Tag: Malware

Jamf Treat Labs found crypto-mining malware in pirate copies of Final Cut Pro.

macOS malware becomes more and more sophisticated and harder to detect. Crypto-mining processes are hidden from user and much harder to detect.

Experts forecast more malware targeting Apple Silicon Macs soon.

Recent report from Malwarebytes highlights rise of malware attacks and vectors.

Jamf Blog: Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Malwarebytes Labs: The 5 most dangerous cyberthreats facing businesses this year

References:

• Well-hidden Mac cryptomining malware found in pirate copies of Final Cut Pro; expect more [U]
• macOS targeted by evasive crypto-jacking malware
• Report details the most common malware on Mac, biggest recent cybersecurity events

Cybersecurity experts from SecneurX have recently compiled a long list of Google Play apps infected with dangerous Trojans, including:

• Color Paint & Draw Master – Harly Trojan
• Real Photo Editor - Joker Trojan
• Coloring Painting - Joker Trojan
• Happy Voice Changer - Harly trojan
• Emoji Live Wallpaper - Joker trojan
• Screen Mirroring Cast - Joker Trojan
• Advanced Cast Screen - Joker Trojan

What can the Joker and Harly Trojans do?

A trend is emerging from the above reports. Most often, mobile applications with Joker and Harly Trojans impersonate relatively simple applications. Some of them are games, others are used for simple entertainment or personalization of the smartphone by changing the wallpaper or screensaver. Screen mirroring and screen casting applications are also popular. Viruses are designed to steal data, e.g. taking over our contacts or reading e-mails, text messages or conversations on messengers. Malware can also enable premium services and charge us a high phone bill.

Source: SecneurX 

Multiple platform certificates used by Android OEM device vendors to digitally sign core system applications have also been used to sign Android apps containing malware.

The biggest problem here is the fact that, are signed with the same platform certificate and assigned the highly privileged 'android.uid.system' user id, these apps will also gain system-level access to the Android device. Which mean that they can check and do much more than standard apps.

more:

https://arstechnica.com/gadgets/2022/12/samsungs-android-app-signing-key-has-leaked-is-being-used-to-sign-malware/

List of hashes: https://bugs.chromium.org/p/apvi/issues/detail?id=100

Apple updated anti-malware protection tools to macOS. Now macOS scans for malware proactively.

Until XProtect Remediator arrived in macOS 12.3 last March, system tools for tackling malware were essentially limited to XProtect and MRT. XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect. While Apple has broadened its scope to check more frequently, and continues to update those signatures every couple of weeks, they have their limits. MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.

The Electric Light Company

References:

• macOS now scans for malware whenever it gets a chance
• Apple Has Made Major Updates to macOS Malware Protection in 2022
• Apple reportedly introduced major under-the-hood security updates to macOS this year

A malicious app on the Google Play Store automatically installed malware called Vultur which targets financial services to steal users’ banking information. Infected "2FA Authenticator" was removed from the store after 15 days during which more than 10000 users have downloaded it. Quote strange is that the app required much more permissions than its main functionality would suggest and was published via Play Store without.

more:

https://blog.pradeo.com/vultur-malware-dropper-google-play

Apple releases iOS/iPadOS 14.7.1 and macOS 11.5.1.

Releases contain bug fixes and security updates, specifically, iOS 14.7.1 fixes issue with Touch ID unlock for Apple Watch.

Windows malware XLoader now "migrated" to Macs. It was updated with macOS attack vectors and payload. This spyware can access private information, log keystrokes, take screenshots.

Payload is often distributed embedded into Microsoft Office documents.