Macs are again attacked by malware

Sad MacIn past, Macs were well secured computers thanks to UNIX-like operating system macOS (formerly Mac OS X / OS X). This OS was not majority system as was MS Windows, so it was “ignored” by crackers. With growing popularity of Mac computers, crackers increased their interest in Macs. You can no longer visit pirate or illegal websites without any risk for your Mac. Times are changing and Macs are no longer as secure as it was in past.

Probably the most known malware, known as “optimalization tool”, is called MacKeeper. A lot of Mac users saw it as ad or, mostly, pop-up. You don’t have to visit pirate, banned or illegal sites to see it. Never install it, even on recommendation. It’s truly malware, which is hard to get rid of.

It’s a good idea to get ad blockers, like AdBlock, or even better, uBlock. uBlock does not let pass ads from companies which paid for excluding from blocklist. If you are user of both macOS and iOS, we strongly recommend 1Blocker and Roadblock.

Downloading legal software from genuine sites may be risk too. As in case of HandBrake, an open-source video transcoder for Macs, crackers attacked server and replaced HandBrake app with infected one. Same issue was with torrent client Transmission, which was infected by ransomware.

Recently, new infected software was discovered in Eltima Software products. Affected are Elmedia Player and Folx. Trojan is called “Proton” (do not confuse with “ProtonMail”). The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more. Attackers used a security breach in the tiny_mce JavaScript library used on company’s server, as said spokesperson.

Malware was detected on 19th October and it looks like infected apps were on server on that date before 3:15 p.m. Eastern Time. Malware creates these files:

  • /tmp/Updater.app
  • /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
  • /Library/.rand
  • /Library/.rand/updateragent.app

Did you spot these files? It’s high chance that you are infected.

Unfortunately, there is only one way ho to get it rid of – reinstallation of macOS. Currently, clean versions of affected products are now available from the Eltima website.

Source: macrumors.com

Leave a Reply

Your email address will not be published. Required fields are marked *