Macs are again attacked by malware

Sad MacIn the past, Macs were well secured computers thanks to UNIX-like operating system macOS (formerly Mac OS X / OS X). This OS was not majority system as was MS Windows, so it was “ignored” by hackers. With growing popularity of Mac computers, the same applied to “hacking scene” of macOS. You can no longer visit pirate or illegal websites without any risk for your Mac. Times are changing and Macs are no longer as secure as it was in past.

Probably the most known malware, known as “optimization tool”, is called MacKeeper. A lot of Mac users saw it as ad or, mostly, pop-up. You don’t have to visit pirate, banned or illegal sites to see it. Never install it, even on recommendation. It’s truly malware, which is hard to get rid of.

It’s a good idea to get ad blockers, like AdBlock, or even better, uBlock. uBlock does not let pass ads from companies which paid for excluding from blocklist. If you are user of both macOS and iOS, we strongly recommend 1Blocker and Roadblock.

Downloading legal software from genuine sites may be risk too. As in case of HandBrake, an open-source video transcoder for Macs, hackers attacked server and replaced HandBrake app with infected one. Same issue was with torrent client Transmission, which was infected by ransomware.

Recently, new infected software was discovered in Eltima Software products. Affected are Elmedia Player and Folx. Trojan is called “Proton” (do not confuse with “ProtonMail”). The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more. Attackers used a security breach in the tiny_mce JavaScript library used on company’s server, as said spokesperson.

Malware was detected on 19th October and it looks like infected apps were on server on that date before 3:15 p.m. Eastern Time. Malware creates these files:

  • /tmp/
  • /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
  • /Library/.rand
  • /Library/.rand/

Did you spot these files? It’s high chance that you are infected.

Unfortunately, there is only one way how to get it rid of – reinstallation of macOS. Currently, clean versions of affected products are now available from the Eltima website.


Update 1st – 06. May 2018: In this article, I mentioned 1Blocker in form of HTML link leading to my review of 1Blocker. As for now, app download link leads to 1Blocker Legacy, a renamed 1Blocker app. New version is called 1Blocker X, a brand-new app, which is available as a new purchase HERE.

Liked it? Take a second to support Lukáš Raynor Majer on Patreon!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.