Lazarus Group’s Dacls RAT Affects Macs for the First Time

· Andrew Orr · Link

Alert symbol of an exclamation point inside triangle

Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

The conclusion I’m drawing is that it’s unlikely to affect most Mac users.

How Worried Should You Be About Public USB Charging Stations?

· Andrew Orr · Link

DuckDuckGo logo

Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.

Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.

Apple Leverages iOS for Advertising You Can’t Block

· Andrew Orr · Link

Tumblr software engineer Steve Streza makes the case that iOS is adware for all of Apple’s services.

iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.

This particularly annoys me with Apple News, where roughly half the space is dedicated to showing me News+ content, even though I don’t subscribe. On iOS you can swipe to “See Less Often” but you can’t do this on iPad.

Security Friday! – TMO Daily Observations 2020-02-07

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Andrew Orr joins host Kelly Guimont to discuss the latest security headlines and some tips for avoiding malware and viruses on your Mac.

Clicker Malware Found in 17 iOS Apps

· Andrew Orr · News

17 apps from iOS developer AppAspect Technologies Pvt. Ltd. were found to contain clicker malware that automatically clicked on ads.

French Police Defeat Retadup Botnet Infecting 850,000 Computers

· Andrew Orr · Link

Generic image of botnet

French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

Last Month Google Play Had 205 Malicious Apps With Over 32M Installs

· Andrew Orr · Link

In July alone, Google Play had 205 malicious apps with over 32 million installations, most of them containing hidden ads.

The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.