Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Scareware Signed With Apple Cert Targets OS X Machines
Threatpost ^ | February 5, 2016 , 11:31 am | Michael Mimoso

Posted on 02/06/2016 7:24:03 PM PST by Utilizer

A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.

"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."

Ullrich said he happened upon the scam while investigating some click-bait links on Facebook, below. One led him to emgn[.]com that he says was likely hosting a malicious ad that served a pop-up warning that his Adobe Flash Player was out of date. Ullrich was using a clean default install of OS X 10.11 in a virtual machine, and Flash was not installed on the image.

(Excerpt) Read more at threatpost.com ...


TOPICS: Computers/Internet
KEYWORDS: apple; mac; malware; osx
Navigation: use the links below to view more comments.
first 1-2021-29 next last
A years-old problem now recently discovered. Mac users beware...
1 posted on 02/06/2016 7:24:03 PM PST by Utilizer
[ Post Reply | Private Reply | View Replies]

To: Utilizer; Swordmaker

@SwordMaker for comment and analysis.


2 posted on 02/06/2016 7:31:53 PM PST by ProtectOurFreedom
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer; Swordmaker
ping Swordmaker.

How can I tell if I have that? My machine acts like it is going so slowly lately. Is there an honest site I can check it out?

I'm still running OS X 10.5.8. I can still play yt videos but not most other websites, and yt hangs a lot.

3 posted on 02/06/2016 7:35:52 PM PST by Aliska ("No bank is too big to fail, and no executive is too powerful to jail." HRC 1/24/16)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Utilizer

This happened to me a couple days ago. Don’t update Flash unless you do a lot of checking to make sure it is legit.


4 posted on 02/06/2016 8:08:21 PM PST by garjog (Obama: bringing joy to the hearts of Terrorists everywhere.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Aliska

Mac forums suggested this to me:
Try downloading and installing EtreCheck and post the results. http://etrecheck.com/

It give you are report on any problems.


5 posted on 02/06/2016 8:11:30 PM PST by garjog (Obama: bringing joy to the hearts of Terrorists everywhere.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: garjog

I never update it until a few months have gone by on the Stable repos to verify it is a valid update. Thankfully the Ubuntu and Debian sources are extremely reliable.


6 posted on 02/06/2016 8:13:45 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ProtectOurFreedom; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ..
Reportedly a new Scareware. Nothing much new here at all. #1: Just always avoid Flash. #2: No website can scan your Mac OS X computer and then tell you in a pop-up that your computer is infected with anything. -- PING!


New Apple Scareware Warning
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me

7 posted on 02/06/2016 8:21:16 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Utilizer

So you like Ubuntu. Should I add it? What does it do I wonder?


8 posted on 02/06/2016 8:21:30 PM PST by garjog (Obama: bringing joy to the hearts of Terrorists everywhere.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: garjog
This happened to me a couple days ago. Don’t update Flash unless you do a lot of checking to make sure it is legit.

My best advice? Don't use Flash. Period.

9 posted on 02/06/2016 8:24:31 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Aliska

Alaska, don’t use Flash. The vast majority of YouTube video is now in HTML5, and will work fine on the Mac or iPads/iPhones without Flash.

Upgrade your Mac if your Mac can accept a later OS X.


10 posted on 02/06/2016 8:27:57 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 3 | View Replies]

To: garjog

Actually, I prefer Debian distros, but Ubuntu seems to be a bit more cutting-edge in some areas without treading too heavily into the Unstable/Testing (/cutting-edge) areas.

Still getting this main machine ready to revert back to a previous well-established stable distro, but have been busy evaluating some of the newer ones to see if they have more advantages. No luck so far...


11 posted on 02/06/2016 8:28:24 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker

Some websites still require Flash, mate. Hard to get around that until they find another way to proffer their wares, sad to say.


12 posted on 02/06/2016 8:29:50 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 9 | View Replies]

To: garjog
So you like Ubuntu. Should I add it? What does it do I wonder?

They aren't Apple Mac OS X utilities. They're versions of Linux, a Knox off of the underlying UNIX operating system of OS X, but really a completely different operating system. None of what you use on OS X will run on them.

13 posted on 02/06/2016 8:31:48 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker

You might also let him know that Unix is the root from which both Linux and OS X derive from, not just that they are incompatible. As far as knock-offs, people differ on which is the greater, the various versions of Linux (and BSD, some would argue) or OS X instead.

Different people prefer different things, of course.


14 posted on 02/06/2016 8:38:41 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Utilizer
Some websites still require Flash, mate. Hard to get around that until they find another way to proffer their wares, sad to say.

Not ones of any value, I've found. If they still insist on FLASH they don't get my business. Monst of what I've seen that require Flash are ads. When I run across a major website that still requires Flash, I write to the CEO of the sponsoring company, not the IT guy building the site, he's too stupid to write to, telling him how his IT/webmaster is giving his company a bad reputation by forcing potential customers to load a malware magnet on their computers to buy his products or use his service. I'm quite specific about it and include links to articles on the failings of Flash and the constant number of zero day vulnerabilities and exploits. I also demonstrate there's a reasonable substitute that exists in the HTML5 standard code. I then ask "Are you in the business of selling your products/services, or in the business of supporting and advancing Adobe's bug filled product?" You'd be surprised how often that gets results and how quickly!

15 posted on 02/06/2016 8:45:52 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Swordmaker

But is HTML5 really all that helpful? In the past few months, I have found that attempting to view vids running Firefox on the YouTube site after just a few views the browser comes to a complete halt and I must necessarily halt the process and restart it to view the rest of the video I wish to access.

