Newly-Discovered “Fruitfly” Backdoor Allows Remote Access to Macs

The latest item of Mac malware to be uncovered is actually not new at all; in fact, it may have been around for several years. Dubbed “Fruitfly” by Apple, this malware has some novel features. In particular, its function depends upon using both an outdated library from the late 90s, libjpeg, as well as pre-OS X system calls. Why the malware was designed to use outdated methods is unknown, but in the wake of the malware’s discovery, Apple promptly issued an update to XProtect to reduce the threat to users. …

Malvertising Hits macOS Users Through Google AdWords

With the huge number of ads present on the web today, it’s no surprise that they’re often a target and an attack vector for hackers looking for an open door. We’ve discussed malvertising here before to alert our readers to the potential threat. Now there comes word from security researchers that malvertisers executed a campaign specifically targeting macOS users early in November. This time the target was users who were hoping to install Google Chrome.

When searching for the keywords “Google Chrome,” a malicious ad purchased by the …

Apple Releases Important iOS Update to guard against Malware

iPhone and iPad users should update to the latest version of iOS as soon as possible, following the latest security update from Apple. The new patch—iOS 9.3.5—arrived on Thursday, August 25th and was dubbed by Apple as an “important security update.” It addresses dangerous malware that was recently developed in the Middle East.

Writing for ZDNet, Zack Whittaker noted that iOS 9.3.5 is a patch for three different malware vulnerabilities, not just one. Working together, security researchers Citizen Lab and Lookout discovered the vulnerabilities and notified Apple about their existence. Lookout …

Meet AceDeceiver: The First iOS Trojan Horse

Users of iOS devices should be on alert after the arrival of what looks like the first Trojan Horse malware developed for Apple’s mobile operating system. According to a post by Palo Alto Networks, this malware—which is known as AceDeceiver—is unique among other iOS threats in that it doesn’t use counterfeit enterprise certificates to gain access to your device. AceDeceiver doesn’t use an enterprise certificate at all. Rather, it manipulates a major vulnerability in Apple’s DRM (digital rights management) and uses it to install malicious apps on your phone …

KeRanger Ransomware Takes Macs Ransom for Bitcoin – Ransomware Information & Removal Mac

BitTorrent Client Exposes Users to First Known Piece of OS X Ransomware

Unlucky BitTorrent users who installed the latest version of Transmission over the weekend unwittingly exposed themselves to the first known piece of ransomware seen in the wild for OS X. According to a report published on March 4th by the Palo Alto Networks Research Center, hackers figured out a way to bundle ransomware with two different installers for Transmission 2.90. Transmission bills itself as a “fast, easy, and free BitTorrent client.”

According to the Palo Alto Networks report, …

MacKeeper URL handler remote code execution vulnerability and proof-of-concept (Zero-Day)

Security Advisory update issued: 05/08/2015

MacKeeper has posted an advisory on their blog detailing the security issue and the steps they have taken in response. A new version of MacKeeper has been released to address the vulnerability, and MacKeeper users should update to the latest version as soon as possible. By default, MacKeeper automatically checks for updates, and users should click OK when prompted in order to install the update.

Original advisory follows:

Date issued: 05/07/2015

Risk: Critical (for users running MacKeeper)

A vulnerability has been discovered in MacKeeper, a utility program for OS X. …

OSX/CoinThief Manual Identification and Removal Instructions

Updated: February 12, 2014

OSX/CoinThief has been distributed under four different names so far: BitVanity, StealthBit, Bitcoin Ticker TTM, and Litecoin Ticker.

BitVanity and StealthBit were distributed on Github, while Bitcoin Ticker TTM and Litecoin Ticker were distributed on Download.com and MacUpdate.com. Both app names appear to have been taken from legitimate apps in the Mac App Store. The malicious payload was not found in Mac App Store copies of these apps.

When run, the malware installs a browser extension in Chrome, Safari, and Firefox, which will appear in those apps as "Pop-Up …

New Apple Mac Trojan Called OSX/CoinThief Discovered

Malware: OSX/CoinThief.A
Date Discovered: February 9th, 2014
Updated: February 13, 2014

Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.

SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior:

The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file. This makes it so …

CNet Adware Identification and Removal Guide for Mac OS X

The links for many popular Mac apps on CNET’s download.com have been replaced with a “CNET installer” that installs toolbar adware and changes browser settings. This guide shows how to identify affected apps, how to avoid the toolbar installer, how to determine if it has been installed on your system, and how to remove it if so.

Adware can be a threat to user privacy, and is used to track a user’s browsing habits online. For example, the permissions for one of the Google Chrome extensions shows what these toolbars can …

CNET’s Download.com Adware Installer Bundled with Popular Apps – Advisory

Update (10/29/13 12:15pm): SecureMac has prepared a guide to help users identify and remove the adware being distributed by CNET’s download.com in place of popular Mac apps. The guide provides detailed information, including step-by-step instructions to determine if the adware is installed on your system, and the steps to remove it. View CNet Adware Identification and Removal Guide for Mac OS X.

Direct download links for a variety of popular Mac software products have been replaced on CNET’s Download.com with installers for browser toolbars, commonly used by adware to track user …

Flashback Trojan Security Fix Update Released by Java

From Doctor Web, the Russian anti-virus vendor—”conducted a research to determine the scale of spreading of Trojan BackDoor.Flashback that infects computers running Mac OS X. Now BackDoor.Flashback botnet encompasses more than 550 000 infected machines, most of which are located in the United States and Canada. This once again refutes claims by some experts that there are no cyber-threats to Mac OS X.”

New Malware Security Bulletin

SecureMac has learned of a new piece of Mac malware that is currently in the wild and infecting computers running OS X. As first reported at http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/ this piece of malware exploits a vulnerability in computers running older, unpatched versions of Java.