Author Topic: Mac attack  (Read 47245 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Mac attack
« on: Friday, 10 January, 2014 @ 12:34:29 »
Quote
In 2011, Intego’s Malware Research Team discovered OSX/Flashback.A, a trojan horse that used social engineering to trick users into installing a malicious Flash player package. Then in early 2012, Flashback spread to infect up to 600,000 machines, as new variants were using Java exploits and drive-by downloads. Today, our latest research shows that the Flashback botnet is adrift and still in the wild.

Once installed on a Mac, Flashback created a backdoor, allowing it to take almost any activity on the infected machine. Users with infected Macs are at risk of being exposed to an almost limitless variety of malicious actions, as hackers can access infected Macs and snoop on the user, copying usernames and passwords, and more.

Now in 2014, it appears the Flashback botnet is silently adrift and still in the wild.

Beginning January 2, we studied those domains and our sinkhole servers recorded all connections from Macs where Flashback is still active and trying to contact the C&C servers.

After recording for five days, we counted at least 22,000 infected machines. As of this morning, we counted 14,248 unique identifiers of the latest Flashback variants.

Intego strongly encourages all Mac users to verify that their machine is not infected with Flashback.
http://www.intego.com/mac-security-blog/flashback-botnet-is-adrift/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #1 on: Tuesday, 21 January, 2014 @ 13:42:46 »
Quote
Data-stealing malware targets Mac users in "undelivered courier item" attack

Let's hope this malware reminds OS X users of a few simple truths that some Mac fans still seem willing to ignore:

    Mac malware is unusual, but not impossible.
    Data thieves are interested in what Mac users have on their computers.
    Mac malware doesn't have to ask for a password before running.
    Mac malware can run directly from a download without an installation step.
    Bots and RATs are particularly pernicious because they can update and adapt their behaviour after you are infected.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #2 on: Tuesday, 25 February, 2014 @ 15:48:37 »
Quote
Apple users in security warning

Users of Apple's OS X operating system are being warned to take care when browsing online as they wait for a solution to a security flaw.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It relates to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

He advised users to take care when using the web and consider using an alternative browser to Safari until the problem was fixed.

He also urged users of Apple's mobile devices to upgrade to the latest iOS version as soon as possible and for OS X users to keep their eyes open for a security update and to implement it as soon as it was available.
http://www.bbc.co.uk/news/technology-26335701


Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #3 on: Wednesday, 26 February, 2014 @ 15:04:20 »
Quote
Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.
http://www.bbc.com/news/technology-26335701

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #4 on: Thursday, 27 February, 2014 @ 17:53:43 »
Quote
Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks

Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system...

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support.
http://www.computerworld.com/s/article/9246609/Apple_retires_Snow_Leopard_from_support_leaves_1_in_5_Macs_vulnerable_to_attacks

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #6 on: Sunday, 07 September, 2014 @ 15:20:15 »


Some big names in the AV world don't look to work so well on detecting Mac malware but the Avast freebie does a good job, according to AV-TEST.org and reported on in this article in The Register:
Mac security packages range from peachy to rancid – antivirus tests
 - a result backed-up in this September test of Mac AVs by av-comparatives.org
« Last Edit: Sunday, 07 September, 2014 @ 15:21:51 by Maik »

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #7 on: Thursday, 02 October, 2014 @ 14:03:47 »
Quote
Researchers at Russian anti-virus company Dr Web believe that they have uncovered a new botnet, which has recruited thousands of Mac computers.

According to their report, the sophisticated malware – which they have dubbed Mac.BackDoor.iWorm – has infected more than 17,000 computers running OS X.

Computers that have been hijacked could have information stolen from them, further malware planted upon them, or be used to spread more malware or launch spam campaigns and denial-of-service attacks.
http://grahamcluley.com/2014/10/mac-malware-botnet-reddit/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #8 on: Tuesday, 09 December, 2014 @ 20:17:06 »
Quote
The average Apple Mac user encountered nine cyber threats during 2014, according to new research from antivirus and internet security company Kaspersky Lab, with a total of 1,499 new malicious programs for Mac OS X detected during the year – 200 more than in 2013.

According to Kaspersky's Security Bulletin for 2014, every second user of Kaspersky Lab's products for Mac OS X was exposed to a malicious attack, with a total of 3,693,936 infection attempts blocked.

Almost half of the top 20 Mac threats identified were occupied by AdWare programs, which automatically render advertisements on victims' computers in order to generate ad impressions and ultimately revenue for the author of the AdWare.

As a rule, these malicious programs arrive on users' computers alongside legitimate programs if they are downloaded from a software store rather than from the official website of the developer.

 Among the other Mac threats detected were:

• A software backdoor that provides the fraudster with remote access to the system and at the same time steals contact lists to find new victims
• A malicious program which makes screenshots every minute
• A Trojan spy with a hidden remote control function that intercepts keystrokes
• A malicious program designed to steal bitcoins for OS X
• A piece of malware that attacks not only Mac-based computers but iOS-based devices connected to them to steal data

"Over the past few years, we’ve discovered more and more malicious samples targeting Mac devices. Yet, there still remains a common misconception that Mac OS X is safe from malware and viruses," said David Emm, principal security researcher at Kaspersky Lab.
http://www.telegraph.co.uk/technology/internet-security/11281971/Mac-users-encountered-average-of-nine-cyber-threats-in-2014.html

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #9 on: Saturday, 06 June, 2015 @ 15:54:44 »
Quote
Mac's sleep mode vulnerability rated critical by Symantec

The security flaw could allow attackers to install malware able to survive hardware formatting.
http://www.cnet.com/news/symantec-confirms-existence-of-unpatched-rootkit-mac-security-flaw/


Quote
A 30 Second Nap Could Be All a Hacker Needs to Rootkit Your Mac
http://www.intego.com/mac-security-blog/rootkit-sleep/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #10 on: Wednesday, 17 June, 2015 @ 14:36:31 »
Quote
Apple CORED: Boffins reveal password-killer 0days for iOS and OS X
Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.

The team was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome.

Lead researcher Luyi Xing told El Reg he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing.
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #11 on: Thursday, 18 June, 2015 @ 00:53:49 »
Quote
MacKeeper - a(nother) reason not to use it
https://grahamcluley.com/2015/06/mackeeper-reason-use/


Quote
Many users will see references to an application called MacKeeper on various web sites and via pop-ups on their browser. Not only is it expensive for what it purports to do (freeware applications that do the same or more are readily available), it can sometimes install itself without the user realising it, and it can be very tricky to get rid of.

MacKeeper has been described by various sources as highly invasive malware* that can de-stablize your operating system, adding that it is unethically marketed, with a history of making false advertising claims... and a rip-off.

There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.
https://discussions.apple.com/docs/DOC-3691

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #12 on: Thursday, 23 July, 2015 @ 14:09:17 »
Quote
Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

You can bypass Apple's space-age security and gain administrator-level privileges on an OS X Yosemite Mac using code that fits in a tweet.

Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability.

This flaw is present in the latest version of Yosemite, OS X 10.10.4, and the beta, version 10.10.5. If you upgrade to the El Capitan beta (OS X 10.11), you'll be free from the vulnerability as Apple has already fixed it in that preview beta. Once again, if you keep up with Cupertino and install (or buy) the very latest stuff, you'll be rewarded.
http://www.theregister.co.uk/2015/07/22/os_x_root_hole/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #13 on: Wednesday, 05 August, 2015 @ 08:54:13 »
Quote
Apple bug Thunderstrike 2 leaves Macs vulnerable to worm, could give hackers control of computers and go entirely undetected

Security researchers have found a vulnerability that would let them take control of Apple’s Mac computers and spread to other computers.

Apple’s computers have long been said to be much more secure than PCs, and for a long time were advertised as not being able to get viruses. But the researchers claim to have created the first attack that would be able to spread from computer to computer, taking control of them as they go.

“[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware,” Xeno Kovah, one of the researchers who designed the worm, told Wired. “For most users that’s really a throw-your-machine-away kind of situation. Most people and organizations don’t have the wherewithal to physically open up their machine and electrically reprogram the chip.”
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-bug-thunderstrike-2-leaves-macs-vulnerable-to-worm-could-give-hackers-control-of-computers-and-go-entirely-undetected-10437275.html


Quote
'I love Apple products, I just wish they were secure'

A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial.
http://www.theregister.co.uk/2015/05/07/mac_malware/



Offline disco69

  • Gold Medalist
  • *****
  • Posts: 126
Re: Mac attack
« Reply #14 on: Wednesday, 05 August, 2015 @ 18:30:07 »


Security researchers have found a vulnerability that would let them take control of Apple’s


Quote
'I love Apple products, I just wish they were secure'


I Love cider , i just wish it was secure too,  :rofl:

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #15 on: Thursday, 06 August, 2015 @ 16:18:54 »
Quote
Creating malicious software that can attack Apple Mac computers is "trivial", a leading security researcher has claimed.

Patrick Wardle, from security firm Synack, demonstrated several new types of malicious software that bypassed Apple's security measures.

In one example, Apple's own iCloud service could control an attack.

The threats are known to Apple, Mr Wardle said, but the company has not yet commented on the research.

While Windows is still overwhelmingly attackers' platform of choice, antivirus firm Kaspersky Labs recorded a surge in Apple malware in the past couple of years.

"I'm convinced that OS X security is lacking." "It's trivial to write new OS X malware than can bypass everything."

Mr Wardle had strong criticisms of Apple's built in antivirus program, XProtect. The software, which detects and blocks known malware, warning the user in the process, could be tricked by essentially renaming the malware.

