A report from Sophos today reveals a wave of adware belonging to the Bundlore family that targets macOS. Bundlore is one of the most common bundlware installers for macOS, accounting for almost 7% of attacks detected by Sophos.
This installer carried a total of seven “potentially unwanted applications” (PUAs)—including three that targeted the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income. The injected content in at least one case was used for malvertising—popping up a malicious ad that prompted the download of a fake Adobe Flash update.
Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.
We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.
The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.
The conclusion I’m drawing is that it’s unlikely to affect most Mac users.
Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.
Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.
Charlotte Henry and John Martellaro join host Kelly Guimont to discuss malware bought and reused by the NSA, and the future of Mac processors.
Tumblr software engineer Steve Streza makes the case that iOS is adware for all of Apple’s services.
iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.
This particularly annoys me with Apple News, where roughly half the space is dedicated to showing me News+ content, even though I don’t subscribe. On iOS you can swipe to “See Less Often” but you can’t do this on iPad.
US Cyber Command, DHS, and FBI have exposed a new North Korean campaign of malware and phishing, with six new families of malware.
Charlotte Henry and Andrew Orr join host Kelly Guimont for Security Friday, discussing security news, malware protection, and backup tips.
A new report from Malwarebytes reveals that malware threats against Macs outpaced those for Windows for the first time ever in 2019.
Andrew Orr joins host Kelly Guimont to discuss the latest security headlines and some tips for avoiding malware and viruses on your Mac.
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss trade-in values dropping in Apple Stores, and a new malware attack.
A new version of North Korea’s AppleJeus malware has been spotted, one more effective than the last version.
Cybersecurity threats against Macs increased in 2019, with some of the world’s biggest threats targetting Apple devices Malwarebytes found.
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss Google announcing better malware scans and Apple’s updated family leave.
Security experts say that if your computer has been infected with malware you shouldn’t restart it, especially if you suspect ransomware.
17 apps from iOS developer AppAspect Technologies Pvt. Ltd. were found to contain clicker malware that automatically clicked on ads.
French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.
“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”
The DoJ charged a Pakistani man with bribing AT&T employees to install malware on the company’s network and unlock customer devices.
In July alone, Google Play had 205 malicious apps with over 32 million installations, most of them containing hidden ads.
The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.
Charlotte spoke to Thomas Reed, Director of Mac & Mobile at Malwarebytes. They discussed the recent Zoom incident and how Apple responded. They also discussed the cybersecurity threats to the Apple ecosystem more broadly.
After the controversy surrounding Zoom and its hidden web server, Apple is pushing a hidden Mac update that removes it.