HandBrake hacked to drop new variant of Proton malware
Posted on May 8th, 2017 at 1:30 PM EDT
Last year, the Transmission torrent app was hacked not just once, but twice, to install the KeRanger ransomware and, later, the Keydnap backdoor. Now, the same thing has happened to the popular DVD-ripping HandBrake app, which is installing a new variant of the Proton malware.
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
Snake malware ported from Windows to Mac
Posted on May 5th, 2017 at 11:06 AM EDT
Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least 2008. It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in 2014. Now, it appears to have been ported to Mac.
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
Another OSX.Dok dropper found installing new backdoor
Posted on May 1st, 2017 at 3:24 PM EDT
This morning, Adam Thomas, a Malwarebytes researcher, found a variant of the OSX.Dok dropper that behaves altogether differently and installs a completely different payload.
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
New OSX.Dok malware intercepts web traffic
Posted on April 28th, 2017 at 2:15 PM EDT
Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold.
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
PCVARK plays dirty
Posted on August 19th, 2016 at 11:58 AM EDT
Recently, Jérôme Segura forwarded me a link to a fake virus scam page that seemed to be Mac-related. I began to look into it, and very quickly found myself in a deep rabbit-hole of Mac crapware, all from a major developer of Mac PUPs (potentially unwanted programs), PCVARK.
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
Cross-platform malware Adwind infects Mac
Posted on July 26th, 2016 at 12:58 PM EDT
A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.
This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?
Read the full story on Malwarebytes Labs
This post is more than 30 days old and has been locked. No further comments are allowed.
New Mac backdoor malware: Eleanor
Posted on July 6th, 2016 at 9:34 AM EDT
A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.
This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)
XcodeGhost malware infiltrates App Store
Posted on September 21st, 2015 at 2:34 PM EDT
Late last week, Claud Xiao, a researcher at Palo Alto Networks, announced the discovery of new malware that he calls XcodeGhost. As the story has developed over the weekend, it turns out that this malware has infected at least 39 known iOS apps as of early this morning, all of which made it into the App Store.
Read the full story on Malwarebytes Unpacked.
This post is more than 30 days old and has been locked. No further comments are allowed.
OceanLotus malware attacks China
Posted on May 31st, 2015 at 8:11 AM EDT
On Friday, Chinese security researchers at Qihoo 360’s SkyEye Labs released a paper describing new malware they named OceanLotus. Unfortunately, this paper is written in Chinese, and Google’s far-from-perfect translation of the page is a difficult read. It is clear, however, that there is a Mac variant of this malware.
Read the rest of this entry »
OpinionSpy is back!
Posted on February 9th, 2015 at 8:08 PM EST
OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality.
Read the rest of this entry »