Skip to main content

Malware

See All Stories

Well-hidden Mac cryptomining malware found in pirate copies of Final Cut Pro; expect more [U]

Mac cryptomining malware in FCP | Final Cut Pro desktop setup

Update: Apple has now commented on the findings – see the end of the piece.

Cybersecurity company Jamf Threat Labs has found Mac cryptomining malware in pirate copies of Final Cut Pro. The firm says that the cryptojacking malware was particularly well hidden, and not detected by most Mac security apps.

Jamf also warned that the power of Apple Silicon Macs is going to make them increasingly popular targets for cryptojacking – where malware uses your machine’s considerable processing power to mine cryptocurrencies for the benefit of attackers …

Expand Expanding Close

CloudMensis spyware is being actively used in the wild to steal private data from Macs

CloudMensis | Mac keyboard under blue lighting

A nasty piece of Mac malware is being actively used in the wild to capture personal data from Macs. Security researchers say that CloudMensis spyware can allow an attacker to download files, capture keystrokes, take screengrabs, and more.

Cybersecurity firm ESET says that the spyware has been in active use since February, and appears to be targeting specific individuals …

Expand Expanding Close

DazzleSpy Mac malware enabled key-logging, screen captures, file extraction, more

DazzleSpy Mac malware

Security researchers have released details of DazzleSpy – Mac malware that enabled key-logging, screen captures, microphone access, and more.

DazzleSpy was used to target Hong Kong democracy activists, initially through a fake pro-democracy website, and later through a real one, in a so-called watering hole attack …

Expand Expanding Close

Student who hijacked iPhone camera did the same to the Mac; Apple paid bug bounty of $100K

Apple paid a bug bounty of $100K after a cyber security student who successfully hijacked the iPhone camera back in 2019 did the same with the Mac camera.

Ryan Pickren used an imaginative approach that allowed him to run arbitrary code on a target Mac, and received what he believes to be the largest bug bounty Apple has ever paid …

Expand Expanding Close

SysJoker shows that even Mac malware runs natively on M1 Macs now

SysJoker Mac malware

We may still be waiting for some developers to update their apps to run natively on M1 Macs, but the developer of SysJoker Mac malware is already on the case.

Security researcher Patrick Wardle points to what he says is the first Mac malware of 2022, and it runs on both Intel and M1 Macs. SysJoker can be controlled remotely by an attacker, allowing it to be used in many different ways …

Expand Expanding Close

NSO Android and iPhone spyware is linked to assaults and murder of dissidents – Amnesty

NSO Android and iPhone spyware database

Android and iPhone spyware sold by NSO Group enables state terror attacks in multiple countries, according to a new database released by Amnesty International and partner organizations.

NSO uses zero-day exploits to develop spyware for both iPhones and Android smartphones, allowing users to read text messages and emails, monitor contacts and calls, track locations, collect passwords, and even switch on the smartphone’s microphone to record meetings …

Expand Expanding Close

Comment: Mac malware is growing, but there are three important riders

Mac malware is growing but

Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.

For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]

In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.

That’s getting a lot of headlines today, but there are three key things that need to be understood…

Expand
Expanding
Close

Latest Mac malware OSX/CrescentCore hides from security researchers

CrescentCore Mac malware hides from security researchers

No fewer than six examples of Mac malware were discovered last month, including one which exploits a vulnerability in macOS Gatekeeper. The latest example – dubbed OSX/CrescentCore – takes steps to hide from security researchers.

Security company Intego says it has found CrescentCore on multiple websites, posing as, you guessed it, a Flash Player updater …

Expand
Expanding
Close

macOS Gatekeeper vulnerability has now been exploited by adware company

macOS Gatekeeper vulnerability now being exploited

A macOS Gatekeeper vulnerability discovered by a security researcher last month has now been exploited in what appears to be a test by an adware company.

Gatekeeper is designed to ensure that Mac apps are legitimate by checking that the code has been signed by Apple. Any app failing that check shouldn’t be allowed to install without the user acknowledging the risk and granting explicit permission to proceed …

Expand
Expanding
Close

Microsoft Defender brings anti-virus protection to Mac, but limited business roll-out initially

Microsoft Defender begins limited Mac rollout

Microsoft is renaming its Windows Defender antivirus software to Microsoft Defender Advanced Threat Protection (ATP), and bringing it to macOS for the first time.

While Macs are significantly less vulnerable to malware than Windows machines, they are not immune. Examples include fake Flash Player installers and cryptocurrency-stealing browser exploits and apps

Expand
Expanding
Close

Ex-NSA staffer demonstrates malware bypassing security checks in High Sierra

Security research and former NSA staffer Patrick Wardle says that he will demonstrate on Sunday a set of automated attacks against macOS High Sierra, in which he is able to bypass security checks.

The checks are ones that ask the user to confirm that an app should be granted permission to do things like access contacts or location data …

Expand
Expanding
Close