Granted, that may be a personal computer problem with the setup I have here, but considering how careful I am about allowing upgrades to the system and only connecting to Stable repos, I am for the moment quite severely concerned about why this is occurring.

I am concerned that the HTML5 standard is beginning to cause more problems than solved with the elimination of the Flash standard.


16 posted on 02/06/2016 8:54:33 PM PST by Utilizer (Bacon A'kbar! - In world today are only peaceful people, and the muzrims trying to kill them)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Utilizer; garjog
You might also let him know that Unix is the root from which both Linux and OS X derive from, not just that they are incompatible.

You are aware that OS X is not just consider a derivation of UNIX, but is in fact a certified, POSIX compliant Trademarked UNIX itself, one of only four so permitted to be Trademarked, and in fact the best-selling UNIX in the world, aren't you? It is not considered a knock-off, such as Linux, which was created in a "clean-room" environment, reverse-engineering every UNIX command to duplicate the results of that command without duplicating any copyrighted code.

Spell check works in mysterious ways. How did "knock-off" in my original post get changed to "Knox" and why? Even more curious because it was correct when I hit 'Post'. Whose spell checker would have "knock-off", which is a euphemism for both "kill" and "burglarize/rob" AND the word "Knox" with a upper case "K" as in "Fort Knox" in its dictionary as potential substitutions? Secondly, where is this spell checking computer which would possibly be loading my posting and altering the reply? I just tried "knock-off" and variations on my computer and not once did it do a substitution of "Knox" for any possible misspelling I may have made. Weird.

It makes me think more and more there's an intercept server between FR's users and FR which gets our postings first, a man-in-the-middle, listening in, and copying (and censoring) everything before forwarding it to JR's real servers. I know that, in the past, when I've posted the pings, which have had upwards of 500 names on the "to:" list, I'd strangely and frequently and frequently get the ping double posted, as though there were a delay between hitting post and the actual posting, then another would be also sent when I know I had not hit Post twice. I chalked it up to hiccoughs in the network and would request the admins delete one.

17 posted on 02/06/2016 9:18:48 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Utilizer
But is HTML5 really all that helpful? In the past few months, I have found that attempting to view vids running Firefox on the YouTube site after just a few views the browser comes to a complete halt and I must necessarily halt the process and restart it to view the rest of the video I wish to access.

I'd be far more suspest of Firefox than HTML5. Firefox has been developing some problems of late, so much that there have been some forks being developed by third parties and even, IIRC, by the originator of Firefox because he was not happy with the mess of a Christmas tree that Firefox has become with all the bells and whistles being hung all over it, with their potential for bolixing up everything. I saw one Firefox install the other day that had two and three differing versions of the same plug-ins all working at the same time. The owner of the Windows machine was wondering why it was so slow at browsing. She was one who always said yes to installing anything that "enhanced" her browsing experience. SHEESH. I deleted almost all of them and it was amazing how fast Firefox became. Now, why did the underlying FireFox framework allow multiple versions of plug-ins from the same vendor, doing the same identical things, to install without removing or overwriting the previous version? I don't know; I didn't have time to go exploring her system registry to find out what was screwed up there. She's buying a new computer soon so it wasn't worth the extra time to fiddle with.

18 posted on 02/06/2016 9:31:01 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker; garjog
Will tackle it sometime tomorrow. shouldn't start something you know nothing about when tired.

I can upgrade my Mac, will have to pay, and I worry about messing the OS up; I need to upgrade to the latest if it will take it. I talked to apple tech too far back to remember what they told me.

I looked at that app, it appears safe, will deal with it tomorrow if I can.

How do I disable Flash? Go to Safari>Preferences>Security>uncheck enable plug-ins, ucheck java?, uncheck enable javascript.

Also don't have popup windows blocked, there's a reason for that.

I've been wondering if the pages I visit, they fill them up with adware from places I've visited, they have to collect that crap from servers all over the place, if they are slow, it seems like that could be part of it.

Also I've developed a bad habit of having too many windows open at once, don't use tab browsing. The open windows often have things scrolling, etc., not clean and neat like FR.

I've been making a point to try to remember to close the worst offenders as soon as I'm done with them, local paper, ABC, my ISP news feed has a scroller, and so on.

And thank you. I really appreciate the help. Sometimes I can find it by googling but the thread was just sitting in front of me . . . . .I'll let you know what I've done, have some things to do offline first.

19 posted on 02/06/2016 9:31:45 PM PST by Aliska ("No bank is too big to fail, and no executive is too powerful to jail." HRC 1/24/16)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Aliska
How do I disable Flash? Go to Safari>Preferences>Security>uncheck enable plug-ins, ucheck java?, uncheck enable javascript.

Adobe is now helpful in removing Flash: Uninstaling Adobe Flash Player on Apple Mac Help Page.

Alaska, turn on tabbed browsing right away! Your life will be much simpler, and you can still have multiple windows if you want. Just drag a tab off the current tab bar and it will create its own window!

Get Ad-Block Plus immediately. Use it. Some sites act aggrieved, but you can turn it off on an as needed basis from a menu bar icon, or you can green light certain websites to allow ads. Again it will make things much more pleasant.

Ad-Block Plus website

The newest Safari browser allows you to silence players on the tab so you don't have to go hunting for what's playing.

20 posted on 02/06/2016 9:48:03 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue....)
[ Post Reply | Private Reply | To 19 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-29 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson