Early last year, a piece of Mac malware came to light that left researchers puzzled. They knew that malware dubbed Fruitfly captured screenshots and webcam images, and they knew it had been installed on hundreds of computers in the US and elsewhere, possibly for more than a decade.
Still, the researchers didn't know who did it or why. An indictment filed Wednesday in federal court in Ohio may answer some of those questions. It alleges Fruitfly was the creation of an Ohio man who used it for more than 13 years to steal millions of images from infected computers as he took detailed notes of what he observed.Read more
As any nagging cybersecurity expert will tell you, keeping your software up to date is the brushing and flossing of digital security. But even the most meticulous practitioners of digital hygiene focus on maintaining the updates of their computer's operating system, not its firmware.
That obscure, reptile-brain code controls everything from a PC's webcam to its trackpad to how it finds the rest of its software as it boots up. Now one new study has found that the most critical elements of Macs' firmware aren't getting updates. And that's not because lazy users have neglected to install them, but because Apple's firmware updates fail without any notice to the user.Read more
A mysterious piece of malware has been infecting hundreds of Mac computers for years—and no one noticed until a few months ago.
Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as "unique" and "intriguing." It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as "FruitFly." This first strain had researchers scratching their heads. On the surface, the malware seemed "simplistic." It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes.Read more
APT28, the Russian hacking group tied to last year's interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices.
Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.Read more
In response to more activists using Apple Mac computers instead of Windows PCs, suspected Iranian government hackers have apparently developed their own Mac-based malware, according to a new report from security researchers.
The finding highlights the constant ebb-and-flow of governments disrupting and tracking activist movements. As one group adopts a new tool or technique, state-sponsored hackers may need to adapt to get the information they're after. "This demonstrates that Iranian actors are responsive to their environment," Collin Anderson, one of the security researchers behind the report, told in an email.Read more
Security researchers have discovered a rare piece of Mac-based espionage malware that relies on outdated coding practices but has been used in some previous real-world attacks to spy on biomedical research center computers.
Dubbed Fruitfly, the malware has remained undetected for years on macOS systems despite using unsophisticated and "antiquated code." According to the researchers, the recently discovered what they're calling "the first Mac malware of 2017" contains code that dates before OS X, which has reportedly been conducting detailed surveillance operation on targeted networks, possibly for over two years.Read more
Seven years later, Shazam is still an amazing idea -- just press a button to know the name of the song that's currently playing. That's all well and good, but what if the music discovery tool keeps on listening, even when you turn it off?
On Monday, benevolent hacker Patrick Wardle revealed that -- on Mac computers -- the Shazam app never lets go of your laptop or desktop microphone. It continues to listen even after after you've told the app to stop listening. Don't get outraged just yet, though. It doesn't look like Shazam is doing anything malicious with that data: not saving it, processing it, or phoning it back home to servers. It's simply on when it should be off.Read more
A number of Evernote users are now being alerted via email message of a serious bug that may cause data loss in certain versions of the company’s Mac application.
Not all Evernote Mac users were affected by this bug, however, but those who received the email will need to update their Mac app immediately in order to protect themselves from experiencing the issue. According to the email sent to users, the bug can cause images and other attachments to be deleted under specific conditions, when using Evernote for Mac. The company claims only “a small number of people” have been impacted by the glitch.Read more
The makers of MacKeeper, a suite of software that claims to make Macs more secure and stable, is cleaning up after a breach exposed the personal information for millions of its users.
Kromtech, which makes the software, acknowledged that a hole in its security exposed the usernames, email addresses and other personal information for 13 million customers. The breach marks the latest high-profile compromising of personal data, a list that includes the US government losing the information of 4 million federal workers and health insurer Excellus BlueCross BlueShield seeing 10 million health records exposed.Read more
An interesting file turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose.
Further investigation showed that a backdoor, a keylogger and a Trojan-Spy were hidden inside the sample. It is particularly noteworthy that the keylogger uses an open-source kernel extension. The extension's code is publicly available, for example, on GitHub! Depending on their purpose, these files are detected. The result of the check determines where the Trojan's files will be installed:Read more