Chinese Mac and iOS users targeted by new ‘WireLurker’ malware capable of infecting non-jailbroken devices

china

Update: Apple confirmed the security issue in a statement provided to iMore. Apple has also revoked the certificate to prevent the apps from being installed on new devices.

The New York Times reports that a security firm called Palo Alto Networks has uncovered a new form of Apple-focused malware that is capable of infecting non-jailbroken iOS devices. Typically when such software pops up, as it does from time to time, one of the key factors that allows the malicious code to run on iOS is whether the device is jailbroken. The new “WireLurker” malware, however, is installed on the mobile device over USB by an infected Mac.

These infected Mac apps are reportedly coming from the Maiyadi App Store, a third-party software storefront operated in China. Palo Alto Networks says over 400 apps in the store are affected, and have been downloaded over 356,000 times total, potentially resulting in hundreds of thousands of infected devices.

Read more

Google-owned VirusTotal releases Mac-compatible version of malware detection app

osx-app-screen[1]

Google-owned VirusTotal today released a version of the VirusTotal uploader application (via The Next Web) compatible with Mac OS X. Previously the software was only available for Windows-based machines.

VirusTotal Uploader works in conjunction with the VirusTotal web service to check files and links for malware. Google hopes that the release of the software for the Mac will help users more easily detect attacks on Apple’s platform. From the VirusTotal blog:

Read more

Apple SVP Phil Schiller shares report showing Android had 99% of mobile malware last year

Like he has done before, Apple’s Senior Vice President of Marketing Phil Schiller has taken to his Twitter account to share a new report highlighting a much higher amount of security threats on Android compared to iOS. Schiller linked to Cisco’s 2014 annual security report covering mobile malware trends over the last year, which happens to highlight a rise in malware on Android as one of its key takeaways:

Ninety-nine percent of all mobile malware in 2013 targeted Android devices. Not all mobile malware is designed to target specific devices, however… Many encounters involve phishing, likejacking, or other social engineering ruses, or forcible redirects to websites other than expected. An analysis of user agents by Cisco TRAC/SIO reveals that Android users, at 71 percent, have the highest encounter rates with all forms of web-delivered malware

That 71% encounter rate for web-delivered malware on Android mentioned above compares to just 14 percent for iPhone users, according to the report. The report’s finding that 99 percent of all mobile malware last year targeted Android marks an increase for Android when comparing to the last report Schiller shared. In March of last year, Schiller shared a report from security firm F-Secure that estimated Android had around 79% of all mobile malware for 2012 compared to just 0.7 percent for iOS.
Read more

Mac-specific trojan injects ads into webpages – including Apple’s site

TNW reported on a new trojan discovered by Russian website Doctor Web that installs adware on Macs running all three of most popular browsers: Safari, Firefox and Chrome. Doctor Web demonstrated that the Trojan.Yontoo.1 plugin can display ads on any site by showing it in action on Apple’s own website.

Yontoo5-730x401

Many Mac owners still believe that OS X is immune to viruses and trojans. While it’s true the platform is well protected, a large part of the relative immunity enjoyed by Mac owners has simply been down to blackhat economics: when there were many more Windows machines around than Macs, it was less worthwhile for attackers to target Macs. As the popularity of Macs has grown, however, the platform has made an increasingly attractive target.

The trojan cannot install itself and instead relies on tricking users into downloading and installing it.

This particular trojan can get onto your Mac in multiple ways. Criminals have so far used movie trailer pages that prompt users to install a browser plugin, a media player, a video quality enhancement program, or a download accelerator. In other words, the usual schemes we’ve seen on Windows.

Once installed, the plugin sends details of the webpages you visit back to a server controlled by the bad guys and uses that info to insert relevant ads. The Apple example above shows just how slickly this can be done. On a less-familiar site, a visitor could easily see the ad as part of the site.

As ever, the advice here is to only ever download known plugins from the official sites. Never accept an invitation to download anything from a website unless you know it to be a site you can trust. We’d be surprised if many 9to5Mac readers fell victim to this, but if you have family members using your Mac who might not be as careful, Intego VirusBarrier has updated its definitions to include it.

Yet another Java vulnerability discovered, researchers recommend disabling browser plug-in

url-3

Following an attack on a smaller number of corporate Macs that exploited a flaw in the Java browser plug-in, researchers from security firm FireEye warned users of yet another new Java zero-day vulnerability. According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are now vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple, and several other companies last month. Following the earlier attack, Apple released an update to Java for users to version 1.6.0_41. These recent vulnerabilities come after several updates over the last year to Java addressing exploits.

FireEye recommended users disable Java until Oracle addresses the issue:

We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.

Oracle provided the instructions below for uninstalling Java on Mac: Read more

Adobe releases emergency Flash security update to address malware attacks on OS X

HT5655-Sheet-001-en.

As noted by ArsTechnica, Adobe just released an unscheduled patch to address two vulnerabilities that could be the source of malware attacks on both OS X and Windows. Apple has also issued a KB urging users to update. According to the advisory posted by Adobe, the attacks targeted Firefox or Safari users on Mac:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The update is available through Adobe’s website here.

Kaspersky: 30,000 Mac users left infected with Flashback, more Mac malware on the way

As of yesterday, security company Symantec released a statement claiming there were still 140,000 Macs infected from the recent Flashback malware outbreak that originally infected an estimated 600,000 Mac users. That was despite Apple issuing a Java security update to remove the malware. Today, security researchers from Kaspersky said during a press conference (via Ars Technica) that it estimated infections dropped to 30,000, while still warning more “mass-malware” on OS X is on the way:

“Market share brings attacker motivation… Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

Kaspersky also clarified that much of the Flashback infections were spread through trusted WordPress websites that have been hijacked rather than through malicious downloaded files as many assume. Ars explained:
Read more

Apple to issue Mac OS X update 'in the coming days' to remove malware

Apple has announced in a new support document that an update to Mac OS X will be issued in “the coming days” to find and squash malware. This malware comes through supposed anti-virus software that is actually built to steal private information like credit card numbers.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, Apple is now offering a manual resolution for users who wish to remove and find malware as soon as possible. The solution is pasted after the break. This upcoming software update may be a simple security patch or may even be a part of Mac OS X 10.6.8, which Apple has already seeded twice to developers.

Read more