mac PUPs (potentially unwanted programs), PCVARK.

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

Cross-platform malware Adwind infects Mac

Posted on July 26th, 2016 at 12:58 PM EDT

A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.

This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?

Read the full story on Malwarebytes Labs

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac backdoor malware: Eleanor

Posted on July 6th, 2016 at 9:34 AM EDT

A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.

This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)

Read the full story on Malwarebytes Labs

5 Comments

XcodeGhost malware infiltrates App Store

Posted on September 21st, 2015 at 2:34 PM EDT

Late last week, Claud Xiao, a researcher at Palo Alto Networks, announced the discovery of new malware that he calls XcodeGhost. As the story has developed over the weekend, it turns out that this malware has infected at least 39 known iOS apps as of early this morning, all of which made it into the App Store.

Read the full story on Malwarebytes Unpacked.

This post is more than 30 days old and has been locked. No further comments are allowed.

OceanLotus malware attacks China

Posted on May 31st, 2015 at 8:11 AM EDT

On Friday, Chinese security researchers at Qihoo 360’s SkyEye Labs released a paper describing new malware they named OceanLotus. Unfortunately, this paper is written in Chinese, and Google’s far-from-perfect translation of the page is a difficult read. It is clear, however, that there is a Mac variant of this malware.
Read the rest of this entry »

4 Comments

OpinionSpy is back!

Posted on February 9th, 2015 at 8:08 PM EST

OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality.
Read the rest of this entry »

23 Comments

Next Page »