Posted on 01/31/2019 10:14:53 AM PST by Swordmaker
A recent malware distribution campaign dubbed VeryMal leverages an ancient technique called steganography the hiding of secret information in plain sight to distribute Mac malware, Joshua Long reports for Intego. The VeryMal campaign was caught distributing OSX/Shlayer, which was originally discovered by Intego researchers one year ago.
Although the concept of steganography has been around for hundreds of years, it is not something we see in a lot of Mac malware campaigns, Long reports. The VeryMal campaign used some cleverly crafted JavaScript code to look for secret information stored within a seemingly innocuous JPEG image file. The hidden data tells the site where to go to find the malware.
Users of Intego VirusBarrier X9 (part of Integos Mac Premium Bundle X9 suite) were already protected from this threat before the discovery of the VeryMal campaign, Long reports. If you arent a VirusBarrier X9 user and you think you might have downloaded a fake Flash Player, you can scan your Mac with VirusBarrier Scanner (available for free on the Mac App Store) to check for any infections.
If you want on or off the Mac Ping List, Freepmail me.
VirusBarrier Scanner requires OSX 10.10 or later.
Some people never learn.
I just got the app from the AppStore and I’m doing my first scan now.
Like blindly allowing a pop-up fake flash player installer to have permission to install the malware?
Would it cause browsers to change the way they open? First Safari started opening in half the size. Then my other browser. I haven’t installed any anti-virus or malware pgms on my 2017 Macbook, nor installed Mojave. Anyone like Mojave? I like to wait til initial bugs are fixed.
BTW, Sword, Apple has it right now to replace my whole keypad due to sticky key problem which some recent laptops develop. They are doing it for free not only because I bought AppleCare but also because they are saying it is their fault. So if anyone develops keys that don’t work or repeat, look this up.
It shouldnt. The goal of any malware is to be invisible. For example one of my client offices had two employees click OK on a Adobe Acrobat Reader update pop up ad on their Windows 7 computers on January 7. . . What they got was a Trojan that turned off their anti-malware protection. One just got a browser hijacker that looked exactly like Google except it was spelled "G00gle" on screen but linked to an ad server webpage instead of Google. The other computer got the hijacker plus 1,979 other malware as well. . . and slowed down to a crawl. Both could no longer see the Windows 10 computer or the network printer they shared the office network with. . . But the search screens still basically looked like Google search screens. The URL address did not.
Safari and other Apple Mac browsers remember the screen size you last used. So if the malware opened a pop-under screen that was smaller than your normal browsing screen and it was active, often the case with persisten malware, then when you quit the browser without making your current screen active, its likely it will open in the remembered, smaller active window size.
Bookmark
Once you have your keyboard replaced, buy a keyboard skin. Theyre about $12 and keep everything out. Dont try to use the little stickies they provide, get some Scotch double sided tape and use that on several keys to keep it adhered to the keyboard and it will keep dust and other crud out.
Did you cover this yet?
Apple iCloud bug let ANYONE read your private iPhone notes and was kept a secret, security expert claims
https://www.thesun.co.uk/tech/8313049/iphone-icloud-breach-bug/
Story can’t be true. I remember Apple Fanbois telling us that Apples don’t get viruses or malware - that’s limited to M$ machines.
I love the keyboard skin I bought for my Mac keyboard. It's made by Moshi. I don't need any sticky strips to keep it on. It just stays there.
No, we long time Apple uses (many of who would be happy to see Tim Cook LEAVE) said that viruses or malware were less frequent than on the WinDoze side,
and whiney idiots who seem TRIGGERED by anything that doesn’t taste like a tongue up Bill Gates’ rectum swore gleefully “thats cause you don’t have the market share, har har har...”
We use keyboard skins for Macs in the office, they stay in place just layer on the keyboards, but MacBook laptops may need a little bit of help being moved around more.
Where can I obtain this “”Intego VirusBarrier X9 (part of Integos Mac Premium Bundle X9 suite””” ??
I have the VirusBarrier Scanner from the App Store but couldn’t find the “Premium Bundle X9 suite ???
No, I didnt cover it. Its FAKE NEWS. Firstly, Apple always reports such vulnerabilities and exploits in the CVE registry of known cybersecurity vulnerabilities, and their current statuses. They are required to do so by Federal law and "keeping it secret" is a violation of that law. This one is not listed at all and would have been. Secondly, Apple does not expose user phone numbers with AppleIDs ever. . . and in fact one can have multiple phone numbers under a single AppleID. Thirdly, a mere phone number change would never access an AppleIDs data. Fourthly, also under Federal law, any company aware of a data breech is required to notify users of the fact said data breech occurred and what type of data may have been exposed. The first anyone hears about this is from an obscure Turkish hacker claiming in a post to a hacker site that Apples iCloud may have been breached. . . And they publish an article in which that claim is not even in the lede paragraph but is buried four paragraphs down in the article headlined: "iCloud Possibly Suffered A Privacy Breach Last Year That Apple Kept a Secret" which says:
"It turns out that Apple also possibly suffered a privacy breach late last year due to a bug in its platform that might have exposed some of your iCloud data to other users, but the company chose to keep the incident secret... maybe because it was not worth to disclose, or perhaps much more complicated."
". . .possibly. . .", ". . . might have. . .", and ". . .maybe. . ." are not referring to factual certainties.
Not a single digital security lab ever duplicated the Turkish "hackers" claims.
This report therefore does not pass the smell test! In fact, it stinks to high heaven.
How many times are you going to repeat your lie? I certainly have not stated that. . . weve often stated that users can be inveigled into installing malicious programs which are called Trojans, that contain malware on Macs. It is however true that there are ZERO true self-installing, self-transmitting, and self-starting computer viruses for the Mac OSX or later platform. None. I.e., there are no true computer viruses or worms for Mac OS X or later, and that has been true now for twenty-two years.
As for Trojans, there are now fewer than 300 known Trojans in only nine distinct families for the Mac, all of which the factory installed OS will identify and block from being downloaded, installed, or run for the first time unless the user is industrially strength stupid enough to ignore the system alerts and continually gives administrator level name and password three time at each time to bypass the warnings they are installing malicious software, or theyve idiotically turned the system off. But, some are that stupid.
You really dont need it. . . The rest is fluff. You dont even need the virus barrier.
” Fourthly, also under Federal law, any company aware of a data breech is required to notify users of the fact said data breech occurred and what type of data may have been exposed.”
Hey, could you point me to anything on that? TIA!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.