New Malware Infects Software Pirates and Blocks The Pirate Bay

· Andrew Orr · Link

Software piracy symbol on keyboard

Andrew Brandt reports on a new malware campaign that isn’t like your typical malware. This one blocks people from accessing many popular pirating websites.

We weren’t able to discern a provenance for this malware, but its motivation seemed pretty clear: It prevents people from visiting software piracy websites (if only temporarily), and sends the name of the pirated software the user was hoping to use to a website, which also delivers a secondary payload.

Looks like this is aimed more towards Windows users. The malware takes the form of .EXE executables, and may display a message saying the victim is missing an important .DLL file.

The Story of BonziBuddy and its Company’s Demise

· Andrew Orr · Link

Bonzibuddy

In the third episode of Kernel Panic, Mashable tells the story of one of the first virtual assistants known as BonziBuddy.

Behind the facade of that friendly gorilla, Bonzi Software, the company responsible for BonziBuddy, was collecting private information and contacts from the unsuspecting internet users who downloaded it — and bombarding them with ads and pop-ups that Bonzi would profit from.

Harry Potter and the Curse of Bonzi. If you ever downloaded this purple ape and noticed strange things start to happen, let us know in the comments. Maybe your browser was full of ads, or maybe he whispered into your ear at night, encouraging you to commit securities fraud.

Malvertising Campaign ‘Tag Barnakle’ Infected 120 Ad Servers

· Andrew Orr · Link

iPad security computer coder

First discovered a year ago, malvertising campaign Tag Barnakle has infected over 120 ad servers to insert malicious code into ads.

Stein says that while last year Tag Barnakle had targeted users of desktop browsers with redirects to malware download sites, over the past year, the gang has switched to going after mobile users and redirecting them to online scams peddling various scammy products.

Mysterious ‘Silver Sparrow’ Malware Confuses Researchers

· Andrew Orr · Link

Image of skull and programming code to indicate malware

Over the weekend we got news of a mysterious piece of malware called Silver Sparrow. It has infected 30,000 machines so far and there is a version of it built for M1 Macs. But security researchers can’t figure out its purpose.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met.

‘ElectroRAT’ is the First Mac Malware Spotted in 2021

· Andrew Orr · Link

Mac malware ElectroRAT code

We’re barely a week into 2021 and a piece of Mac malware has already been spotted. Dubbed “ElectroRAT” its primary goal is to steal personal information from cryptocurrency users.

These [malicous] applications were promoted in cryptocurrency and blockchain-related forums such as bitcointalk and SteemCoinPan. The promotional posts, published by fake users, tempted readers to browse the applications’ web pages, where they could download the application without knowing they were actually installing malware.

Malware? Not Malware — Mac Geek Gab 841

· John F. Braun & Dave Hamilton · Mac Geek Gab Podcast

Sometimes you feel like … a malware. Sometimes you don’t. That’s not how it goes, but that’s exactly how it felt for a lot of you this week! John and Dave talk through this and get to the bottom of it all. That’s hardly half of it, though. You know how Mac Geek Gab goes… your questions answered, your tips share, all with the goal of learning at least five new things along with your two favorite geeks!

Mintegral Denies Malware Allegations

· Jeff Butts · News

Mintegral denies malware allegations

The software development company says the malware allegations against its advertising kit are false, and that even Apple agrees.

Many iPhone App Ads Hide Malware

· Jeff Butts · News

When you think about malware in an app, do you think about your iPhone? Start thinking about it, because ads hide malware in 1,200 apps.

‘Bundlore’ Adware Targets Macs With Updated Safari Extensions

· Andrew Orr · Link

Alert symbol of an exclamation point inside triangle

A report from Sophos today reveals a wave of adware belonging to the Bundlore family that targets macOS. Bundlore is one of the most common bundlware installers for macOS, accounting for almost 7% of attacks detected by Sophos.

This installer carried a total of seven “potentially unwanted applications” (PUAs)—including three that targeted the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income. The injected content in at least one case was used for malvertising—popping up a malicious ad that prompted the download of a fake Adobe Flash update.

Lazarus Group’s Dacls RAT Affects Macs for the First Time

· Andrew Orr · Link

Alert symbol of an exclamation point inside triangle

Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

The conclusion I’m drawing is that it’s unlikely to affect most Mac users.