Posted by: David Harley | July 17, 2017

More about OSX/Dok

Further to my earlier post, here’s a link to more information from Checkpoint: OSX/Dok Refuses to Go Away and It’s After Your Money

See also their earlier post: OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated) 

Commentary from David Bisson for Graham Cluley’s blog: Malware installs Signal as part of scheme to steal Mac users’ banking credentials – A harbinger of ported threats to come for Mac users?

David Harley


Posted by: David Harley | July 13, 2017

OSX_DOK malware

Trend Micro: OSX Malware Linked to Operation Emmental Hijacks User Network Traffic

“The OSX_DOK malware (Detected by Trend Micro as OSX_DOK. C)  showcases sophisticated features such as certificate abuse and security software evasion that affects machines using Apple’s OSX operating system.”

David Harley

Posted by: David Harley | July 6, 2017

AV-Test Comparative Test

AV-Test: 10 Antivirus Suites for MacOS Sierra Put to the Test

Not much detail on methodology, though.

David Harley

Posted by: David Harley | July 4, 2017

AV-Test Stats: Spikes in macOS and Android malware

AV-Test offers an interesting aggregation of 2016/2017 malware statistics in its Security Report here.

Particularly relevant to this site:

  • Looking at the growth in malware for specific platforms, AV-Test notes a decrease in numbers for malware attacking Windows users. (Security vendors needn’t worry: there’s still plenty to go round…)
  • On the other hand, the report says of macOS malware that ‘With an increase rate of over 370% compared to the previous year, it is no exaggeration to speak of explosive growth.’ Of Android, it says that ‘the number of new threats … has doubled compared to the previous year.’

David Harley

Posted by: David Harley | June 23, 2017

OceanLotus – a New(ish) Wave

Analysis by Palo Alto of The New and Improved macOS Backdoor from OceanLotus.  Palo Alto states that this version is targeting victims in Vietnam.

For background, an article from early 2016 by AlienVault: OceanLotus for OS X – an Application Bundle Pretending to be an Adobe Flash Update 

David Harley

Posted by: David Harley | June 15, 2017

Fake AV and ‘Wannacry Protectors’ for Android

Gabriela Vatu for Softpedia: Hundreds of Malicious Apps Posing as Virus Scanners Found in App Stores – These virus scanners will actually do you harm

Warnings about Wannacry protectors – Wannacry doesn’t affect Android – from McAfee, and fake AV statistics from RiskIQ.

There are no direct links in the article, so I’ve included some here:

David Harley

Posted by: David Harley | June 13, 2017

MacRansom (& MacSpy)

[Updated 15th June 2017]

(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)

Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’

Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service

Sophos: More evidence Mac ransomware exists

Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”

AlienVault: MacSpy: OS X RAT as a Service

David Harley

Posted by: David Harley | May 8, 2017

Hacking Handbrake

A post by Graham Cluley for ESET describes how ‘A mirror download server for the popular tool HandBrake video file-transcoding app has been compromised by hackers, who replaced its Mac edition with malware.’

Malware warning for Mac users, after HandBrake mirror download server hacked

David Harley

Posted by: David Harley | March 21, 2017

More Warnings to Mac Users

You go for years thinking that hardly anyone is interested in reminding Mac users that they can be caught out by malware too, and then you get three articles at once beating the same drum, or at any rate to much the same rhythm. Yesterday, as I remarked in an earlier blog, there was a very nice article by Thomas Reed for Malwarebytes:  Mac Security Facts and Fallacies.

And today, along come a couple more. One is from the Cylance Threat Guidance Team (Threat Spotlight: Mac Malware): since it mentions me, I should say that while I’m fundamentally in agreement with the article, I have to clarify that though I was drafted into the WildList Organization to implement a Mac WildList, it didn’t (for various reasons) get beyond the planning stage. Anyway, the article seems to throw a little more light on the threat ESET calls OSX/Filecoder.E, as discussed in a blog by Marc-Etienne M.Léveillé from 22nd February  –  New crypto-ransomware hits macOS. There are some other links to information about OSX/Filecoder.E on this site: OSX/Filecoder.E Ransomware Recovery.

The other is by Bill Brenner for Sophos: Your Mac is not malware-proof: a look at the threats and defenses. Sophos believes that there is other macOS-targeting malware incoming, including ransomware.  Sophos researchers Xinran Wu is quoted as saying that ‘MacOS tends to be more a victim of nuisance programs known as potentially unwanted applications (PUA) – adware, for example.’ (Thomas Reed made much the same point in his article for Malwarebytes.) And I agree with him that apart from PUAs, the unequivocal malware that we’ve seen for OS X/macOS has tended to be targeted. However, the way it’s expressed in that article seems to imply that malware is either targeted or drive-by. And, of course, drive-by downloads are a considerable problem, but they’re not the only problem – there’s plenty of other malware (I’m talking malware in general, not Mac-specific stuff) that uses other vectors and doesn’t rely on vulnerabilities in applications. Still, there are plenty of useful links in the article.

David Harley

Posted by: David Harley | March 20, 2017

Macs, Facts and Fallacies

If you’ve followed my Mac-related writing over the past couple of decades – how are you both? – you’ll know that a lot of that writing has been about mistaken claims that Macs offer more security than they really do. A view that has earned me more abuse (from the fanboi faction, at any rate) than admiration, but nearly 30 years spent in and around  the anti-malware industry have helped me grow a pretty thick skin.

All that aside, it’s quite nice to see someone else expressing similar views occasionally: in this case, Thomas Reed, who has been writing interesting and useful articles on Mac security for a long time, recently on behalf of Malwarebytes. I have to agree with Forbes that his article Mac Security Facts and Fallacies is a “useful and informative blog post that provides a balanced view of the strengths and weaknesses of security on the Mac.”

David Harley

« Newer Posts - Older Posts »