The researcher also tested various different paid antivirus products on the market, and concluded that they suffer similar problems as XProtect.
http://www.bbc.com/news/technology-33798303

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #16 on: Friday, 02 October, 2015 @ 11:57:32 »
Quote
Researcher demonstrates how malware can bypass OS X’s “completely broken” Gatekeeper
http://www.intego.com/mac-security-blog/researcher-demonstrates-how-malware-can-bypass-os-xs-completely-broken-gatekeeper/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #17 on: Saturday, 16 January, 2016 @ 10:13:31 »

http://arstechnica.com/security/2016/01/how-malware-developers-could-bypass-macs-gatekeeper-without-really-trying/


Quote
Apple Keeps Leaving Macs Open To Malware -- But Whitehat Hackers Have Your Back

Apple employed a Gatekeeper for its Macs to do one job: keep unsigned, unverified software out. It might be time to fire Gatekeeper, or hire a new one, as its failures have again been shown up by Patrick Wardle, ex-NSA staffer and head of research at bug hunting firm Synack.

In September last year, Wardle took advantage of a flaw in Gatekeeper that allowed unsigned malicious apps to execute. Wardle noticed Gatekeeper only checked the signature of the first application that was executed by the user. If this verified application executed another slice of code, the latter was not checked by Gatekeeper and could pass through unsigned. By uncovering several Apple-signed apps that once executed would look for other files to launch, he could complete the attack. In his proof of concept, he packaged both the Apple-signed and unsigned, malicious code into one seemingly legitimate download.

The malicious file could do anything an attacker wanted, such as spy on the user, steal passwords or record Skype calls. To fix this, Apple simply blacklisted the files Wardle abused. This wasn’t effective at preventing attacks. Wardle could simply find other Apple-signed code that let him do the same, which he duly did. “It took me two minutes to get round their patch,” said Wardle.
http://www.forbes.com/sites/thomasbrewster/2016/01/15/apple-mac-gatekeeper-fails-again/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #18 on: Saturday, 06 February, 2016 @ 10:31:22 »

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #19 on: Monday, 07 March, 2016 @ 18:18:42 »
Quote
Apple Macs targeted by KeRanger ransomware for first time
Experts say some Macs may have their files encrypted on Monday if computer has been infected

Apple customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks have revealed.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
http://www.theguardian.com/technology/2016/mar/07/apple-targeted-by-keranger-ransom-malware-for-first-time

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #20 on: Thursday, 24 March, 2016 @ 16:37:16 »
Quote
Researchers find hole in SIP, Apple’s newest protection feature

To exploit this vulnerability, an attacker must first compromise the target system. This could be accomplished via a spear-phishing attack, or by exploiting the user’s browser, for example.

So the vulnerability only comes into play as part of a multi-part attack, a combination punch, rather than as a stand-alone exploit.
http://www.theregister.co.uk/2016/03/24/macosx_security_bypass/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #21 on: Thursday, 21 July, 2016 @ 13:32:57 »
Quote
Users of iPhones and Macs must update to avoid Stagefright-like bug

The good news is that Apple issued fixes for the problem earlier this week. If you have already updated your systems to iOS 9.3.3, tvOS 9.2.2, watchOS 2.2.2, and El Capitan v10.11.6 then you have done the right thing.
http://www.welivesecurity.com/2016/07/21/users-iphones-macs-must-update-avoid-stagefright-like-bug/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #22 on: Friday, 02 September, 2016 @ 17:23:47 »
Quote
Apple has now quietly rolled-out a further security update revealing that the zero-day flaws are also present in Apple's OS X desktop operating system, as well as the desktop version of their OS X Safari browser.

My advice to Apple users? Make sure that your Macs, MacBooks, iPhones and iPads are up-to-date.
https://www.grahamcluley.com/2016/09/mac-users-vulnerable-state-sponsored-trident-attack-fixed-ios-week-patch/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #23 on: Tuesday, 25 October, 2016 @ 17:40:04 »
Quote
It's nearly 2017 and JPEGs, PDFs, font files can hijack your Apple Mac, iPhone, iPad

Apple has distributed a fresh round of security updates to address remote-code execution holes in iOS, macOS, Safari, and the firmware for Apple Watch and AppleTV.

Miscreants who exploit these flaws can take over the vulnerable device – all a victim has to do is open a JPEG or PDF file booby-trapped with malicious code, so get patching before you're caught out.
http://www.theregister.co.uk/2016/10/24/apple_security_update/

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Mac attack
« Reply #24 on: Tuesday, 18 July, 2017 @ 02:50:48 »
Quote
Malware installs Signal as part of scheme to steal Mac users' banking credentials
A harbinger of ported threats to come for Mac users?

New Mac malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials.

The threat, which goes by the name OSX/Dok, uses phishing mail laden with a malicious application as its attack vector. Those who crafted this campaign purchase Apple certificates (US $99) to sign their malicious application. Such willingness helps the malware bypass Gatekeeper's ever-watchful gaze.
https://www.grahamcluley.com/dok-mac-malware/