OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Cross-platform malware Adwind infects Mac

Posted on July 26th, 2016 at 12:58 PM EDT

A colleague referred me to an article on a piece of cross-platform malware, called Adwind RAT (short for “remote access tool”), that was going undetected.

This is often code for “this malware was written in Java,” which doesn’t necessarily mean that it actually drops a Mac payload. So I was a bit skeptical, and said so. But, hey, new malware to play with… how could I resist taking a peek?

Read the full story on Malwarebytes Labs

Leave a comment

New Mac backdoor malware: Eleanor

Posted on July 6th, 2016 at 9:34 AM EDT

A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.

This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)

Read the full story on Malwarebytes Labs

4 Comments

e-biohazard XcodeGhost malware infiltrates App Store

Posted on September 21st, 2015 at 2:34 PM EDT

Late last week, Claud Xiao, a researcher at Palo Alto Networks, announced the discovery of new malware that he calls XcodeGhost. As the story has developed over the weekend, it turns out that this malware has infected at least 39 known iOS apps as of early this morning, all of which made it into the App Store.

Read the full story on Malwarebytes Unpacked.

This post is more than 30 days old and has been locked. No further comments are allowed.

e-biohazard OceanLotus malware attacks China

Posted on May 31st, 2015 at 8:11 AM EDT

On Friday, Chinese security researchers at Qihoo 360’s SkyEye Labs released a paper describing new malware they named OceanLotus. Unfortunately, this paper is written in Chinese, and Google’s far-from-perfect translation of the page is a difficult read. It is clear, however, that there is a Mac variant of this malware.
Read the rest of this entry »

4 Comments

e-biohazard OpinionSpy is back!

Posted on February 9th, 2015 at 8:08 PM EDT

OpinionSpy first appeared in 2010, installed along with a number of screensavers made by a company named 7art, as well as a few other applications. OpinionSpy – officially called PremierOpinion by its developers – was spyware disguised as marketing software. It was described by Intego at the time, who attributed to it the ability to capture data from the infected Mac as well as from the network it connected to, as well as having backdoor functionality.
Read the rest of this entry »

23 Comments

e-biohazard A look back at the malware of 2014

Posted on January 2nd, 2015 at 4:34 PM EDT

As most Mac users know, Macs don’t get malware. Unfortunately, what most Mac users know on this topic is actually wrong! There actually is Mac malware out there, there’s just a lot less than there is for Windows. Fortunately, in 2014, new malware appearances have dropped since 2013.
Read the rest of this entry »

58 Comments

e-biohazard New WireLurker malware infects Mac OS X and iOS

Posted on November 6th, 2014 at 10:31 AM EDT

Palo Alto Networks announced yesterday their discovery of new malware for Mac OS X, which they are calling WireLurker. This malware has been distributed in 467 known pirated apps distributed in China’s Maiyadi App Store (not affiliated with Apple’s Mac App Store). To make matters worse, this malware is known to infect iOS devices that are connected to infected Macs, even if those iOS devices have not been jailbroken!
Read the rest of this entry »

17 Comments

e-biohazard New “Ventir” malware

Posted on October 19th, 2014 at 8:54 AM EDT

On Thursday of last week, Kaspersky announced their discovery of a new piece of Mac malware, which they are calling Ventir. I have held off writing anything about this until I could get some independent confirmation, as I tend to be skeptical of Kaspersky these days. (See Misinformation about “acoustical infections” and Kaspersky reveals “The Mask”.) However, I have tested my own copy of the malware at this point, and found that Kaspersky’s analysis seems to be fairly accurate in this case.
Read the rest of this entry »

43 Comments

e-biohazard iWorm method of infection found!

Posted on October 4th, 2014 at 7:29 AM EDT

On Thursday, I wrote about new malware called iWorm. This morning I awoke to find an e-mail waiting for me in my Inbox from someone who wished to remain anonymous. This person indicated that he had found installers for the new iWorm malware. He pointed me to the downloads offered by a user named “aceprog” on PirateBay.
Read the rest of this entry »

48 Comments

e-biohazard Dr. Web announces new “iWorm” malware

Posted on October 2nd, 2014 at 7:39 AM EDT

Dr. Web announced the discovery of a new piece of Mac malware on Monday, which they are calling Mac.Backdoor.iWorm. According to their report, they believe the malware is affecting “more than 17,000 unique IP addresses.” Of course, this may not correlate well with the number of infected Macs, since most Macs do not have static IP addresses, but the number of infected Macs should at least be on the same order of magnitude.
Read the rest of this entry »

17 Comments