Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Archive for the ‘Mac’ Category

    After our previous finding involving a targeted attack whose payload were OS-dependent, we encountered a more recent run that leads to a malicious file specifically affecting Mac OSX. The said malware, detected as TROJ_MDROPR.LB, is a Trojan being used in Pro-Tibetan targeted campaigns, as initially described by Alienvault. In investigating the campaign, we found that the C&C being used in this particular attack is the same C&C we also saw being used by one of the Gh0stRat payloads in the series ...

    The mass appeal of Apple products is undeniable. Every product or software release is often anticipated and greeted with much fanfare. Its latest release, the OS X Mountain Lion, is no exception. Although the software has yet to be released, there have already been articles written about its features. One of the more-touted features of Mountain Lion is Gatekeeper, a whitelisting approach that helps users from downloading bad apps. This feature restricts whether applications can run based solely on where they ...

    After tricking users into viewing ads through a Facebook scam, cybercriminals are again capitalizing on Steve Jobs's death through malicious spam. We were able to find spam that contain the text, "Steve Jobs Alive" or "Steve Jobs Not Dead." Another Steve Jobs-related spam we saw was written in Portuguese, which includes a short text about his death: The text in the message above roughly translates to the following: Subject: Creator of Steve Jobs of Apple's Mac, iPod and iPad dies Steve Jobs, died of cancer ...

    The current wave of Mac OS X FAKEAV infections follows a three-step process. To those familiar with Windows-based FAKEAV variants, the pattern in this infection chain will be quite familiar. Displays a "scanning page" from poisoned Google searches. Prompts the user to download a .ZIP file that contains a .PKG installer. This installer installs a downloader. The downloader downloads another .ZIP file that contains the actual FAKEAV .APP file. In step 2, the downloaded installer package (.PKG file) contains two notable files: The downloader binary A .PNG file The downloader binary is responsible for ...

    For some years now, FAKEAV variants have been plaguing Windows-based systems. Recently, this malware type has entered the Mac OS X scene. As with Windows-based FAKEAV variants, poisoned search terms are the most common infection Mac FAKEAV vectors. Take, for example, the following poisoned search result: Accessing the website while using a Mac will directly lead the user to the following page:


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice