Malware Stories March 17, 2021

How to use private browsing on Mac with Safari
0

A study looking at new malware found in the wild during 2020 says that threats developed for macOS saw a huge jump – almost 1,100% compared to 2019. But taken into context, that total was less than 1% of the new malware that was discovered for Windows in the same period.

expand full story

Malware Stories February 17, 2021

How to revive and restore M1 Macs
0

The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild.

expand full story

Malware Stories October 20, 2020

GravityRAT spyware
0

The notorious GravityRAT spyware, which initially targeted Windows PCs, now also enable attacks against Macs and Android devices.

Remote Access Trojans (RATs) are so-called because they masquerade as legitimate apps (the Trojan part) and then permit the compromised machine to be accessed remotely …

expand full story

Malware Stories March 2, 2020

Hijacking state-created Mac malware
0

Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.

The sophistication of the malware makes re-purposing it attractive to other attackers, including other governments …

expand full story

Malware Stories February 12, 2020

Mac malware is growing but
0

Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.

For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]

In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.

That’s getting a lot of headlines today, but there are three key things that need to be understood…

expand full story

Malware Stories October 25, 2019

17 malware iPhone apps found in App Store
0

Apple has confirmed that 17 malware iPhone apps were removed from the App Store after successfully hiding from the company’s app review process.

The apps were all from a single developer but covered a wide range of areas, including a restaurant finder, internet radio, BMI calculator, video compressor, and GPS speedometer …

expand full story

Malware Stories July 1, 2019

CrescentCore Mac malware hides from security researchers
0

No fewer than six examples of Mac malware were discovered last month, including one which exploits a vulnerability in macOS Gatekeeper. The latest example – dubbed OSX/CrescentCore – takes steps to hide from security researchers.

Security company Intego says it has found CrescentCore on multiple websites, posing as, you guessed it, a Flash Player updater …

expand full story

Malware Stories June 25, 2019

macOS Gatekeeper vulnerability now being exploited
0

A macOS Gatekeeper vulnerability discovered by a security researcher last month has now been exploited in what appears to be a test by an adware company.

Gatekeeper is designed to ensure that Mac apps are legitimate by checking that the code has been signed by Apple. Any app failing that check shouldn’t be allowed to install without the user acknowledging the risk and granting explicit permission to proceed …

expand full story

Malware Stories March 21, 2019

Microsoft Defender begins limited Mac rollout
0

Microsoft is renaming its Windows Defender antivirus software to Microsoft Defender Advanced Threat Protection (ATP), and bringing it to macOS for the first time.

While Macs are significantly less vulnerable to malware than Windows machines, they are not immune. Examples include fake Flash Player installers and cryptocurrency-stealing browser exploits and apps

expand full story

Malware Stories January 31, 2019

CookieMiner
0

CookieMiner is the latest Mac malware to be discovered. It’s highly targeted, using a clever technique to try to steal your cryptocurrency.

Discovered by security researchers from Palo Alto Networks’ Unit 42, it uses a two-fold attack method to obtain your login credentials and bypass two-factor authentication …

expand full story

Malware Stories October 30, 2018

PSA: The CoinTicker Mac app contains malware, probably to steal cryptocurrency

CoinTicker, a Mac app that displays the current price of Bitcoin and other cryptocurrencies in your menu bar, has been found two contain two separate pieces of malware

Malware Stories September 6, 2018

iPhone spyware maker mSpy exposes millions of private records, inc. passwords, messages

mSpy, a company which makes spyware used by suspicious parents and partners to spy on iPhone usage, has accidentally exposed millions of private records on the web. Data exposed includes passwords, text messages, contacts, call logs. notes and location data …

Malware Stories August 14, 2018

0

Security research and former NSA staffer Patrick Wardle says that he will demonstrate on Sunday a set of automated attacks against macOS High Sierra, in which he is able to bypass security checks.

