Under certain conditions, macOS may copy data into the void, leading to data loss of important files, all due to a bug in how the operating system handles APFS sparse disk images. The issue was discovered and reported to Apple this past week by Mike Bombich, the creator of a Mac backup application named Carbon Copy Cloner.
Bombich says the bug affects only "sparse disk images" formatted in Apple's new filesystem format APFS, first deployed macOS High Sierra in March 2017. A "disk image" is a file format that contains the entire contents and structure of a disk volume, such as USB, CD, DVD, hard disk drive, or network share.Read more
An interesting file turned out to be a sample of modular malware for MacOS X. Even after preliminary analysis it was clear that the file was not designed for any good purpose.
Further investigation showed that a backdoor, a keylogger and a Trojan-Spy were hidden inside the sample. It is particularly noteworthy that the keylogger uses an open-source kernel extension. The extension's code is publicly available, for example, on GitHub! Depending on their purpose, these files are detected. The result of the check determines where the Trojan's files will be installed:Read more