Malware

By MacRumors Staff

Malware Articles

macOS Malware Feature

Common Windows Malware Can Now Infect Macs

Wednesday July 21, 2021 8:13 am PDT by
A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer). Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. ...
bigSur

Apple's Notarization Process Repeatedly Approved Malware for Mac

Monday August 31, 2020 8:14 am PDT by
Apple mistakenly approved and notarized a common kind of malware for macOS on at least two occasions, reports TechCrunch. Apple requires developers to submit their apps for security checks to run on macOS in a process called "notarization." Notarization was required from the launch of macOS Catalina. If software has not been notarized, it will be blocked by default in macOS. Peter...
iu 2 1

Malware Injected Into Xcode Projects Could Infiltrate Mac App Store

Monday August 24, 2020 8:17 am PDT by
Last week, we reported on a severe new kind of Mac malware that has been found to infect via Xcode, discovered by security researchers at Trend Micro. In an exclusive interview with MacRumors, the security researchers behind the discovery, Oleksandr Shatkivskyi and Vlad Felenuik, have provided more information about their research. The malware, which is part of the XCSSET family, is "an ...
xcode 6

New Mac Malware Found to Infect via Xcode

Monday August 17, 2020 12:02 am PDT by
Security researchers at Trend Micro have discovered a new kind of Mac malware which can "command and control" a target system. The researchers described the malware, which is part of the XCSSET family, as "an unusual infection related to Xcode developer projects." The malware is unusual because it is injected into Xcode projects, and when the project is built, the malicious code is run. A...
evilquestransomalert

New Mac Ransomware Found in Pirated Mac Apps

Tuesday June 30, 2020 11:44 am PDT by
There's a new 'EvilQuest' Mac ransomware variant that's spreading through pirated Mac apps, according to a new report shared today by Malwarebytes. The new ransomware was found in pirated download for the Little Snitch app found on a Russian forum. Right from the point of download, it was clear that something was wrong with the illicit version of Little Snitch, as it had a generic installer...
malicious attack safari

Security Researcher Shows How Remote macOS Exploit Hoodwinks Safari Users With Custom URL Schemes

Wednesday September 5, 2018 3:32 am PDT by
A security researcher has demonstrated how macOS users are vulnerable to remote infection through a malicious exploit involving the "Do you want to allow..." popup that can be encountered when visiting websites in Safari. In a lengthy breakdown, Patrick Wardle explains how the exploit utilizes document handlers, which request permission to open a link or a file in another app – like a PDF in ...
macbook air

Malware Discovered That Can Control a Mac's Webcam and Keyboard, But It's Old and Possibly Abandoned

Tuesday July 25, 2017 7:42 am PDT by
Earlier this year, researchers from security firm Malwarebytes discovered a piece of Mac malware called Fruitfly that reportedly spied on computers in medical research centers for years before being detected. Apple has since updated macOS to automatically detect the malware, safeguarding users. However, a new variant of the Fruitfly malware has recently been discovered by Patrick Wardle, a...
macspy malware

New Mac Malware Discovered on Dark Web as Security Experts Remind Mac Users Not to Be 'Overconfident'

Tuesday June 13, 2017 7:48 am PDT by
Two new pieces of malicious software aimed at Mac computers have been discovered on the Dark Web, offered through Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) portals and estimated to have been up for around the past three weeks, beginning May 25. Originally spotted by Bleeping Computer, the two portals offer software called "MacSpy" and "MacRansom" as services for potential...
panicapps

Source Code for Several Panic Apps Stolen via HandBrake Malware Attack

Wednesday May 17, 2017 1:32 pm PDT by
In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac. In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake,...
Handbrake

Handbrake Developers Issue Mac Security Warning After Mirror Download Server Hack

Sunday May 7, 2017 3:17 am PDT by
The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked. The alert was issued on Saturday after it was discovered that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file. The affected server has been shut...
snakemalwareinstaller

Windows 'Snake' Malware Ported to Mac, Imitates Adobe Flash Player Installer

Friday May 5, 2017 12:07 pm PDT by
Well-known Windows backdoor malware "Snake" has been ported to the Mac for the first time, according to MalwareBytes. Described as "highly-sophisticated," Snake (also called Turla and Uroburos) has been infecting Windows systems since 2008 and was ported to Linux systems in 2014 before making its way to the Mac. The Snake malware was found earlier this week in an installer masquerading as...
newmacosmalware

Malware Attacks on Macs Up 744% in 2016, Mostly Due to Adware

Thursday April 6, 2017 2:19 pm PDT by
Malware attacks on Macs were up 744 percent in 2016, according to the latest Threat Report shared by McAfee Labs [PDF]. Mac users don't need to be overly alarmed, though, because much of that huge jump can be attributed to adware bundling. macOS malware samples jumped up 245 percent in the fourth quarter of 2016 alone just from adware. Adware, while irritating, is less alarming than true...
Transmission

BitTorrent Client Transmission Again Victimized by OS X Malware

Tuesday August 30, 2016 9:23 am PDT by
Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware. Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official...
EasyDoc Converter

What You Need to Know About Mac Malware 'Backdoor.MAC.Eleanor'

Wednesday July 6, 2016 9:24 am PDT by
Internet security software company Bitdefender's research lab has disclosed new malware targeting Macs called Backdoor.MAC.Eleanor [PDF]. Learn more about the malware and how to keep your Mac protected against attackers. What is Backdoor.MAC.Eleanor? Backdoor.MAC.Eleanor is new OS X/macOS malware arising from a malicious third-party app called EasyDoc Converter, which poses as a...
acedeceiverfairplaymitm

'AceDeceiver' iOS Trojan Spotted in China, Bypasses Apple's DRM Mechanism

Wednesday March 16, 2016 10:37 am PDT by
A new iOS trojan has been found in the wild that's able to infect non-jailbroken iOS devices through PCs without the need to exploit an enterprise certificate. Named "AceDeceiver," the malware was discovered by Palo Alto Networks and is currently affecting iOS users in China. AceDeceiver infects an iOS device by taking advantage of flaws in FairPlay, Apple's digital rights management (DRM)...
yispecterpopupad

Apple Responds to YiSpecter Malware, Says Fix Was Implemented in iOS 8.4

Monday October 5, 2015 1:26 pm PDT by
Over the weekend, security site Palo Alto Networks detailed a new iOS malware that's able to infect non-jailbroken Apple devices using enterprise certificates and private APIs. It originated in Taiwan and China and was installed through several methods, including hijacking traffic from ISPs, an SNS worm on Windows, and offline app installation. Called YiSpecter, the malware is able to...