Skip to main content

Malware

80 'Malware' stories May 2011 - February 2013
See All Stories

Adobe releases emergency Flash security update to address malware attacks on OS X

Avatar for Jordan Kahn Feb 7 2013 - 4:40 pm PT
0 Comments
Site default logo image

HT5655-Sheet-001-en.

As noted by ArsTechnica, Adobe just released an unscheduled patch to address two vulnerabilities that could be the source of malware attacks on both OS X and Windows. Apple has also issued a KB urging users to update. According to the advisory posted by Adobe, the attacks targeted Firefox or Safari users on Mac:

Adobe is also aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.

The update is available through Adobe’s website here.

Site default logo image

Apple updates OS X malware definitions for new fake-installer/SMS trojan

Avatar for Jordan Kahn Dec 13 2012 - 7:58 am PT
0 Comments

SMSSend.3666

MacRumors noted today that Apple is utilizing the automatic daily checks for malware definitions it implemented last year to block an OS X trojan horse discovered earlier this week. The trojan was originally detailed in a blog post on Dr. Web. Known as “TrojanSMSSend.3666”, Apple has now updated its “Xprotect.plist” blacklist to allow OS X to detect and alert the user if downloaded:

Apple has moved quickly to address the threat, adding definitions for the malware to its “Xprotect.plist” blacklist, which is part of the basic anti-malware tools Apple launched with OS X Snow Leopard in 2009. In its original incarnation, users were required to update definitions manually, but as malware threats against OS X grew, Apple last year instituted automatic daily checks to keep users’ systems updated.

Site default logo image

Morcut/Crisis Mac malware capable of monitoring location, webcam, address book, more

Avatar for Jordan Kahn Jul 26 2012 - 12:52 pm PT
0 Comments

We told you yesterday about the Trojan named “Crisis“, also being referred to as “OSX/Morcut-A”, discovered for OS X, but it is considered low risk for users. Today, we get some more details about the trojan with security company Sophos explaining the Morcut Malware features code for controlling the following:

  • mouse coordinates
  • instant messengers (for instance, Skype [including call data], Adium and MSN Messenger)
  • location
  • internal webcam
  • clipboard contents
  • key presses
  • running applications
  • web URLs
  • screenshots
  • internal microphone
  • calendar data & alerts
  • device information
  • address book contents

The malware appears to have been specifically created with spying on the user as its goal. There have not been any reported cases of infected users, though, so the threat is still considered low risk.

Site default logo image

Apple releases update to Leopard, includes Flashback removal tool

Avatar for Jake Smith May 14 2012 - 2:22 pm PT
0 Comments

While Apple has released updates for both Lion and Snow Leopard to remove the Flashback malware that is making the rounds, the company had not released a fix for Leopard until today. Apple released a Flashback Removal Security Update for Leopard this afternoon that weighs 1.23MB. Along with removing the Flashback malware, it also disables the Java plug-in in Safari. Apple described the update:

This update removes the most common variants of the Flashback malware. If the Flashback malware is found, a dialog will notify you that malware was removed. In some cases, the update may need to restart your computer in order to completely remove the Flashback malware…To improve the security of your Mac, this update also disables the Java plug-in in Safari.

Apple also released Security Update 2012-003 for Leopard that “disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe’s website.” A similar update was issued for Lion and Snow Leopard in Safari 5.1.7, which released with OS X 10.7.4 late last week—hit up Software Update.

This is the first major update Apple has released for Leopard since Lion debuted last July. Unlike Adobe, it looks like Apple is devoted to keep its old products up-to-date—even if the update is a few weeks behind. For those of you unaware, Adobe recently told users to upgrade from CS5 to CS6 to avoid a security flaw in older versions of software, instead of just patching it. However, Adobe quickly backed down after receiving a ton of backlash from the community and promised an update in the coming weeks. Still sketchy.