The checks are ones that ask the user to confirm that an app should be granted permission to do things like access contacts or location data …

expand full story

Malware Stories August 7, 2018

Apple chip supplier TSMC admits downtime caused by unpatched Windows systems

TSMC, sole supplier of the A-series chips used in Apple’s iPhones and other devices, has admitted that the ultimate cause of its virus-induced downtime was the use of unpatched Windows systems …

Malware Stories May 18, 2018

PSA: Here’s how to check for – and remove – the Mac malware mshelper

If your Mac seems to be running at high fan rates or you’re seeing reduced battery-life for no apparent reason, you may want to check for some Mac malware that seems to be going around …

Malware Stories April 25, 2018

0

Macs are not immune to malware, but they are pretty well-protected. By default, macOS won’t allow unrecognized apps to be installed, and it needs the user to agree to override this. Even when they are installed, sandboxing limits the damage that can be done, which is why most Mac malware is actually adware – annoying but not damaging.

A common way for attackers to get malware onto a Mac is to disguise it as something else, to trick technically naive users into installing it. Fake installers for Adobe Flash Player are particularly favored, and Malwarebytes has found a variant that’s nastier than usual …

expand full story

Malware Stories July 25, 2017

0

[UPDATE: Apple confirmed to us that any systems that are up to date, running El Capitan or later, are protected. We’ve also confirmed from those in the know that the issue has been fixed since around January and only affected older and out of date Macs.]

A security researcher has discovered a piece of Mac malware that allows an attacker to activate the webcam to take photos, take screenshots and capture keystrokes.

Synack researcher Patrick Wardle says that the malware has been infecting Macs for at least five years, and possibly even a decade …

expand full story

Malware Stories June 23, 2017

0

McAfee tells us that the growth in Mac malware seen last year has continued into this year, growing 53% in the first quarter alone. The total number of instances of malware detected has reached over 700,000.

As before, though, the headline number isn’t as alarming as it might appear …

expand full story

Malware Stories May 24, 2017

PSA: Many major media players vulnerable to attack via malicious subtitles files [Video]

Security researchers have discovered a surprising new way for attackers to gain control of a machine: malicious subtitles. The vulnerability is device-independent, meaning it could be used to gain control of anything from an iPhone to a Mac.

Malware Stories May 15, 2017

0

The WannaCry ransomware attack may have been exploiting a vulnerability in Windows, but the lesson it provides – the importance of keeping both computers and mobile devices updated – is one applicable to all of us, Apple users included.

WannaCry itself targeted a vulnerability that had existed in Windows all the way through from XP to the latest Windows 10. Microsoft issued a patch to fix the issue for Windows Vista onwards back in March, but many organizations failed to update.

The scale of the attack – which caused widespread disruption around the world – should be a wake-up call to consumers, businesses and governments alike …

expand full story

Malware Stories May 5, 2017

Snake Adobe Flash Player malware on macOS
0

A new piece of backdoor malware originally discovered on Windows has found a new home in macOS. Disguising itself as a legitimate Adobe Flash Player installer, the malware burrows into pre-existing macOS folders making it harder to spot. Having used a valid developer’s certificate, the malware was set to run free on macOS even with Gatekeeper enabled.

These certificates were created to help validate applications with Gatekeeper, but lately have been used to spread malicious software. This is the second reported malware incident in the past week using a valid certificate.

expand full story

Malware Stories April 28, 2017

0

We learned recently that macOS malware grew by 744% last year, though most of it fell into the less-worrying category of adware. However, a newly-discovered piece of malware (via Reddit) falls into the ‘seriously nasty’ category – able to spy on all your Internet usage, including use of secure websites.

Security researchers at CheckPoint found something they’ve labelled OSX/Dok, which manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update …

expand full story

Malware Stories April 6, 2017

0

The latest McAfee Threat Report shows that macOS malware grew by 744% in 2016, with around 460,000 instances detected. Behind the headline number, though, are a couple of reassuring facts.

