Tag: macos
-
VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail
The Middle East continues to be a hotbed of APT activity. The WindShift group is one of many APT groups active in the region. First described by Darkmatter ’s Taha Karim in 2018, the group’s toolset includes malware for both Windows and macOS . Building on that research, Jamf ’s Patrick Wardle analysed the WindTail…
-
VB2019 paper: Play fuzzing machine – hunting iOS and macOS kernel vulnerabilities automatically and smartly
Apple ’s MacOS and iOS operating systems are often praised for their security. Yet vulnerabilities in both operating systems are regularly being found and exploited, especially by more advanced attackers. In a paper presented at VB2019 in London, Trend Micro researchers Lilang Wu and Moony Li explained how researchers like them hunt for such vulnerabilities…
-
VB2019 paper: Never before had Stierlitz been so close to failure (or: what is a Soviet super-spy doing in a popular bundleware for Mac?)
Over the years, many ‘potentially unwanted applications’ have plagued macOS in the same way they have plagued other platforms. Though anti-virus isn’t ubiquitous on Macs, detecting such PUAs usually isn’t a difficult problem. However, there are exceptions. One such exception is a popular yet unnamed piece of ‘bundleware’ that was analysed by Sophos researcher Sergei…
-
VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees
In June, employees at cryptocurrency exchange Coinbase were targeted by emails linking to a website that used two zero-day vulnerabilities in the Firefox browser to deliver macOS malware. The malware, dubbed ‘NetWire’, had previously been known but the exploit allowed it to bypass built-in protections against it. The NetWire sample was analysed by regular VB…
-
XMRig used in new macOS cryptominer
Users complaining on Apple ‘s official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS that is based on XMRig, Malwarebytes researcher Thomas Reed writes . The open-source XMRig Monero miner is widely used for both benign and malicious purposes.…
-
XMRig used in new macOS cryptominer
Users complaining on Apple ‘s official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS that is based on XMRig, Malwarebytes researcher Thomas Reed writes . The open-source XMRig Monero miner is widely used for both benign and malicious purposes.…
-
Alleged author of creepy FruitFly macOS malware arrested
It is almost a year since the mysterious FruitFly malware for macOS was discovered . Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed particularly interesting: its spying capabilities, combined with the fact that it had managed to stay under the radar for many years, led many to postulate that it…
-
Alleged author of creepy FruitFly macOS malware arrested
It is almost a year since the mysterious FruitFly malware for macOS was discovered . Malware targeting macOS is still uncommon enough to be newsworthy, but FruitFly seemed particularly interesting: its spying capabilities, combined with the fact that it had managed to stay under the radar for many years, led many to postulate that it…
-
VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Few readers of this blog will believe that there aren’t any security issues with Apple ‘s macOS operating system, a point made rather unsubtly by yesterday’s discovery of a flaw that lets anyone log into a computer running macOS High Sierra – as the root user, no less. Those who have been following Patrick Wardle’s…
-
VB2017 paper: Offensive malware analysis: dissecting OSX/FruitFly.B via a custom C&C server
Few readers of this blog will believe that there aren’t any security issues with Apple ‘s macOS operating system, a point made rather unsubtly by yesterday’s discovery of a flaw that lets anyone log into a computer running macOS High Sierra – as the root user, no less. Those who have been following Patrick Wardle’s…