Posted by: David Harley | February 10, 2017

Recent Mac Malware

John Leyden for the Register: Macs don’t get viruses? Hahaha, ha… seriously though, that Word doc could be malware – Files spotted using Python code to infect Apple machines.

Largely focused on Patrick Wardle’s analysis: New Attack, Old Tricks › analyzing a malicious document with a mac-specific payload.

Also touches on MacDownloader, which seems to impersonate both an installer and an anti-malware tool: IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (MACDOWNLOADER)

Dan Goodin for Ars Technica: Mac malware is still crude, but it’s slowly catching up to its Windows rivals – A tale of two attacks that both target MacOS users.

George V. Hulme: New Mac malware on the loose: What you need to know

No, malicious macros haven’t entirely gone away… In fact, this is almost (in a superficial sort of way) where I came in, 20 years ago: Macs and Macros – the State of the Macintosh Nation (my first Virus Bulletin paper).

David Harley

Posted by: David Harley | February 7, 2017

76 buggy trombones – I mean, iOS apps

Here’s an article by Will Strafach in which he talks about 76 Popular Apps Confirmed Vulnerable to Silent Interception of TLS-Protected Data. He classifies all the apps he discusses as ‘low risk’, but adds that:

The applications deemed Medium/High Risk will be posted in a follow up within 60 to 90 days, after reaching out to affected banks, medical providers, and other developers of sensitive applications which are vulnerable.

Commentary by Graham Cluley here: 76 popular iPhone apps found wide open to data interception attacks

David Harley

Posted by: David Harley | January 24, 2017

Apple Patches: the Theory of Everything

Graham Cluley: Apple issues security patches for… just about everything

That’s it…

Posted by: David Harley | January 19, 2017

Fruitfly/Quimitchin malware

For Malwarebytes, Thomas Reed reports on this New Mac backdoor using antiquated code. Kevin Townsend commented at some length for SecurityWeek – New “Quimitchin” Mac Malware Emerges Targeting Scientific Research – and quotes me. Commentary by Zeljka Zorz for Help Net Security: Fruitfly: Unusual Mac backdoor used for tightly targeted attacks?

Since Kevin actually cited this site’s tag line – ‘The official Mac Virus blogsite’ – perhaps I should explain what is meant by ‘official’ in this case, by quoting our About page.

Mac Virus is an anti-malware information page created by Susan Lesch in the 1990s, and inherited by David Harley when Susan couldn’t find time to update it any more. He  wasn’t updating it much either, but as Mac malware looked like becoming a larger part of his life, this started to change drastically in 2010. However, it’s become much less of a priority in recent years.

Why ‘The Official Mac Virus blogsite’? Well, we don’t claim any particular authority to comment on OS X/iOS/Android security apart from David’s 30-odd years in the security industry: that tagline was introduced simply to differentiate the site from several wannabe sites that started to call themselves Mac Virus. It’s ‘official’ only in that Susan asked David to continue to support the site in some form when she no longer had time to, rather than let it be co-opted by anyone who had no connection to the original site.

It’s not ‘official’ in the sense of representing malware writers, the anti-malware industry, the security product testing industry, Apple, Android, Microsoft or anyone else. It’s just a platform where I pass on and comment on news and issues relating to security – especially Mac and smartphone/tablet security – that I find interesting. Furthermore, because I’m semi-retired, I give it a lot less attention than I used to. Apologies if anyone is expecting more than that.

David Harley

Posted by: David Harley | January 3, 2017

LG TV ransomware revisited

In case you were wondering what happened as regards the story I previously blogged at AVIEN– Smart TV Hit by Android Ransomware – it appears that LG has decided after all to make the reset instructions for the TV public rather than requiring an LG engineer to perform the task for only twice the price of a new set… Note that this was an old model running Android, not a newer model running WebOS.

Catch-up story by David Bisson (following up on his earlier story for Metacompliance) for Graham Cluley’s blog: How to remove ransomware from your LG Smart TV – And the ransomware devs go home empty-handed!

The article quotes The Register’s article here, which details the instructions, but also links to a video on YouTube by Darren Cauthon – who originally flagged the problem – demonstrating the process.

[Also posted at AVIEN.]

David Harley

Posted by: David Harley | December 15, 2016

iOS 10.2 security

David Harley

Posted by: David Harley | December 15, 2016

Authentication bypass vulnerability in Skype for OS X

Trustwave’s analysis of what it describes as a possible ‘backdoor’ in Skype:

‘As described in the Trustwave advisory, the issue is an authentication by-pass discovered in the API whereby a local program could by-pass authentication if they identified themselves as the program responsible for interfacing with the Desktop API on behalf of the Skype Dashboard widget program.’

Microsoft denies that it’s a backdoor, but acknowledges the vulnerability.

Commentary by John Leyden for The Register: Infosec bods: This is a backdoor in Skype for Macs. Microsoft: No. – Dodgy API let apps and plugins silently pry into chat logs, record calls and more

David Harley

Posted by: David Harley | December 15, 2016

Malware Preinstalled: Space Dodgems in the Android Belt

David Bisson, for Graham Cluley’s blog, comments on a story that These 26 brand new Android smartphones come with malware pre-installed. The article is based on Dr Web’s blog post listing 26 models of Android phone that you might want to avoid:  Doctor Web discovers Trojans in firmware of well-known Android mobile devices.

Personally, though, I liked most a tweeted observation by Mark Noble.


Which kind of dovetails with another tweet by my friend and colleague Stephen Cobb:


(Stephen was referring to this article, by the way: Support Scams and Diagnostic Services.)

David Harley


Posted by: David Harley | December 3, 2016

AV-Test Report on Risk Scenarios

Long-established research/product testing organization AV-Test has published an interesting  document giving some background to the current malware scene, including consideration of threats on Windows, Mac, Android/mobile, Internet, PUA, and test statistics. Current Risk Scenario: AV-TEST Security Report Facts at a Glance

David Harley

Posted by: David Harley | November 12, 2016

Recent Apple security news

Article by Graham Cluley for ESET on smishing (SMS phishing): Apple ID smishing evolves to lure more victims

Shaun Nichols for The Register: Mac administrators brace for big changes to Apple-powered fleets – New features could shake-up how macOS machines are managed. Has much to do with Apple’s plans to move from HFS(+) to the Apple File System.

Michael Mimoso for Kaspersky: iOS Webview Problem Allows Attackers To Initiate Phone Calls. Related to the story mentioned here: iOS exploit that flooded 911 call centres

David Harley

« Newer Posts - Older Posts »