Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

New Mac malware in the wild evades security software, researchers
MacDailyNews ^ | July 1, 2019

Posted on 07/01/2019 8:16:13 AM PDT by Swordmaker

New Mac malware in the wild evades security software, researchers

Roger Fingas for AppleInsider:

Newly uncovered Mac malware is not only in the wild, but trying to avoid detection by security researchers, according to one such firm.

Dubbed “CrescentCore,” the malware comes as it usually does —in the form of a DMG file pretending to be an Adobe Flash Player installer, Intego said. If someone launches its contents, the software will check to see if it’s running inside a virtual machine — a way researchers often quarantine their subjects.

The malware also checks for several popular antivirus tools, and if it detects them, will simply stop running. If there’s nothing in the way one version will install “LaunchAgent,” described as a “persistent infection,” while another will install either “Advanced Mac Cleaner” or a Safari extension.

Joshua Long for Intego:

The team at Intego has observed OSX/CrescentCore in the wild being distributed via numerous sites. Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.

The new malware was first observed linked from a site purporting to share digital copies of new comic books for free—one of many shady sites that flagrantly violates U.S. copyright laws.

Potentially harmful download links are commonly found on digital piracy sites that claim to offer download links for cracked copies of software, popular movies, and other copyrighted content that cannot be legally obtained for free. It is quite common for links on such sites to send users to malware, scams, or both.



TOPICS: Business/Economy; Computers/Internet
KEYWORDS: apple; applepinglist; computers; macmalware; malware; newmacmalware; trojan
Navigation: use the links below to view more comments.
first 1-2021-4041-42 next last
As usual, this is a Trojan horse application which you can only inflict on yourself by downloading and installing it and running it from an untrusted source. JUST SAY NO TO ADOBE FLASH!


If you MUST have Adobe Flash, only download it, or its updates from the official Adobe website, never from an email or a screen pop-up alert telling you that you need to do an update, as all of these are bogus.

1 posted on 07/01/2019 8:16:13 AM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: ~Kim4VRWC's~; 1234; 5thGenTexan; AbolishCSEU; Abundy; Action-America; acoulterfan; AFreeBird; ...
Another Mac Malware is added to the approximately 150 total Apple Mac Malware list . . . And of course this is another Trojan Horse, which means you can only inflict it on yourself by downloading it, installing it, and running it for the first time yourself. AGAIN, it is masquerading as an Adobe Flash Player installer/updater so the best way to avoid being infected by this malware is to JUST SAY NO TO ADOBE FLASH PLAYER! —PING!


JUST SAY NO TO ADOBE FLASH!
BE SAFE APPLE PING!

If you want on or off the Apple/Mac/iOS Ping List, Freepmail me.

2 posted on 07/01/2019 8:21:44 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Steve Jobs was certainly correct in his recognition that Adobe Flash was a security nightmare. He saved many a Apple customer from their own personal cyber nightmare.


3 posted on 07/01/2019 8:22:08 AM PDT by House Atreides (Boycott the NFL 100% — PERMANENTLY)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
The new malware was first observed linked from a site purporting to share digital copies of new comic books for free—one of many shady sites that flagrantly violates U.S. copyright laws.

Hmmm, makes you wonder who is putting them there?

4 posted on 07/01/2019 8:25:07 AM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

VirtualBox is your friend. If you are doing anything sensitive, always do it from a Virtual Machine.


5 posted on 07/01/2019 8:26:26 AM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

People still use flash? Why?

Must be a Mac thing, always stuck in the past, like their hardware options and prices


6 posted on 07/01/2019 8:28:56 AM PDT by Trump.Deplorable
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

If at least, you don’t have a Password manager by now you are the problem, just as much as the hackers.


7 posted on 07/01/2019 8:29:10 AM PDT by ImJustAnotherOkie (All I know is The I read in the papers.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Any new machine I setup gets flash and java removed immediately.


8 posted on 07/01/2019 8:32:12 AM PDT by MarineBrat (Better dead than red!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Unrelated we are enjoying our Apple TV. It is reasonably priced and integrates all of third party applications like Sling, Netflix, etc. Makes steaming a lot easier.

Very nicely designed.

We picked up a second box.


9 posted on 07/01/2019 8:40:46 AM PDT by dhs12345
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I’m pretty sure I have it floating around on my computer... I have a persistent Adobe Installer for sometime that I refuse to install.


10 posted on 07/01/2019 8:41:24 AM PDT by BunnySlippers (I Love Bull Markets!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Ah. So it presents from a non-official site masquerading as Adobe, or someone who looks for a download site and just clicks on one?


11 posted on 07/01/2019 8:42:07 AM PDT by rlmorel (Trump to China: This Capitalist Will Not Sell You the Rope with Which You Will Hang Us.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Trump.Deplorable

Nope... Apple was the first to kick Flash to the curb. You can install it manually, but Safari (and probably other browsers as well) will quarantine it, and warn you can make you confirm you want to use it every single time a website asks for it. I have a long range shooting simulator that runs locally that still uses it, but never allow it to be used online... which reminds me that I should check if a more modern version is now available.