More on the Flashback malware


Expand
Expanding
Close

Site default logo image

Oracle finally releases first Java Developement Kits for Mac OS X

Avatar for Jordan Kahn Apr 27 2012 - 6:18 am PT
0 Comments

When Apple confirmed in 2010 that it would no longer support Java for OS X, it also announced shortly after an agreement with Oracle to include OS X support in future versions of its OpenJDK Project to provide Java SE 7 implementation on Macs. Over a year later, Oracle has now released Java SE 7 Update 4 and JavaFX 2.1 with the first JDK to land with OS X support (via MacRumors):

This release marks Oracle’s first delivery of both the Java Development Kit (JDK) and JavaFX Software Development Kit (SDK) for Mac OS X. 

– Java developers can now download Oracle’s JDK, which includes the JavaFX SDK, for Mac OS X from the Oracle Technology Network (OTN). 

– Oracle plans to release a consumer version of Java SE 7, including the Java Runtime Environment (JRE) for Mac OS X later in 2012.

Following the original announcement in 2010, Apple’s late CEO Steve Jobs explained that his company’s practice of shipping a version of Java behind Oracle as possibly “not be the best way to do it.” Of course, Apple has patched several vulnerabilities in Java in recent weeks that have lead to an outbreak of malware on Macs. That vulnerability was patched by Oracle in February, months before OS X users received it.

Site default logo image

Kaspersky: Apple is 10 years behind Microsoft on security

Avatar for Jordan Kahn Apr 26 2012 - 10:59 am PT
0 Comments

The last time security researchers at Kaspersky checked the state of Macs infected with the Flashback malware outbreak, it estimated roughly 140,000 were still infected. At the recent Info Security Europe 2012 conference, CBR quoted CEO and co-founder Eugene Kaspersky as claiming Apple is 10 years behind Microsoft when it comes to security:

“I think they are ten years behind Microsoft in terms of security,” Kaspersky told CBR. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms…. 

Cyber criminals have now recognised that Mac is an interesting area. Now we have more, it’s not just Flashback or Flashfake. Welcome to Microsoft’s world, Mac. It’s full of malware….Apple is now entering the same world as Microsoft has been in for more than 10 years: updates, security patches and so on,” he added. “We now expect to see more and more because cyber criminals learn from success and this was the first successful one…. They will understand very soon that they have the same problems Microsoft had ten or 12 years ago”

Related articles

Kaspersky: 30,000 Mac users left infected with Flashback, more Mac malware on the way

Avatar for Jordan Kahn Apr 19 2012 - 9:17 am PT
0 Comments
Site default logo image

As of yesterday, security company Symantec released a statement claiming there were still 140,000 Macs infected from the recent Flashback malware outbreak that originally infected an estimated 600,000 Mac users. That was despite Apple issuing a Java security update to remove the malware. Today, security researchers from Kaspersky said during a press conference (via Ars Technica) that it estimated infections dropped to 30,000, while still warning more “mass-malware” on OS X is on the way:

“Market share brings attacker motivation… Expect more drive-by downloads, more Mac OS X mass-malware. Expect cross-platform exploit kits with Mac-specific exploits.”

Kaspersky also clarified that much of the Flashback infections were spread through trusted WordPress websites that have been hijacked rather than through malicious downloaded files as many assume. Ars explained:

Expand
Expanding
Close

Apple to issue Mac OS X update 'in the coming days' to remove malware

Avatar for Mark Gurman May 24 2011 - 3:19 pm PT
0 Comments
Site default logo image

Apple has announced in a new support document that an update to Mac OS X will be issued in “the coming days” to find and squash malware. This malware comes through supposed anti-virus software that is actually built to steal private information like credit card numbers.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants.  The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, Apple is now offering a manual resolution for users who wish to remove and find malware as soon as possible. The solution is pasted after the break. This upcoming software update may be a simple security patch or may even be a part of Mac OS X 10.6.8, which Apple has already seeded twice to developers.


Expand
Expanding
Close

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing