Make a Contribution to Remove NSFW Ads

What a MAC Malware Attack Looks Like

ballscout1

ballscout1

Rising Star
BGOL Investor
6230014-610-482.jpg


http://www.zdnet.com/blog/bott/what-a-mac-malware-attack-looks-like/3269


Well, that didn’t take long.

After I posted my analysis of why the time is right for bad guys to begin attacking the Mac in earnest, I heard from two readers who had encountered in-the-wild attacks on Macs in their respective workplaces. In both cases, the results showed up via Google Image Search. (This is an increasingly common source of malware, as security researcher Brian Krebs points out in a well-timed blog post today.)

I was able to duplicate these results and encountered an identical attempt from this same campaign to convince me to install a rather nasty Trojan on a Mac. (Sophos has an analysis of what this particular species does.) I uploaded the sample—a Mac installer package in a Zip file—to Virustotal.com, which confirmed that it is indeed the same code.

Remember last month when I showed you a malware attack that was targeting Google Chrome users? In a follow-up post, I wondered whether Macs would be far behind. They aren’t.

I just did a search for radioactive tsunami waves on Google and then clicked the Images button. On the second page of search results, I found one that looked legit:
Click to expand...


Trojan construction kit for Mac OS X - yours for $1,000



A Mac trojan is just clicks away.
Source: Krebs on Security According to security specialist Brian Krebs, in recent weeks a developer has been touting a trojan construction kit called Weyland-Yutani on underground forums; it enables criminals to construct malware for Mac OS X with just a few clicks. Construction kits of this type have previously only been available for Windows. The malware builder, which costs $1,000, generates malware for monitoring keystrokes that allows criminals to steal login credentials or credit card details – similar to the Windows trojans ZeuS and SpyEye.

Unlike on the Windows ecosystem, no exploit kits for Mac OS X are at present able to inject malware undetected onto a system via security vulnerabilities. The attacker always needs to persuade a victim to run an infected file, usually by means of social engineering, for example, on sites such as Facebook.

Weyland-Yutani hooks into Chrome and Firefox to monitor keystrokes entered into form fields. The developer told Krebs that he is also working on tapping into Safari, which comes preinstalled under Mac OS X. Like its Windows cousins, the Mac malware supports 'web injects' – addons which are able to modify web site content in real-time.

On top of this, Intego reports that in recent days a highly professional piece of scareware, MAC Defender, has been circulating. It is more than a match for well-known Windows counterparts, warning the user that their computer is infected and opening pornographic sites every couple of minutes to reinforce this impression.


To stop websites from running installation programs automatically, deactivate the "Open 'safe' files after downloading" checkbox. The scareware program finds its way onto the user's computer as a zip archive as a result of a visit to a crafted web site. If a user is surfing with Safari, the download starts automatically and the installer contained within the archive is, by default, launched without user intervention. To stop this behaviour, users need to deactivate the checkbox under the Safari menu: Preferences, General, Open 'safe' files after downloading. The user is asked for their password before the scareware is installed.

(crve)
Click to expand...
 
exact thing happened to me.......did a google image search and clicked on a pic and all this shit started popping up and downloaded.......luckily i deleted everything without clicking any wrong buttons.....

deactivate the "Open 'safe' files after downloading" checkbox....

perfect
 
Main difference here is that you actually have to do the following to get infected:

- Click the link

- Download the actual file

- Open the file

- When OSX warns you: "you are about to open a file downloaded from the internet, from company X, are you sure?" you click "Open"

- You your enter your Admin password to confirm (may not be the case if the file itself isnt an application).

=================================================

This is MUCH different than:

- Go online

- Visit the wrong site

- System is automatically compromised with no user intervention

==================================================

Also keep in mind, even if you were infected, the virus cant run at root level, so you can easily get rid of it with a couple commands in Terminal or simply deleting the files at fault. You wont come across issues where OSX cant boot because a virus/trojan/spybot took over the system.
 
Last edited:
djcasperdotcom said:
exact thing happened to me.......did a google image search and clicked on a pic and all this shit started popping up and downloaded.......luckily i deleted everything without clicking any wrong buttons.....

deactivate the "Open 'safe' files after downloading" checkbox....

perfect
Click to expand...

Once there's a breach, your system has been compromised. At the very least all your logins and passwords have been passed on to someone. So deleting stuff is not a fix.:smh::smh::smh:
 
rtm862 said:
Once there's a breach, your system has been compromised. At the very least all your logins and passwords have been passed on to someone. So deleting stuff is not a fix.:smh::smh::smh:
Click to expand...

^^^^^if someone is silly enough to store their logins.

i tell everyone not to allow the computer to store logins for sensitive information.

and i run windows exclusively. i don't get hit with malware/viruses. and on some of my machines i don't even have any anti-virus/malware. folks need to learn how to browse smart. especially here on bgol or warez sites.
 
djcasperdotcom said:
exact thing happened to me.......did a google image search and clicked on a pic and all this shit started popping up and downloaded.......luckily i deleted everything without clicking any wrong buttons.....

deactivate the "Open 'safe' files after downloading" checkbox....

perfect
Click to expand...

Yep. I did that day one I got my MacBook Pro.
 
Flawless said:
hmm so what do you do, write them down?
Click to expand...

i am old school. i actually remember them. like i remember everyone's phone number that i talk to on a regular basis. it trips me out that no one knows anyone's phone number anymore.

and for shit that i cant remember off hand (like other folks wifi credentials) i keep an e-wallet app on my phone.
 
voyuer said:
i am old school. i actually remember them. like i remember everyone's phone number that i talk to on a regular basis. it trips me out that no one knows anyone's phone number anymore.

and for shit that i cant remember off hand (like other folks wifi credentials) i keep an e-wallet app on my phone.
Click to expand...
I use long complicated passwords, you might want to checkout 1password( my favorite password app) or a very good free alternative keepass to store your passes
 
voyuer said:
^^^^^if someone is silly enough to store their logins.

i tell everyone not to allow the computer to store logins for sensitive information.

and i run windows exclusively. i don't get hit with malware/viruses. and on some of my machines i don't even have any anti-virus/malware. folks need to learn how to browse smart. especially here on bgol or warez sites.
Click to expand...

Browsing with no protection is a mistake waiting to happen. No one has time to be "smart at browsing". We got real lives outside the internet. Just strap up with some type of anti virus and you,ll be ok.
 
Nah dude. I've been using macs for years and the only time I had any kind of virus protection was back in the OS9 days. If you are running OSX, you don't need it.
 
rtm862 said:
Browsing with no protection is a mistake waiting to happen. No one has time to be "smart at browsing". We got real lives outside the internet. Just strap up with some type of anti virus and you,ll be ok.
Click to expand...

my critical machines have protection. my htpc and other machines like that do not. if something happens (which hasn't happened) it takes 20 minutes to run ghost. it would take an antivirus program at least that long to run.
 
Flawless said:
I use long complicated passwords, you might want to checkout 1password( my favorite password app) or a very good free alternative keepass to store your passes
Click to expand...

i agree long complicated passwords are important. i have my own personal algorithm for passwords. they tend to be measured as strong when i add news ones in applications that tell you the strength of your potential password.
 

Make a Contribution to Remove NSFW Ads
You must log in or register to reply here.

Similar threads

geechiedan
What generational wealth REALLY looks like..
Replies
9
Views
242
mcguyver
mcguyver
MASTERBAKER
Phase Two Will Be Worse Than DOGE
Replies
2
Views
69
Duece
Duece
MASTERBAKER
Actress Camille Winbush, known for her role on the legendary TV show The Bernie Mac Show,
Replies
0
Views
119
MASTERBAKER
MASTERBAKER
Database Error
Looks like Young Thug is Going Back to Jail
Replies
17
Views
369
spider705
spider705
MASTERBAKER
windows 11’s April update is triggering BSODs for no reason, and the only fix is to wait
Replies
0
Views
41
MASTERBAKER
MASTERBAKER
Back
Top