Cyber criminals have found a way to inject malware into MacOS devices and exfiltrate information about installed applications by using a malware-ridden EXE file which only runs on Windows platforms.
Millions of individuals and corporate users across the globe use MacOS devices for their daily tasks and entertainment. However, people often need to use certain programmes which work only on Windows platforms and to make things easier for them, there are customised software available that let users run Windows programmes in MacOS devices.
One such software is Mono, a free system that lets users run Windows applications in MacOS and other operating systems. According to security researchers at Kaspersky Lab, cyber criminals have found a way to package the Mono framework with malware, thereby making the malware run successfully on devices running the MacOS operating system.
Malware exfiltrates application data from MacOS devices
“After installation, the malware first collects information about the infected system. Cybercriminal interest is focused on the name of the model, device IDs, processor specifications, RAM, and many other things. The malware also harvests and sends information about installed applications to its C&C server.
“Simultaneously, it downloads several more images to the infected computer with installers masked as Adobe Flash Media Player, or Little Snitch. They are in fact run-of-the-mill adware tools that pester you with banners,” the researchers said.
Considering that Gatekeeper, the security programme in MacOS that scans programmes running on a MacOS device, does not scan EXE files as such files are not designed to work in the OS, the malware injected using the Mono framework gets to complete its tasks without the least interference.
According to the researchers, if MacOS users need to run software on their devices that help them use Windows applications, then they must install the genuine software and not its pirated versions. At the same time, if users are downloading applications from unknown sources, they must ensure that such applications do not feature extra files that are either unnecessary or suspicious.