MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
malware
Search

Jamf discovers new malware disguised as popular macOS apps

Thursday January 18, 2024. 04:30 PM , from Macworld Reviews
Macworld

Jamf Threat Labs on Thursday announced that it has discovered a new malware threat on macOS. The malware is similar to the ZuRu malware that was discovered in 2021.

The malware is being distributed through pirated software hosted in China. When a user launches the pirated app, a malicious dynamic library attached to the app uses a backdoor built with the open-source Khepri post-exploitation tool. This allows the malware to avoid detection by anti-virus software. The malware then communicates with the attacker, who can load software on the target Mac and control it.

Jamf discovered the malware while investigating other threats. An executable called “.fseventsd” stood out because it’s hidden and has the same name as a process in macOS. Jamf also notes that the executable wasn’t signed by Apple and was not flagged as malicious on VirusTotal, a website that analyzes suspicious files.

The pirated apps where Jamf discovered the malware include FinalShell, Microsoft Remote Desktop Client, Navicat Premium, SecureCRT, and UltraEdit. “It’s possible that this malware is a successor to the ZuRu malware given its targeted applications, modified load commands, and attacker infrastructure,” according to Jamf.

How to avoid malware attacks

Jamf believes that this new malware “appears to primarily target victims in China.” Since it spreads through pirated software, the easiest way to avoid it is to use only legitimately acquired apps from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.

Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, the company will reissue it as soon as it is properly revised with corrections.

MacOS, Security Software and Services
Read more at Macworld Reviews
https://www.macworld.com/article/2204631/jamf-malware-pirated-macos-apps-backdoor.html

Related News

malware How to downgrade macOS to an older version Macworld UKJan 30
nbsp How to downgrade macOS to an older version Mac CentralJan 30
jamf How to downgrade macOS to an older version Mac 911Jan 30
macos How to downgrade macOS to an older version Macworld ReviewsJan 30
software How to downgrade macOS to an older version MacOsxHintsJan 30
pirated How to Disable Caps Lock Indicator on macOS Sonoma Mac MegasiteJan 30
rsquo How to Disable Caps Lock Indicator on macOS Sonoma TheMacObserverJan 30
discovered How to quickly make desktop aliases from Dock apps in macOS AppleInsiderJan 30
security HomeOS to join Appleā€™s macOS, iOS, iPadOS, tvOS, watchOS, and visionOS? Mac MegasiteJan 30
apps Apple releases first macOS 14.4 beta Mac MegasiteJan 30
through Apple releases first watchOS 10.4 and macOS 14.4 developer betas Mac MegasiteJan 30
apple Apple Seeds First Beta of macOS Sonoma 14.4 to Developers Mac MegasiteJan 30
avoid macOS 14.4 is now available MacOsxHintsJan 29
rdquo macOS 14.4 is now available Mac CentralJan 29
mac macOS 14.4 is now available Macworld ReviewsJan 29
malware macOS 14.4 is now available Macworld UKJan 29
nbsp macOS 14.4 is now available Mac 911Jan 29
jamf Apple seeds first developer beta of macOS Sonoma 14.4 AppleInsiderJan 29
macos Apple Seeds First Beta of macOS Sonoma 14.4 to Developers MacRumorsJan 29
software How revert a macOS update: switch back to Ventura from Sonoma MacOsxHintsJan 29
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Apr, Mon 29 - 13:10 CEST