Free Republic

There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum. Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer package. It installed the actual version of Little Snitch, but it also installed an executable file named "Patch" into the /Users/Shared directory and a post-install script for infecting a machine. The installation script moves...

New Mac malware in the wild evades security software, researchers Roger Fingas for AppleInsider: Newly uncovered Mac malware is not only in the wild, but trying to avoid detection by security researchers, according to one such firm. Dubbed “CrescentCore,” the malware comes as it usually does —in the form of a DMG file pretending to be an Adobe Flash Player installer, Intego said. If someone launches its contents, the software will check to see if it’s running inside a virtual machine — a way researchers often quarantine their subjects. The malware also checks for several popular antivirus tools, and if...

A mysterious piece of malware has been infecting hundreds of Mac computers for years—and no one noticed until a few months ago. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly."This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely,...

Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs. Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet. MacRansom uses symmetric encryption with a hard-coded key to hijack files on compromised Macs. The ransomware only encrypts a maximum of 128 files, according to Fortinet's analysis. The malware is being offered through a ransomware-as-a-service delivery model so even the relatively clueless can try making money with the nasty. No coding experience is needed. Would-be crooks can contact the...

We learned recently that macOS malware grew by 744% last year, though most of it fell into the less-worrying category of adware. However, a newly-discovered piece of malware (via Reddit) falls into the ‘seriously nasty’ category – able to spy on all your Internet usage, including use of secure websites.Security researchers at CheckPoint found something they’ve labelled OSX/Dok, which manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update … OSX/Dok does rely on a phishing attack as its initial way in. Victims are sent an email claiming to...

Credit: Michael Kan The malware, which Apple calls Fruitfly, can also run on Linux A Mac malware that’s been spying on biomedical research centers may have been circulating undetected for years, according to new research. Antivirus vendor Malwarebytes uncovered the malicious code, after an IT administrator spotted unusual network traffic coming from an infected Mac. The malware, which Apple calls Fruitfly, is designed to take screen captures, access the Mac’s webcam, and simulate mouse clicks and key presses, allowing for remote control by a hacker, Malwarebytes said in a blog post on Wednesday. The security firm said that neither it...

Malwarebytes takes a look at a method cyber-criminals have begun using to target Mac users with "ransomware", hijacking the user's browser with a notice demanding payment of $300 in order to release control of the application. While similar malware has affected Windows systems for a number of years, Mac users have only rarely seen such efforts targeted at themselves. The ransomware page is being pushed onto unsuspecting users browsing regular sites but in particular when searching for popular keywords. Warnings appearing to be from the FBI tell the victim: “you have been viewing or distributing prohibited Pornographic content.. To unlock...

Russian anti-virus software maker Doctor Web, has identified, “The first Trojan in history to steal Linux and Mac OS X passwords.” BackDoor.Wirenet.1, is the first Trojan Horse program that works on the Mac OS X and Linux platforms that is, “designed to steal passwords stored by a number of popular Internet applications.” The company, which sells anti-virus software that, conveniently, protects you against the malware they are identifying, explains that, “When launched, it creates its copy in the user’s home directory. The program uses the Advanced Encryption Standard (AES) to communicate with its control server whose address is 212.7.208.65.” The...

A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue. This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes. The most common names for this malware are MacDefender, MacProtector and MacSecurity.

Yes. It’s true. For the first time, Mac users have a significant malware problem. But, hey, it could be worse. You could be running Windows. After all, Microsoft, not some third-party anti-virus company trying to drum up business, has just admitted that based on analysis gained from IE 9 use, “1 out of every 14 programs downloaded is later confirmed as malware.” If I may quote from Matthew 7:5, the King James Bible, “First cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother’s eye.”Window PCs...

Two new pieces of malware for Apple computers have been found in the wild according to security firm Sophos. The first, Tored-Fam, is a worm that spreads via email attachments and is simply a variant on the well known Tored family of malware that has been in circulation since last year. [NEW? Not by a long shot!—Swordmaler] The worm collects email addresses and attempts to forward itself on. Analysis if the worm’s source code by Sophos suggests it is being used to build a Mac botnet dubbed Raedbot. This is being assembled by a malware writer dubbed Ag_Raed, who is...