First, while Mac malware is on the increase, it is almost a rounding error when viewed alongside Windows malware. All malware detected last year combined totalled more than 600M instances. Of this, around 15M examples were mobile malware – almost all of it Android …

expand full story

Malware Stories January 18, 2017

0

macbook-pro-4-thunderbolt-ports

The team over at Malwarebytes has recently discovered what they’re calling “the first Mac malware of 2017”. The Fruitfly malware has been using antiquated code to help it run undetected for quite some time on macOS systems. It has reportedly been used in targeted attacks at biomedical research institutions.

expand full story

Malware Stories October 12, 2016

This month’s critical Flash vulnerability gives attackers control of a Mac …

We’re honestly running out of headlines for these things. In what has now become a routine announcement, Adobe has admitted that yet another critical vulnerability could allow an attacker to take complete control of a Mac, Windows, Linux or ChromeOS machine.

Malware Stories August 26, 2016

0

ios-9-3-5

One of the major benefits of Apple’s ecosystem is that it’s a pretty secure environment. Take OS X (soon to be macOS). The first ever example of OS X ransomware seen in the wild was earlier this year, when it was major news. Other Mac malware exists, but it’s rare enough that individual examples make the news – and most of those require users to do something irresponsible, like install software from an unknown source.

Contrast that with Windows, where the BBC reported that the number of viruses, worms and trojans in circulation topped the one million mark as long ago as 2008. That may be somewhat exaggerated, but most sources agree that the number is in six figures.

iOS is an even more secure platform. Sure, if you jailbreak an iPhone, all bets are off, and there are ways to install sketchy apps on iOS devices using an enterprise certificate. But absent those two things, it wasn’t until this year that the first example of iOS malware was found …

expand full story

Malware Stories August 19, 2016

0

mac-file-opener

No 9to5Mac reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users.

Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website …

expand full story

Malware Stories July 22, 2016

0

maxresdefault

Security researchers last year discovered what they described as ‘the worst Android vulnerability ever,’ able to infect a phone with malware simply by sending an MMS message to it. The vulnerability, dubbed Stagefright, didn’t even require people to open the message for their phone to be infected.

A Cisco researcher has now discovered a similar vulnerability in OS X and iOS, that could allow an attacker to gain access to your stored passwords and files simply by sending you a malicious image file …

expand full story

Malware Stories July 6, 2016

0

controlpanel-1-1024x750-1

After the first ever example of Mac ransomware was found in the wild earlier this year, Bitdefender Labs has found what it tells us is only the second example of true Mac malware to enter circulation this year, which it has dubbed Backdoor.MAC.Elanor. The malware application was available on a number of (formerly?) reputable download sites such as MacUpdate.

The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.

This is a nasty backdoor that can steal data, execute remote code and access the webcam, among other things …

expand full story

Malware Stories March 17, 2016

malware

Non-jailbroken iPhones are usually close to immune from malware thanks to Apple vetting every app before it’s made available in the App Store. So far, malware has relied on abusing enterprise certificates designed to allow companies to distribute apps to their own phones. But security company Palo Alto Networks has discovered a new piece of malware that can infect iPhones by exploiting a vulnerability in Apple’s DRM mechanism.

AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken.

AceDeceiver currently uses a geotag so that it is only activated when a user is located in China, but a simple switch could allow it to infect iPhones elsewhere …

expand full story

Malware Stories November 10, 2015

Screen Shot 2015-11-10 at 8.31.15 PM

Apple today has pulled a popular Instagram client from the App Store after it was found to be harvesting usernames and passwords. First noticed by developer David L-R on Twitter, the Instagram client InstaAgent has been pulled from the App Store. The app, downloaded more than half a million times, touted that it would let you see who had been viewing your Instagram profile.

expand full story

Malware Stories November 4, 2015

xcodeghost-s

Security firm FireEye said in a blog post that XcodeGhost – a fake version of Xcode that injected malware into genuine apps – remains a threat. FireEye has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.

The company said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the USA – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers …  expand full story

Malware Stories September 30, 2015

Gatekeeper-bypass-hack

A security researcher has found an extremely simple way to bypass Gatekeeper to allow Macs to open any malicious app, even when it is set to open only apps downloaded from the Mac App Store.

