Threats / Hackers exfiltrating data from MacOS devices using malicious EXE files
Hackers exfiltrating data from MacOS devices using malicious EXE files
9 April 2019 |
Cyber criminals have found a way to inject malware into MacOS devices and exfiltrate information about installed applications by using a malware-ridden EXE file which only runs on Windows platforms.
Millions of individuals and corporate users across the globe use MacOS devices for their daily tasks and entertainment. However, people often need to use certain programmes which work only on Windows platforms and to make things easier for them, there are customised software available that let users run Windows programmes in MacOS devices.
One such software is Mono, a free system that lets users run Windows applications in MacOS and other operating systems. According to security researchers at Kaspersky Lab, cyber criminals have found a way to package the Mono framework with malware, thereby making the malware run successfully on devices running the MacOS operating system.
Malware exfiltrates application data from MacOS devices
"After installation, the malware first collects information about the infected system. Cybercriminal interest is focused on the name of the model, device IDs, processor specifications, RAM, and many other things. The malware also harvests and sends information about installed applications to its C&C server.
"Simultaneously, it downloads several more images to the infected computer with installers masked as Adobe Flash Media Player, or Little Snitch. They are in fact run-of-the-mill adware tools that pester you with banners," the researchers said.
Considering that Gatekeeper, the security programme in MacOS that scans programmes running on a MacOS device, does not scan EXE files as such files are not designed to work in the OS, the malware injected using the Mono framework gets to complete its tasks without the least interference.
According to the researchers, if MacOS users need to run software on their devices that help them use Windows applications, then they must install the genuine software and not its pirated versions. At the same time, if users are downloading applications from unknown sources, they must ensure that such applications do not feature extra files that are either unnecessary or suspicious.
Latest posts by Jay Jay (see all)
- NCA nabs hacker behind phishing attack on Lancaster University - 16th August 2019
- FCA says e-commerce industry needs 18 months to be fully SCA-compliant - 16th August 2019
- Hackers target ECB’s BIRD website; steal personal data of subscribers - 16th August 2019
- British Airways blamed for exposing passenger data via unencrypted web links - 15th August 2019
- Choice Hotels data breach: 700k data records lost to hackers - 15th August 2019