The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!

New NetWeird variant in the wild

Posted on March 27th, 2014 at 9:10 AM EDT


Since early February, I’ve seen several reports of a new variant of the NetWeird malware. In all cases, this malware was detected by Dr. Web, and was detected as Backdoor.Wirenet.2, as opposed to the earlier Wirenet.1 variant that first appeared back in 2012. It would appear that this malware is still in active development, and the news is bad on all fronts. Read the rest of this entry »

1 Comment

How to manage a hacked wireless router

Posted on March 18th, 2014 at 9:48 AM EDT


There have been a lot of cases of wireless routers being hacked or infected with malware recently. With news of the malware known as the “Moon” that has been infecting a number of LinkSys routers (one of the most popular brands) and a report that one gang of hackers is in control of more than 300,000 wireless routers, this is a dangerous time to manage a wireless network. So how does the average home or small business user manage their wireless routers? Read the rest of this entry »


Time to re-evaluate safety of Mac OS X

Posted on March 5th, 2014 at 11:07 AM EDT


My Mac Malware Guide has, for some time, made the claim that a properly up-to-date Mac OS X system cannot be infected by any known malware. This was true at one point, with some provisos, when that text was originally written. However, recent cases of malware that has failed to be blocked by the XProtect anti-malware system in Mac OS X prompted me to do a re-evaluation of this statement. What I found was profoundly disappointing, leaving me wishing that I could take those words back. Read the rest of this entry »


Kaspersky reveals “The Mask”

Posted on February 11th, 2014 at 12:30 PM EDT


Last week, Kaspersky posted a rather vague note about new malware they called “The Mask,” which they said was “one of the most advanced threats at the moment.” They withheld further information until yesterday, when they revealed their findings at a Kaspersky-sponsored conference, the Security Analyst Summit. This information can be found in a document titled ‘Unveiling “Careto” – the masked APT.’ After studying this document, I am forced to call into serious question Kaspersky’s claims… and their responsibility as a member of the security community. Read the rest of this entry »


New CoinThief malware discovered

Posted on February 10th, 2014 at 10:32 AM EDT


A new Mac trojan, named OSX/CoinThief.A by SecureMac, has been discovered. This malware is designed to steal Bitcoins from infected machines, and is disguised as an app intended to be used for sending and receiving Bitcoin payments. Although the average user is not likely to be affected by this, it has cost at least one user around $12,000 in lost Bitcoins, according to SecureMac. Read the rest of this entry »

1 Comment

Mac anti-virus testing 2014

Posted on January 27th, 2014 at 8:49 AM EDT


Almost exactly one year ago, I completed a round of tests of 20 different anti-virus programs on the Mac. Because this is an area of software that is in almost constant flux, I felt it was important to repeat that test this year. I was very curious about whether these programs were still as effective (or ineffective) as they had been, and how well they detected new malware that had appeared since the last test was performed. Read the rest of this entry »


Preliminary anti-virus testing comments

Posted on January 22nd, 2014 at 1:06 PM EDT


I have been working on another round of testing of anti-virus apps. The last time I did this was one year ago, in January of 2013, so I decided it was probably time to repeat it. I have finished all the scanning, but still have a pile of work in front of me to get all the data tabulated. Still, this experience has been frustrating enough that I want to make some preliminary comments, before I have the full results in-hand. Read the rest of this entry »


Delivery notice trojan targeting Mac users

Posted on January 21st, 2014 at 2:48 PM EDT


Sophos reported today the discovery of a new Mac trojan, which they are calling OSX/LaoShu-A, that is spreading through fake FedEx delivery e-mails. It’s unknown how widespread these e-mails might be, but this method of infection has the potential to reach a lot of people! Although a savvy Mac user will see the warning signs, many people will probably not understand the implications of those signs and will open the trojan anyway. Read the rest of this entry »


New variant of Crisis found

Posted on January 21st, 2014 at 2:12 PM EDT


Intego reported yesterday that they have discovered a new variant of the Crisis malware, which they are calling Crisis.C. The new variant does not yet have a very high detection rate on VirusTotal… perhaps because the code has been obfuscated using MPacker. It is unknown at this time, however, how this malware gets installed. Read the rest of this entry »

1 Comment

Misinformation about “acoustical infections”

Posted on December 5th, 2013 at 2:13 PM EDT


There has been much ado in the tech media lately about new malware that can infect another computer through nothing but sound. In other words, an infected computer could use nothing more than sounds played through the computer’s speaker to infect another computer that has a microphone (as most laptops do these days). Here’s the thing, though… it’s all crap! (Pardon the harsh language.) No such thing is actually possible. Read the rest of this entry »


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.