12 posted on 07/01/2019 8:46:07 AM PDT by Lurker51
[ Post Reply | Private Reply | To 6 | View Replies]

To: Trump.Deplorable
Must be a Mac thing, always stuck in the past, like their hardware options and prices

Actually, it’s not. Apple was the first to banish Adobe Flash Player. As for pricing, one of my clients is planing on upgrading the 10 business grade PCs in his two offices this summer so I went “shopping” to find name brand mid-range Windows 10 Pro equipped PCs. Almost every single one in the specifications required were MORE expensive than an equivalent Mac with similar hardware specs WITHOUT the suite of software the Apple includes as a matter of course. We are talking Dell, Lenovo, or HP as name brands with modern Intel i5 or greater processors with a minimum 8GB of RAM and either a 256GB SSD or a 1TB HD plus a high-definition monitor (greater than 1080P) of at least 20”. Many of the brands’ all-in-one PCs had very old versions (four or even five generations back) of the i3/i5 processors, often came preinstalled with Windows 10 Home, or only with 4GB of RAM, requiring a lot of extra prep to bring them up to future proof them.

Frankly, I was quite surprised. The least expensive Dell was competitive with the i3 8GB RAM with 128GB SSD Apple Mac Mini when configure in a similar way. The only way to buy a really economical, lesser expensive Dell was to opt for a 4GB RAM Pentium driven Dell desktop. Now that’s really old tech.

13 posted on 07/01/2019 9:01:04 AM PDT by Swordmaker (My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplaphobe bigot!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: dfwgator; All

[[VirtualBox is your friend. If you are doing anything sensitive, always do it from a Virtual Machine.]]

Great point- if you must use flash, open up virtualbox, then go to the site- just another added safety measure-

One thing i always used when i ran windows as main os was rollbackRX- IF i ever got a virus, which was very rare- (or something just messed up on computer that i couldn’t figure out) I could do a complete rollback to a time before i got the virus- You can install your OS, get all your programs on, updated, set windows up how you like it- then do a baseline system snapshot- as your ‘last resort’ snapshot- when everything else fails- then do snapshots along hte way whenever you have major changes-

What i like about rollbackRX is that it runs before windows starts up if you want- gives you a list of snapshots to restore to before windows loads- and it restores EVERYTHING- just the way it was before you got the virus-

I know this is Mac thread- but for those whio are also windows users- I’d highly recommend rollbackRX- Saved my bacon many times- easy peasy too- no hunting down virus files on computer- no quarantines- nothing, just do a rollback-

The only thing is that it hooks into the master boot record- so that it can start before windows boots-

Anyways- anyone interested- check it out- i never worried about viruses, or messing up the computer by mucking with the registry or anything like that- was free to try things without fear of having to do a reformat because something got messed up- just did a rollback and in 2 minutes was back up and running- I went for years like that when i ran windows as main os- very very pleased with the program-


14 posted on 07/01/2019 9:19:31 AM PDT by Bob434
[ Post Reply | Private Reply | To 5 | View Replies]

To: MarineBrat

how do you watch youtube videos then? Or do you?


15 posted on 07/01/2019 9:22:05 AM PDT by Bob434
[ Post Reply | Private Reply | To 8 | View Replies]

To: Bob434

I love the videos where the Scammers get scammed, and they think they put the virus on their computer, only to be told that they were running VirtualBox, meanwhile the Scammer’s PC gets Syskey’d.


16 posted on 07/01/2019 9:22:49 AM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Bob434

I thought YouTube videos are now HTML5. No plugin required.


17 posted on 07/01/2019 9:24:47 AM PDT by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 15 | View Replies]

To: dfwgator

oh that’s right- I forgot about trhat- i just install linux, and it automatically sets it up i guess- there was a time awhiel back when they were switching that we had to get plugins for firefox to make html5 work- but not anymore i guess- so i forgot about it being html5


18 posted on 07/01/2019 9:33:48 AM PDT by Bob434
[ Post Reply | Private Reply | To 17 | View Replies]

To: MarineBrat
Any new machine I setup gets flash and java removed immediately.

Flash I understand, but what is the beef with Java? There are some cross-platform products that need it. (Notably for me: Apache Directory Studio.). Also, some people use it (? still ?) for server programming.

19 posted on 07/01/2019 9:40:21 AM PDT by Yossarian
[ Post Reply | Private Reply | To 8 | View Replies]

To: dfwgator

lol sounds funny- haven’t seen those vids=-

Here’s a funny vid with someone scamming a scammer- The dude pretends to be a policeman at a murder scene where the scammer is calling to- it has a little swearing in it- just the word A%&- but it’s pretty funny- listen to the last question he asks the dude too- The scammer is liek “Whaaaaaat? Noooo!” i was rollin-

https://www.youtube.com/watch?v=-7OgWcwgB50


20 posted on 07/01/2019 9:45:20 AM PDT by Bob434
[ Post Reply | Private Reply | To 16 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-42 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson