Saturday, April 29, 2017

Malware Uses Apple Developer Certificate to Infect MacOS and Spy on HTTPS Traffic

from macrumors.com

A malware research team has discovered a new piece of Mac malware that reportedly affects all versions of MacOS and is signed with a valid developer certificate authenticated by Apple (via The Hacker News). 

The malware has been dubbed "DOK" and is being disseminated through an email phishing campaign which researchers at CheckPoint say is specifically targeting macOS users, making it the first of its kind. 

The malware works by gaining administration privileges in order to install a new root certificate on the user's system. This enables it to gain access to all communications between the host Mac and the internet, including traffic flowing through connections encrypted with SSL. 

The initial email pretends to be informing the recipient of inconsistencies in their tax return and asks them to download a zip file attachment to their Mac that harbors the malware. Apple's built-in Gatekeeper security feature reportedly fails to recognize it as a threat because of its valid developer certificate, and the malware copies itself to the /Users/Shared/ folder and creates a login item to make itself persistent, even in a rebooted system. 

The malware later presents the user with a security message claiming an update is available for the system, for which a password input is required. Following the "update", the malware gains complete control of admin privileges, adjusts the network settings to divert all outgoing connections through a proxy, and installs additional tools that enable it to perform a man-in-the-middle attack on all traffic. 


According to the researchers, Mac antivirus programs have yet to update their databases to detect the DOK malware, and advises that Apple revoke the developer certificate associated with the author immediately. 

Back in January, researchers discovered a piece of Mac malware called Fruitfly that successfully spied on computers in medical research centers for years before being detected. 

The latest discovery of malware, which appears to target predominantly European users, underlines the fact that Macs are not immune to the threat as is sometimes supposed. As always, users should avoid clicking links or downloading attachments in emails from unknown and untrusted sources.

Tuesday, January 31, 2017

Apple Malware Remained Un-patched for Almost 20 Years

from news.filehippo.com
Antivirus Software Maker Spots Apple MacOS Vulnerability
Named Quimitchin by Malwarebytes and called Fruitfly by Apple, the ‘new’ back door may actually have been lurking in the background of macOS for years, taking advantage of vulnerabilities in code that hasn’t been updated since the late 1990s, according to the antivirus software publisher’s blog post.

A masterclass in simplicity, the malware contains just two files designed to open a backdoor into the Macs it infects, letting it receive instructions from the hacker’s computer, known in the cybersecurity world as a command and control server (C&C).

Thomas Reed from Malwarebytes said: “These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days. In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.

“However, we shouldn’t take the age of the code as too strong an indication of the age of the malware. This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation.

“It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.”

Thomas Reed goes on to say that ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent. “This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”

The good news is that Apple has released an update that will be automatically downloaded behind the scenes to protect against future infections.

Also, as you might expect, Malwarebytes will detect Fruitfly, or Quimitchin (Why the name? Because the quimitchin were Aztec spies who would infiltrate other tribes. Given the “ancient” code, they thought the name rather fitting!).

Friday, September 16, 2016

More iOS 10 woes: Some users can’t sync music between devices

from thenextweb.com
This morning has basically been a disaster for Apple. First its highly-anticipated roll-out of iOS 10 welcomed users with a bricked device. Now, following the release of iOS 12.5.1, users report they can no longer connect to iCloud Music Library — the lynchpin required to sync music across supported devices.

iPhone, iPad, iPod touch, Mac or Windows (and Linux) PC users are all susceptible to whatever is causing the issue and many are finding their content inaccessible while the service is down.

When attempting to access the feature after today’s update, users are met with the following error message. After clicking ‘OK’ the message disappears, only to reappear seconds later.

We’ve reached out to Apple for comment and we’ll update if necessary.

Wednesday, September 14, 2016

Warning: iOS 10 is reportedly screwing up people’s phones

from thenextweb.com
After releasing iOS 10 earlier today, some users are reporting ‘bricked’ devices after attempting to update to the new operating system. Most of the issues seem to come from over-the-air (OTA) updates, meaning a device that attempts to download and install the update without plugging it in — something Apple used to require.

The issues seem fairly widespread. The OTA update begins and leaves users staring at a ‘Connect to iTunes’ screen that forces a complete firmware re-install. If you forego the wiping and re-installation of iOS from your iPhone or iPad, you’re left with a bricked and completely useless device.

Not all users are having the issue though. I updated from the last beta version of iOS 10 to the launch version this morning without incident.

A Twitter search for iOS 10-related keywords show the problem could be affecting a significant portion of those upgrading. In fact, nearly all of the iOS 10-related update problems appear to be the same issue, a bricked device after a prompt to connect to iTunes.

For what it’s worth, Apple claims the problem has since been fixed, according to a 9to5 Mac tweet.

Users, however, are still reporting the problem, so maybe Apple isn’t quite done remedying the issue just yet. Still, if you absolutely have to have iOS 10 today, it’s never a bad idea to do a fresh backup before you make the upgrade.


Saturday, July 23, 2016

Hackers can steal your iOS and Mac passwords with a single image file

from: thenextweb.com
A new vulnerability discovered by a Cisco researcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device – and all they’d have to do is send you a malicious image file.

Tyler Bohan of Cisco Talos found that a TIFF format file – sent via MMS, email or placed on a webpage that a victim is guided to visit – can hide malware which can run automatically, without being detected.

In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.

Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.

If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.

Wednesday, January 20, 2016

Apple Gatekeeper still lets malware in

from komando.com
If you use a Mac, you may be comforted by its reputation for being secure. For decades, Apple had done a great job of keeper hackers out.

That is, until Apple products started becoming really popular in recent years. Then, hackers began to pounce. Now, Macs are often hit by hackers, or found to be vulnerable to attack.

That's the case with Apple Gatekeeper. Ironically, it's a program that's meant to keep the bad guys out. If you download apps, you can tell Apple to only let in apps from trusted providers.

As Apple puts it, Gatekeeper helps "protect your Mac from malware and misbehaving apps downloaded from the Internet." Apple says it screens all the apps on Mac App Store, and those created by developers with an Apple Developer ID.

Apple goes on to say: "If an app was developed by an unknown developer, one with no Developer ID, or tampered with, Gatekeeper can block the app from being installed." (See photo.)

The problem is cybersecurity experts last year found there's a flaw with Gatekeeper. The flaw, CVE-2015-7024, lets hackers get in. Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more.

Last year, this same cybersecurity expert alerted Apple about the flaw in Gatekeeper. Apple issued a patch to fix the problem.

However, as it turned out, Apple patched only some of the entryways for hackers to get in. The problem is, hackers can still get into Gatekeeper.

They can access a trusted app and load a .dmg file malware onto your Mac. It's vulnerable if you're not using the secure HTTPS protocol, or you're not accessing the app from the Mac App Store.

As of now, Apple is said to be working with cybersecurity experts to fully patch up the security flaw in Gatekeeper.

While Apple and cybersecurity experts work on fixing this vulnerability, you should make sure you're protecting yourself, your financial information, and your digital devices. You should use a suite of strong security tools, including an anti-virus program. We recommend our sponsor, Kaspersky Lab.

Thursday, December 31, 2015

Long Island Man Spends 10 Days in Hospital After iPhone Explodes in His Pocket

from patch.com "Best of 2015"
A Lindenhurst man recently spent more than a week in the hospital after his iPhone spontaneously exploded in his pocket.

Erik Johnson had reportedly just arrived at his cousin’s wake on Valentine’s Day when his iPhone 5c exploded as he bent down to pick up a set of keys he had dropped.

“I felt the burn instantly and a cloud of smoke instantly,” the 29-year-old told News 12 Long Island. “I couldn’t get the phone out of my pocket, so I had to rip my pants off to get the phone away from me.”

Johnson suffered a third-degree burn the size of a football to to his upper left thigh and spent 10 days in a hospital burn unit. He returned home on Tuesday.

The story was first reported by ABC 7. Johnson told the TV station that he heard a pop and then saw smoke coming from his pocket when he reached down to pick up the keys.

Johnson says his leg caught fire and the intensity of the heat melted his pocket shut.

“A couple of people actually said they could smell my body burning,” Johnson told ABC 7.

Apple says it is investigating the incident. Johnson is planning legal action against the electronics giant.

“Even if this only happened this one time, that’s one time too many,” Johnson’s lawyer, Mike Della, said according to the Daily News. “What if this happened to a child?”

There have been other recent reports of exploding iPhones. In October, an Arizona man claimed his iPhone 6 burst into flames in his pocket following a minor rickshaw accident. Last February, a middle school student in Maine suffered minor injuries after her iPhone 5c exploded in her pocket.