OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Another Tibet variant appears

Posted on September 10th, 2013 at 2:47 PM EDT

It has been a little more than a year since the last new variant of the Tibet malware was discovered, but today, Intego reported that a fourth variant has been found. They are calling this new variant OSX/Tibet.D. There are a few important lessons we can learn from this malware.
Read the rest of this entry »

2 Comments

New variant of Tibet malware

Posted on June 30th, 2012 at 5:42 PM EDT

A new variant of the Tibet malware was discovered this past week.  This time the malware has been targeted at the Uyghur people, who live predominantly in China.  The method of delivery is a bit different than previous variants of Tibet, which have used Java vulnerabilities (the same ones used by Flashback) and Microsoft Office vulnerabilities to install code.  This variant is a simple trojan, sent to specific targets via e-mail.  Although it is targeted, the rest of the world should be cautious, as we’ve recently seen some very high-profile targeted malware in the Windows world (eg, Stuxnet and Flame) escape its leash and affect other people as well!
Read the rest of this entry »

1 Comment

New Mac malware abounds

Posted on April 25th, 2012 at 12:27 PM EDT

Several new malware programs have appeared for the Mac in the last week or so, bringing the grand total of new Mac malware in the first four months of 2012 to 5, compared to 6 for all of 2011.*  This increase in Mac malware is a concerning trend, and is making for lots of juicy news stories in the media.  But how much do Mac users really need to worry about this?  That’s a hard question to answer, since every individual will have a different threshold for worry, but let’s start with some facts.
Read the rest of this entry »

8 Comments

Microsoft Office vulnerability used to spread malware

Posted on March 28th, 2012 at 8:58 AM EDT

AlienVault Labs has announced discovery of malware “in the wild” that is taking advantage of a Microsoft Office vulnerability to install itself.  It would appear that MS Office for Mac 2004 and 2008 are both vulnerable if the relevant security patch has not been installed.  On vulnerable systems, malicious MS Office documents have been seen that install two different trojans, the Tibet.A trojan announced last week and a second never-before-seen trojan apparently called MacControl.
Read the rest of this entry »

1 Comment

New malware targets Tibet

Posted on March 21st, 2012 at 7:14 AM EDT

A new malware threat has recently appeared, using the same Java vulnerabilities as Flashback, as part of an attack on Tibetan activist organizations.  AlienVault Labs documented these attacks in other forms a week ago.  On Monday, they posted more information about the new trojan, which is installed by web sites that are capable of installing either a Mac or Windows payload through Java.  However, details were lacking on the Mac payload.  Yesterday, Intego announced the new trojan and named it Tibet.A.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.