Patrick Wardle, director of research at security firm Synack, told arsTechnica that once Gatekeeper okays an approved app, it pays no more attention to what that app does. The approved app can then open malicious apps – which Gatekeeper doesn’t check.

Wardle has found a widely available binary that’s already signed by Apple. Once executed, the file runs a separate app located in the same folder as the first one […] His exploit works by renaming Binary A but otherwise making no other changes to it. [He then] swaps out the legitimate Binary B with a malicious one and bundles it in the same disk image under the same file name. Binary B needs no digital certificate to run, so it can install anything the attacker wants … 

expand full story

Malware Stories September 24, 2015

xcodeghost-apps

Apple has named the top 25 apps infected by the XcodeGhost malware, stating that “the number of impacted users drops significantly” for other compromised apps. Most security researchers now agree that the total number of infected apps is in or around four figures, with many of them still present in China’s App Store …  expand full story

Malware Stories September 23, 2015

xcodeghost

Apple is to make Xcode available for local download from servers based in China as part of its response to the XcodeGhost malware issue. The announcement was made on the Chinese social media site Sina by Phil Schiller, Apple’s senior VP of worldwide marketing (via CNET). It’s believed that many Chinese developers inadvertently downloaded the fake version because the official download was taking too long.

“In the US it only needs 25 minutes to download,” Schiller told Sina, admitting that in China getting Xcode “may take three times as long.” He told the Chinese publication that, to quell this problem, Apple would be providing an official source for developers in the People’s Republic to download Xcode domestically.

Analysis of infected apps by security researchers appears to be revealing a mix of good and bad news …  expand full story

Malware Stories September 22, 2015

xcodeghost

App analytics company SourceDNA – whose clients include Google, Amazon and Dropbox – claims that the compromised versions of many apps remain live in the Chinese App Store. This includes CamCard, which is a very popular app ranked #94.

The apps were infected with malware by a fake version of Xcode dubbed XcodeGhost which legitimate developers were fooled into downloading, believing it to be a copy of the genuine Apple app. A partial list of infected apps has been posted by security company Palo Alto Networks …  expand full story

Malware Stories September 21, 2015

angry-birds-2

Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.

Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.

I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.

After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.

The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.

It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) …  expand full story

Malware Stories September 1, 2015

iOS jailbreak malware stole 225,000 Apple IDs across 18 countries, but it’s unlikely you’re at risk

Researchers from Palo Alto Networks have discovered that a piece of iOS malware successfully stole more than 225,000 Apple IDs and passwords from jailbroken phones, using them to make purchases from the official App Store. The malware, dubbed KeyRaider, also has the ability to remotely lock jailbroken iOS devices in order to hold them to ransom.

These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.

However, it’s extremely unlikely that you’re at risk: the malware can only run on jailbroken devices, and appears to spread through only one set of Cydia repositories, run by Weiphone.

The malware was used in two tweaks that allow those running them to download paid apps and make in-app purchases from Apple’s official App Store without payment. The tweaks used the stolen credentials to make the purchases.

If you think your iPhone or iPad may be at risk, Palo Alto Networks has provided the following instructions to detect and remove the malware. Further details over at the company’s lengthy blog entry.

Users can use the following method to determine by themselves whether their iOS devices was infected:

  1. Install openssh server through Cydia
  2. Connect to the device through SSH
  3. Go to /Library/MobileSubstrate/DynamicLibraries/, and grep for these strings to all files under this directory:
  • wushidou
  • gotoip4
  • bamu
  • getHanzi

If any dylib file contains any one of these strings, we urge users to delete it and delete the plist file with the same filename, then reboot the device.

We also suggest all affected users change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.

The company also notes that not jailbreaking iOS devices is the only way to protect against such exploitation.

