Skip to main content

Mac malware

Four 'Mac malware' stories July 2014 - September 2015
See All Stories

Security researcher finds simple way to bypass Gatekeeper and allow a Mac to run malware

Avatar for Ben Lovejoy Sep 30 2015 - 7:16 am PT
10 Comments

Gatekeeper-bypass-hack

A security researcher has found an extremely simple way to bypass Gatekeeper to allow Macs to open any malicious app, even when it is set to open only apps downloaded from the Mac App Store.

Patrick Wardle, director of research at security firm Synack, told arsTechnica that once Gatekeeper okays an approved app, it pays no more attention to what that app does. The approved app can then open malicious apps – which Gatekeeper doesn’t check.

Wardle has found a widely available binary that’s already signed by Apple. Once executed, the file runs a separate app located in the same folder as the first one […] His exploit works by renaming Binary A but otherwise making no other changes to it. [He then] swaps out the legitimate Binary B with a malicious one and bundles it in the same disk image under the same file name. Binary B needs no digital certificate to run, so it can install anything the attacker wants … 


Expand
Expanding
Close

Site default logo image

Malware hidden in Nvidia GPUs can infect Macs too, say developers behind proof of concept

Avatar for Ben Lovejoy May 12 2015 - 4:05 am PT
0 Comments

nvidia

Anonymous developers who have successfully infected Nvidia GPU cards with malware on both Linux and Windows machines say that the same can be done on Macs, and that they will release the proof soon. The aim of the whitehat developers is to raise awareness of this new method of attack, reports IT World.

The team successfully created a piece of malware called WIN_JELLY which acts as a Remote Access Tool, enabling attackers to control a machine over the Internet. They now plan to release a version for OS X called MAC_JELLY, demonstrating that Macs too are vulnerable.

There are, they say, two core problems. First, the growing power of modern GPUs means that it is increasingly common for processing tasks to be passed to them, something that would look legitimate to the OS. Second, most security tools designed to detect malware don’t scan the RAM used by the GPU.

The developers hint that the Mac version of the exploit will use OpenCL, a framework for writing code that can run on multiple platforms – including GPUs – and which is installed as standard as part of OS X.

While Mac and iOS malware is rare, neither platform is immune from attack. Wirelurker was last year found to be capable of infecting non-jailbroken iOS devices when connected to Macs running compromised software, and Flashback infected hundreds of thousands of Macs back in 2012.

Apple recently pulled many antivirus apps from the iOS app store, though this may be because many of them performed no useful function.

Via Slashdot

Apple blocks WireLurker malware apps from opening, but needs to do more, argues security researcher

Avatar for Ben Lovejoy Nov 7 2014 - 5:19 am PT
8 Comments
Site default logo image

wirelurker

Apple has now blocked the launching of Mac apps infected with WireLurker malware, after earlier revoking security certificates to prevent them being installed on new devices. WireLurker was capable of infecting non-jailbroken iOS devices when connected to a Mac running one of the compromised apps. Over 400 Mac apps in a third-party Chinese app store were affected.

In a written statement, an Apple spokesperson said:

We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.

However, a security researcher says that it would be easy for other attackers to exploit the exact same weakness … 
Expand
Expanding
Close

Site default logo image

Security researchers say USB security ‘broken,’ can take over Macs or PCs

Avatar for Ben Lovejoy Jul 31 2014 - 5:55 am PT
15 Comments

usb

The USB standard has a fundamental security flaw that allows an attacker to take over any device it is connected to, whether PC or Mac, say security researchers in a frightening piece by Wired.

Describing the proof-of-concept Karsten Nohl and Jakob Lell plan to present at the Black Hat conference next week, they say the weakness is fundamental to the way in which USB works. Rather than storing malicious files on a USB device, the researchers managed to hack the USB controller chip that enables a USB device to communicate with a computer, changing its firmware. That means it can allow absolutely any USB device, from a USB key to a keyboard, to be compromised.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

“You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s clean, [but] the cleaning process doesn’t even touch the files we’re talking about.”

Unlike most malware, which targets Windows, this exploit allows any USB device to emulate a keyboard or mouse, taking complete control of both PCs and Macs.

As it’s undetectable, the exploit could be silently added to a USB key when it is inserted into a PC, and then infect the next device it’s connected to. There is, say the researchers, no protection at all against the method of attack short of never sharing USB devices – treating them as you’d treat a hypodermic needle: only ever using one you know to be brand new, and not dreaming of allowing anyone else to share it.