APT28, the Russian hacking group tied to last year's interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices.

Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. Like its counterparts for other platforms, the Mac version of Xagent is a modular backdoor that can be customized to meet the objectives of a given intrusion. Capabilities include logging passwords, snapping pictures of screen displays, and stealing iOS backups stored on the compromised Mac.

Security researchers have discovered a rare piece of Mac-based espionage malware that relies on outdated coding practices but has been used in some previous real-world attacks to spy on biomedical research center computers.

Dubbed Fruitfly, the malware has remained undetected for years on macOS systems despite using unsophisticated and "antiquated code." According to the researchers, the recently discovered what they're calling "the first Mac malware of 2017" contains code that dates before OS X, which has reportedly been conducting detailed surveillance operation on targeted networks, possibly for over two years.

Mac OS users running Safari are falling victim to a tech support scam that can freeze their computer, according to a Thursday post on the MalwareBytes Labs blog. Similar previous campaigns have used fake alerts notifying victims that something is wrong with their computer, prompting them to reach out for tech assistance.

By clicking onto a phony site, or by calling a phony assistance number, the victim can then authorize attackers to gain control of their machines. One version of this scam, which targeted the browser, was dubbed a browlock. Another one which actually loaded malware onto devices was termed a screen locker.

A notorious cyberespionage group with suspected links to Russian intelligence has developed a complex piece of malware designed to infect computer systems running Apple OSX.

The hackers, dubbed Sofacy Group by the California-based experts, have been given many titles over the years by analysts including Fancy Bears, APT28 and Pawn Storm. It is the same group believed to have infiltrated the Democratic National Committee earlier this year. Experts explained how the Trojan – called 'Komplex' – does not exploit an Apple security flaw but instead takes hold via extremely targeted spearphishing tactics. 

A newly discovered malware capable of cyberespionage and remote takeover is targeting Mac computers, delivering its payload by opening up a backdoor connection to a command-and-control web server via the encrypted Tor network.

The malware arrives disguised as a drag-and-drop file conversion application called the EasyDoc Converter, which is found on many credible third-party sites, according to an analysis from Bitdefender, whose security researchers uncovered the malware. The program is neither verified nor digitally signed by Apple. In reality, the program's true purpose is far more malevolent.

The OS X command line developer tools include an old version of the Git source code management system that exposes Mac users to remote code execution attacks. The Git client allows developers to interact with source code repositories.

It is not installed by default on Mac OS X, but it is included in the Command Line Tools package for Xcode, Apple’s integrated development environment. Software developers who create applications for OS X or iOS are likely to use Xcode and to have Apple’s Command Line Tools package installed on their Macs. The latest version of this package includes Git version 2.6.4, released in December. 

A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company’s newest protection feature and steal sensitive data from affected devices.

Apple introduced a security protection feature to the OS X kernel called System Integrity Protection. The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac. The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation.

The first known ransomware attack on Apple Inc's Mac computers, which was discovered over the weekend, was downloaded more than 6,000 times before the threat was contained, according to a developer whose product was tainted with the malicious software.

Hackers infected Macs with the "KeRanger" ransomware through a tainted copy of Transmission, a popular program for transferring data through the BitTorrent peer-to-peer file sharing network. So-called ransomware is a type of malicious software that restricts access to a computer system in some way and demands the user pay a ransom to the malware operators to remove the restriction.

An examination of a new OS X malware sample suggests the Italian exploit seller may be up to its old tricks. A recently discovered Apple Mac OS X malware sample has raised speculation that exploit seller Hacking Team is returning to the market after a disastrous cyberattack.

In July 2015, Italian firm Hacking Team, a provider of surveillance tools, malware and spyware to government, law enforcement and intelligence agencies worldwide, experienced a catastrophic data breach after a cyberattacker compromised their servers and managed to steal 400GB of corporate data.

Security researcher Radoslaw Karpowicz has discovered a flaw in how the Sparkle Updater framework broadcasts app updates to Mac users. The Sparkle Updater framework is a popular component used inside many common Mac apps.

Developers use Sparkle to automate their app's update process and not have users check their site on a daily basis. Setting up the Sparkle Updater means implementing a client-side component inside each app, a relatively simple task for most Mac app developers, but also setting up a Sparkle update server, called an AppCast server (an RSS-like protocol).