Via Re/code

Malware Stories May 13, 2015

Chrome-web-store-extensions-02

Back in May of last year, Google started enforcing a policy that requires Chrome extensions be hosted on its Chrome Web Store, but only on Windows. The goal was to prevent malware hidden in extensions installable from outside its store, and it even started disabling extensions already installed on users’ systems that weren’t hosted on the Chrome Web Store. Now, Google says it will bring that requirement to Mac Chrome users over the coming months, as well as the Chrome developer channel for Windows that wasn’t previously enforcing the policy: expand full story

Malware Stories May 12, 2015

Malware hidden in Nvidia GPUs can infect Macs too, say developers behind proof of concept

Anonymous developers who have successfully infected Nvidia GPU cards with malware on both Linux and Windows machines say that the same can be done on Macs, and that they will release the proof soon. The aim of the whitehat developers is to raise awareness of this new method of attack, reports IT World.

The team successfully created a piece of malware called WIN_JELLY which acts as a Remote Access Tool, enabling attackers to control a machine over the Internet. They now plan to release a version for OS X called MAC_JELLY, demonstrating that Macs too are vulnerable.

There are, they say, two core problems. First, the growing power of modern GPUs means that it is increasingly common for processing tasks to be passed to them, something that would look legitimate to the OS. Second, most security tools designed to detect malware don’t scan the RAM used by the GPU.

The developers hint that the Mac version of the exploit will use OpenCL, a framework for writing code that can run on multiple platforms – including GPUs – and which is installed as standard as part of OS X.

While Mac and iOS malware is rare, neither platform is immune from attack. Wirelurker was last year found to be capable of infecting non-jailbroken iOS devices when connected to Macs running compromised software, and Flashback infected hundreds of thousands of Macs back in 2012.

Apple recently pulled many antivirus apps from the iOS app store, though this may be because many of them performed no useful function.

Via Slashdot

Malware Stories March 19, 2015

Screenshot 2015-03-19 14.53.46

Searching for ‘antivirus’ now only shows games or Find My iPhone-esque apps.

Apple has seemingly decided to crack down on antivirus and antimalware apps, removing them from the App Store. Although there has been no official statement from Apple on a policy change, Apple’s loose guidelines allow them to pull pretty much anything at any time, particularly something like antivirus which has questionable utility within the sandboxed iOS environment of iPhones and iPads.

One casualty of the removal is Intego’s VirusBarrier, which claims that this takedown was not specific to its product with Apple deciding the entire category of antivirus products is now off-limits.

expand full story

Malware Stories November 25, 2014

From 9to5Toys.com:

9to5-image 2014-11-25 at 3.54.44 PM

We’ve got a nice 9to5Toys Specials deal on this evening and the best part is that it is a name your own price with the bids starting at $1.  The earlier you get in, the less you pay. Here’s the list of apps but frankly Typinator alone is worth it. Go big and 10% of your purchase price goes to a charity of your choice and you’ll be entered to win a Gold iPad 2 & iPhone 6

(Update:6:30am ET: the price is now $3.50)

  • Typinator – $32 – The program the “types” frequently used text for you
  • Hotspot Shield VPN – 1 Year Elite Subscription
  • Starry Night Enthusiast – $80 – Turn your computer into a virtual universe
  • Intensify Pro – $60 – The image enhancer for photographers of all levels
  • Spotdox 3 – $72 – Get access to all your files, on any device, anywhere
  • Data Backup 3 – $49 – Easy, powerful, and flexible backups
  • Paperless – $50 – Fuel your paper-free lifestyle
  • MacJournal 6 – $40 – Multimedia journal for the 21st century
  • Pixa – $25 – Image management and sharing app
  • Must Have Mac App Tutorial – $100 – Learn how to maximize the 9 apps included

 

Malware Stories November 5, 2014

china

Update: Apple confirmed the security issue in a statement provided to iMore. Apple has also revoked the certificate to prevent the apps from being installed on new devices.

The New York Times reports that a security firm called Palo Alto Networks has uncovered a new form of Apple-focused malware that is capable of infecting non-jailbroken iOS devices. Typically when such software pops up, as it does from time to time, one of the key factors that allows the malicious code to run on iOS is whether the device is jailbroken. The new “WireLurker” malware, however, is installed on the mobile device over USB by an infected Mac.

