Andrew Orr and Bryan Chaffin join host Kelly Guimont to discuss Security Friday news, and what privacy will look like in iOS 14.
Malware
Apple’s Notarization Security Accidentally Approved ‘OSX.Shlayer’ Malware
Security researchers say they have found OSX.Shlayer malware disguised as an Adobe Flash installer and contained code notarized by Apple.
Mintegral Denies Malware Allegations
The software development company says the malware allegations against its advertising kit are false, and that even Apple agrees.
Security Friday: Malware, Ad Tracking, also Bill and Ted – TMO Daily Observations 2020-08-28
Andrew Orr joins host Kelly Guimont for the latest Security Friday news from ad network hijacking to Facebook (with a side of Bill and Ted).
Many iPhone App Ads Hide Malware
When you think about malware in an app, do you think about your iPhone? Start thinking about it, because ads hide malware in 1,200 apps.
‘Bundlore’ Adware Targets Macs With Updated Safari Extensions
A report from Sophos today reveals a wave of adware belonging to the Bundlore family that targets macOS. Bundlore is one of the most common bundlware installers for macOS, accounting for almost 7% of attacks detected by Sophos.
This installer carried a total of seven “potentially unwanted applications” (PUAs)—including three that targeted the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income. The injected content in at least one case was used for malvertising—popping up a malicious ad that prompted the download of a fake Adobe Flash update.
Lazarus Group’s Dacls RAT Affects Macs for the First Time
Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.
We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.
The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.
The conclusion I’m drawing is that it’s unlikely to affect most Mac users.
How Worried Should You Be About Public USB Charging Stations?
Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.
Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.
ARM Inside, NSA-brand Malware – TMO Daily Observations 2020-03-03
Charlotte Henry and John Martellaro join host Kelly Guimont to discuss malware bought and reused by the NSA, and the future of Mac processors.
Apple Leverages iOS for Advertising You Can’t Block
Tumblr software engineer Steve Streza makes the case that iOS is adware for all of Apple’s services.
iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.
This particularly annoys me with Apple News, where roughly half the space is dedicated to showing me News+ content, even though I don’t subscribe. On iOS you can swipe to “See Less Often” but you can’t do this on iPad.
US Government Agencies Expose New North Korean Malware Campaign
US Cyber Command, DHS, and FBI have exposed a new North Korean campaign of malware and phishing, with six new families of malware.
Security Friday, Backup Tips – TMO Daily Observations 2020-02-14
Charlotte Henry and Andrew Orr join host Kelly Guimont for Security Friday, discussing security news, malware protection, and backup tips.
Mac Malware Threats Are Now Growing Faster Than Those For Windows
A new report from Malwarebytes reveals that malware threats against Macs outpaced those for Windows for the first time ever in 2019.
Security Friday! – TMO Daily Observations 2020-02-07
Andrew Orr joins host Kelly Guimont to discuss the latest security headlines and some tips for avoiding malware and viruses on your Mac.
Trade In Values, Cryptocurrency Attacks – TMO Daily Observations 2020-01-10
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss trade-in values dropping in Apple Stores, and a new malware attack.
North Korea Upgrades ‘AppleJeus’ Malware for Macs
A new version of North Korea’s AppleJeus malware has been spotted, one more effective than the last version.
Malwarebytes Finds Increase in Mac Threat Detections in 2019
Cybersecurity threats against Macs increased in 2019, with some of the world’s biggest threats targetting Apple devices Malwarebytes found.
Google Malware Scanners, Apple Family Leave – TMO Daily Observations 2019-11-07
Charlotte Henry and Bryan Chaffin join host Kelly Guimont to discuss Google announcing better malware scans and Apple’s updated family leave.
You Shouldn't Restart Your Computer if You Have a Virus
Security experts say that if your computer has been infected with malware you shouldn’t restart it, especially if you suspect ransomware.
Clicker Malware Found in 17 iOS Apps
17 apps from iOS developer AppAspect Technologies Pvt. Ltd. were found to contain clicker malware that automatically clicked on ads.
French Police Defeat Retadup Botnet Infecting 850,000 Computers
French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.
“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”
AT&T Employees Took Bribes to Compromise Network
The DoJ charged a Pakistani man with bribing AT&T employees to install malware on the company’s network and unlock customer devices.
Last Month Google Play Had 205 Malicious Apps With Over 32M Installs
In July alone, Google Play had 205 malicious apps with over 32 million installations, most of them containing hidden ads.
The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.
Apple Releases Mac Update to Remove Zoom Web Server
After the controversy surrounding Zoom and its hidden web server, Apple is pushing a hidden Mac update that removes it.