New macOS Malware Tricks Users Into Enabling It
For years, the common assumption has been that macOS has far fewer viruses than Windows. While the chances for infection on a Mac are indeed less than on a PC, that doesn’t mean Mac-based malware doesn’t exist. In fact, there’s a new type spreading online that tricks users into enabling it. Security researchers with the cybersecurity division of MacPaw discovered
For years, the common assumption has been that macOS has far fewer viruses than Windows. While the chances for infection on a Mac are indeed less than on a PC, that doesn’t mean Mac-based malware doesn’t exist. In fact, there’s a new type spreading online that tricks users into enabling it.
Security researchers with the cybersecurity division of MacPaw discovered the new malware, which scrapes logins and passwords from victims and returns them to bad actors through email or other remote means.
Malicious users hide this particular type of malware inside one of two popular but fake applications: Either the unreleased but highly anticipated Grand Theft Auto 6, or a pirated version of the productivity app Notion. Users seeking out one of these two kinds of apps may believe they are downloading the real thing, but are unwittingly installing malware onto their Apple computers.
Perhaps part of the reason many don’t think macOS has viruses or malware is because Apple’s built-in security solution, Gatekeeper, largely takes care of many issues. Gatekeeper usually doesn’t allow users to install software that isn’t “signed” (approved) by Apple. When you try to open the installer, macOS will warn you about the vulnerability posed by it, and will prevent you from going forward. However, if you right-click on the installer and choose “Open,” macOS will let you go ahead with the install.
This works when you know the unsigned software you’re installing is legitimate and safe. However, it’s a huge security risk otherwise. Bad actors with this new malware are exploiting this system, instructing users to right-click and choose “Open” when you first download the installer.
Once you do, the malware connects to a Russian IP and runs in the background, bypassing system protections and scraping for credentials and sensitive data. It stores this data in a secret folder on your computer, which bad actors can access from a remote server at a later time.
This is a good reminder to never install applications on any device without knowing for sure that the program is legitimate. Installing apps from official app stores is a good way to stay safe, but if downloading from a website, do some research to make sure it’s what it claims to be. Don’t bypass system securities, such as macOS’ Gatekeeper, either. These systems are there for a reason.
Share This