These infected Mac apps are reportedly coming from the Maiyadi App Store, a third-party software storefront operated in China. Palo Alto Networks says over 400 apps in the store are affected, and have been downloaded over 356,000 times total, potentially resulting in hundreds of thousands of infected devices.

expand full story

Malware Stories October 2, 2014

New Mac botnet malware uses Reddit to find out what servers to connect to

Mac users should beware of some new malware spreading, that tries to connect infected machines with a botnet for future exploitation. As detected by Dr Web, the malicious worm (dubbed Mac.BackDoor.iWorm) first checks whether any interfering applications are installed on the Mac.

If it is clear, it calls out to Reddit posts to find the IP addresses of possible servers to callback too. Although these posts have been deleted, it’s not hard for the people behind the exploit to repost them at a later time. Once connected to the botnet, the infected Mac can be literally instructed to perform almost any task the hackers want, such as redirect browsing traffic to potentially steal account credentials for instance.

Malware Stories May 26, 2014

osx-app-screen[1]

Google-owned VirusTotal today released a version of the VirusTotal uploader application (via The Next Web) compatible with Mac OS X. Previously the software was only available for Windows-based machines.

VirusTotal Uploader works in conjunction with the VirusTotal web service to check files and links for malware. Google hopes that the release of the software for the Mac will help users more easily detect attacks on Apple’s platform. From the VirusTotal blog:

expand full story

Malware Stories April 22, 2014

Chinese iOS malware stealing Apple IDs and passwords from jailbroken devices

Security researcher Stefan Esser (via ArsTechnica) has discovered that an issue reported on Reddit as causing crashes on jailbroken iPhones and iPads is actually a piece of malware designed to capture Apple IDs and passwords from infected devices.

This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.

Early indications are that the source of the malware is likely to have been from a tweak downloaded from somewhere outside of Cydia. Esser has identified that the code only runs on 32-bit devices, meaning that the iPhone 5s, iPad Air and iPad mini with Retina display are safe, while other devices are vulnerable.

The blog post says that the malware is easy to check for, but may not be easy to remove. Using SSH/Terminal, check the path /Library/MobileSubstrate/DynamicLibraries/ for the presence of either Unflod.dylib or framework.dylib.

Currently the jailbreak community believes that deleting the Unflod.dylib/framework.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts.

We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.

Cydia developer Jay Freeman, aka Saurik, pointed out on Reddit that adding random download URLs to Cydia is as risky as opening attachments received in spam emails.

Malware Stories January 21, 2014

Like he has done before, Apple’s Senior Vice President of Marketing Phil Schiller has taken to his Twitter account to share a new report highlighting a much higher amount of security threats on Android compared to iOS. Schiller linked to Cisco’s 2014 annual security report covering mobile malware trends over the last year, which happens to highlight a rise in malware on Android as one of its key takeaways:

Ninety-nine percent of all mobile malware in 2013 targeted Android devices. Not all mobile malware is designed to target specific devices, however… Many encounters involve phishing, likejacking, or other social engineering ruses, or forcible redirects to websites other than expected. An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware

That 71% encounter rate for web-delivered malware on Android mentioned above compares to just 14 percent for iPhone users, according to the report. The report’s finding that 99 percent of all mobile malware last year targeted Android marks an increase for Android when comparing to the last report Schiller shared. In March of last year, Schiller shared a report from security firm F-Secure that estimated Android had around 79% of all mobile malware for 2012 compared to just 0.7 percent for iOS. expand full story

Malware Stories August 20, 2013

Security researchers sneak malware past Apple’s App Store review using ‘Jekyll & Hyde’ approach

Researchers from the Georgia Institute of Technology managed to get a malicious app approved by Apple and included in the App Store by using a ‘Jekyll & Hyde’ approach, where the behaviour of a benign app was remotely changed after it had been approved and installed.

It appeared to be a harmless app that Apple reviewers accepted into the iOS app store. They were later able to update the app to carry out a variety of malicious actions without triggering any security alarms. The app, which the researchers titled “Jekyll,” worked by taking the binary code that had already been digitally signed by Apple and rearranging it in a way that gave it new and malicious behaviors … 

Powered by WordPress VIP