Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
New Mac spyware found at freedom conference
Posted on May 17th, 2013 at 6:42 AM EDT
F-Secure announced yesterday the discovery of a new piece of Mac malware, which was discovered at the annual Oslo Freedom Forum on a freedom of speech activist’s computer. This malware, which they are calling OSX/KitM.A, appears to take screenshots about every 20 seconds, and presumably (though they did not say this outright) uploads them to a remote server. Most interestingly, this malware is signed with an Apple Developer ID! Read the rest of this entry »
CallMe malware persists
Posted on April 25th, 2013 at 1:59 PM EDT
F-Secure has blogged today about a slightly new variant of CallMe that has been seen in the wild. Everything about the malware seems to be the same, except for file names and the command server that the malware “calls home” to. This is certainly small news, but it does show that this malware is still in active distribution, at least. Read the rest of this entry »
Yontoo: adware or malware?
Posted on March 22nd, 2013 at 12:18 PM EDT
There has been a lot of talk in the last week about a new bit of adware for the Mac, called Yontoo. Adware is never popular, whether it is legit or not, and is a frequent source of disagreement in the security community. It is very rare that anti-virus companies manage to come to agreement on this topic. Even a program like FkCodec (aka Codec-M), which is without a doubt designed to trick users into installing it to earn ad revenue, is not detected by many anti-virus programs. (One of my FkCodec samples earned the lowest detection rate in my recent testing, being identified by only 7 of 20 anti-virus engines.) So why has Yontoo gotten so much attention? Read the rest of this entry »
Has GetShell been trojanized?
Posted on March 11th, 2013 at 7:44 PM EDT
An interesting file was posted to VirusTotal today: a Mac disk image file containing what appeared to be a copy of Adium. This file was recognized by a small handful of anti-virus engines as the GetShell malware, however. This surprised me a bit, as GetShell had previously (as far as I know) only been installed as a drive-by download through Java vulnerabilities. So I decided to do a little investigation. Read the rest of this entry »
New Minecraft password-stealing trojan
Posted on March 1st, 2013 at 4:46 PM EDT
Minecraft has been targeted by malware before (see Cross-platform malware Jacksbot found in the wild), and with Minecraft and Minecraft modifications continuing to be popular, it’s no surprise that it has happened again. Intego announced today the discovery of a new trojan that it has named Minesteal. Read the rest of this entry »
New Flash vulnerability
Posted on February 26th, 2013 at 10:09 PM EDT
Although it has not attained the same level of danger as Java, Flash is back in the news today due to vulnerabilities. Adobe has issued a Flash update, saying that the vulnerabilities fixed are currently being exploited in the wild. This patch is considered to be of the highest priority. All users of Flash are advised to update immediately. Read the rest of this entry »
Mysterious new malware takes down multiple companies
Posted on February 19th, 2013 at 5:47 PM EDT
This has been quite an interesting month in security news. Multiple major companies have been hacked, including Apple themselves, and there are rumors of yet another new bit of malware for the Mac. Yet all is still rather unclear. Is this all related? It’s probably too soon to say for sure, but I am guessing that it may be. Read the rest of this entry »
New CallMe malware discovered
Posted on February 13th, 2013 at 2:11 PM EDT
Intego announced today the discovery of a new Mac trojan, which they are calling OSX/CallMe.A. This malware is spread through maliciously-crafted Microsoft Word documents that, when opened, result in a backdoor being installed. The backdoor in question sounds very simple, giving the hackers the ability to run commands (through a bash shell) and steal the user’s Address Book data.
Variant of SMSSend slips past XProtect
Posted on February 11th, 2013 at 9:47 PM EDT
This weekend, I got my hands on a variant of the SMSSend malware. What I found was very interesting, and very concerning. After examining it, it’s evident that the malware is still evolving and is still an active threat. Worst of all: it seems to be capable of slipping past the current version of the built-in anti-malware security in Mac OS X (aka, XProtect)! Read the rest of this entry »
Critical Flash vulnerability exploited and fixed!
Posted on February 7th, 2013 at 10:20 PM EDT
Adobe announced today the release of a Flash Player update, fixing a vulnerability that they say is being exploited “in the wild” to drop malware on Macs. To cite an important portion of Adobe’s announcement, “Adobe is [...] aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform.” Read the rest of this entry »