We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

OceanLotus malware attacks China

Posted on May 31st, 2015 at 8:11 AM EDT

On Friday, Chinese security researchers at Qihoo 360’s SkyEye Labs released a paper describing new malware they named OceanLotus. Unfortunately, this paper is written in Chinese, and Google’s far-from-perfect translation of the page is a difficult read. It is clear, however, that there is a Mac variant of this malware.
Read the rest of this entry »


OpinionSpy is back!

Posted on February 9th, 2015 at 8:08 PM EST

OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality.
Read the rest of this entry »


New “Ventir” malware

Posted on October 19th, 2014 at 8:54 AM EDT

On Thursday of last week, Kaspersky announced their discovery of a new piece of Mac malware, which they are calling Ventir. I have held off writing anything about this until I could get some independent confirmation, as I tend to be skeptical of Kaspersky these days. (See Misinformation about “acoustical infections” and Kaspersky reveals “The Mask”.) However, I have tested my own copy of the malware at this point, and found that Kaspersky’s analysis seems to be fairly accurate in this case.
Read the rest of this entry »


iWorm method of infection found!

Posted on October 4th, 2014 at 7:29 AM EDT

On Thursday, I wrote about new malware called iWorm. This morning I awoke to find an e-mail waiting for me in my Inbox from someone who wished to remain anonymous. This person indicated that he had found installers for the new iWorm malware. He pointed me to the downloads offered by a user named “aceprog” on PirateBay.
Read the rest of this entry »


New NetWeird variant in the wild

Posted on March 27th, 2014 at 9:10 AM EDT

Since early February, I’ve seen several reports of a new variant of the NetWeird malware. In all cases, this malware was detected by Dr. Web, and was detected as Backdoor.Wirenet.2, as opposed to the earlier Wirenet.1 variant that first appeared back in 2012. It would appear that this malware is still in active development, and the news is bad on all fronts.
Read the rest of this entry »

1 Comment

New CoinThief malware discovered

Posted on February 10th, 2014 at 10:32 AM EST

A new Mac trojan, named OSX/CoinThief.A by SecureMac, has been discovered. This malware is designed to steal Bitcoins from infected machines, and is disguised as an app intended to be used for sending and receiving Bitcoin payments. Although the average user is not likely to be affected by this, it has cost at least one user around $12,000 in lost Bitcoins, according to SecureMac.
Read the rest of this entry »

1 Comment

Delivery notice trojan targeting Mac users

Posted on January 21st, 2014 at 2:48 PM EST

Sophos reported today the discovery of a new Mac trojan, which they are calling OSX/LaoShu-A, that is spreading through fake FedEx delivery e-mails. It’s unknown how widespread these e-mails might be, but this method of infection has the potential to reach a lot of people! Although a savvy Mac user will see the warning signs, many people will probably not understand the implications of those signs and will open the trojan anyway.
Read the rest of this entry »


New Mac malware discovered: Icefog

Posted on September 26th, 2013 at 1:53 PM EDT

Kaspersky Lab has released a 68-page report on cross-platform malware that has been active since 2011, and which they are calling Icefog. According to the report, this malware has been used in targeted espionage attacks in Asia, primarily in Japan and South Korea. It affects both Windows and Mac OS X, although the Mac version seems to be new, and installs a backdoor that communicates with a command & control server for instructions.
Read the rest of this entry »


New Mac malware discovered: OSX/Leverage

Posted on September 17th, 2013 at 5:21 PM EDT

Intego announced the discovery of a new trojan today, which they are calling OSX/Leverage. According to Intego’s observations, it would appear that this malware has some association with the Syrian Electronic Army. What is still unknown is exactly what its goal is, who it is being sent to and how. Like other similar malware that has appeared recently, though, it’s probably being used in targeted attacks on specific individuals or groups.
Read the rest of this entry »


New signed malware called Janicab

Posted on July 15th, 2013 at 2:27 PM EDT

F-Secure announced the discovery today of a new trojan, which they have named Janicab. This malware makes use of a familiar old trick – disguising an application as a document to trick the user into opening it – but applies a couple newer twists. At this time, the built in defenses in Mac OS X will allow this trojan to run without much in the way of warnings, so users are advised to be on their guard.
Read the rest of this entry »