Posted by: David Harley | April 12, 2016

InstallCore strikes again

Graham Cluley, writing for Intego, reports Mac Users Attacked Again by Fake Adobe Flash Update. Intego identifies the rogue installer as a variant of OSX/InstallCore. The malware installs potentially unwanted software onto compromised systems, and gets past Gatekeeper by signing the malcode with an Apple developer certificate. Graham reports that:

At the time of writing, the compromised Apple developer ID certificate (MDK7FNV856, in the name of one Nikolay Nikolay Lastovka) has not been revoked.


David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: