Hackers exfiltrating data from MacOS devices using malicious EXE files

Hackers exfiltrating data from MacOS devices using malicious EXE files

Silver Sparrow malware infected 30,000 MacOS devices worldwide

Cyber criminals have found a way to inject malware into MacOS devices and exfiltrate information about installed applications by using a malware-ridden EXE file which only runs on Windows platforms.

Millions of individuals and corporate users across the globe use MacOS devices for their daily tasks and entertainment. However, people often need to use certain programmes which work only on Windows platforms and to make things easier for them, there are customised software available that let users run Windows programmes in MacOS devices.

One such software is Mono, a free system that lets users run Windows applications in MacOS and other operating systems. According to security researchers at Kaspersky Lab, cyber criminals have found a way to package the Mono framework with malware, thereby making the malware run successfully on devices running the MacOS operating system.

Malware exfiltrates application data from MacOS devices

“After installation, the malware first collects information about the infected system. Cybercriminal interest is focused on the name of the model, device IDs, processor specifications, RAM, and many other things. The malware also harvests and sends information about installed applications to its C&C server.

“Simultaneously, it downloads several more images to the infected computer with installers masked as Adobe Flash Media Player, or Little Snitch. They are in fact run-of-the-mill adware tools that pester you with banners,” the researchers said.

Considering that Gatekeeper, the security programme in MacOS that scans programmes running on a MacOS device, does not scan EXE files as such files are not designed to work in the OS, the malware injected using the Mono framework gets to complete its tasks without the least interference.

According to the researchers, if MacOS users need to run software on their devices that help them use Windows applications, then they must install the genuine software and not its pirated versions. At the same time, if users are downloading applications from unknown sources, they must ensure that such applications do not feature extra files that are either unnecessary or suspicious.

ALSO READ: 90% of free antivirus apps can’t defend against Android malware

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]