Two New Macintosh Malware Threats Have Been Identified

TheMerkle Macintosh MalwareMacintosh users have another cyber threat to worry about. It seems cybercriminals have taken a liking to exploit MacOS vulnerabilities these past few months. Two new strains of Mac OS X malware have been discovered, both of which are distributed through malware-as-a-service products on the darknet. One strain is a ransomware variant, whereas the other seems to spy on users in order to obtain sensitive information and login credentials. Two New Macintosh Threats With Dire Consequences These two new malware strains have quite some interesting aspects, to say the least. First of all, there is MacRansom, which is an obvious ransomware

TheMerkle Macintosh Malware

Macintosh users have another cyber threat to worry about. It seems cybercriminals have taken a liking to exploit MacOS vulnerabilities these past few months. Two new strains of Mac OS X malware have been discovered, both of which are distributed through malware-as-a-service products on the darknet. One strain is a ransomware variant, whereas the other seems to spy on users in order to obtain sensitive information and login credentials.

Two New Macintosh Threats With Dire Consequences

These two new malware strains have quite some interesting aspects, to say the least. First of all, there is MacRansom, which is an obvious ransomware product. It can be found on the darknet in the form of a ransomware-as-a-service scheme, which means anyone can distribute the malware to Macintosh users all over the world. Even though this sounds quite appealing, it has become apparent there is still some work to be done before this malware can become dangerous.

To be more specific, the MacRansom service requires the developer to manually approve all clients and negotiate fees. Moreover, all ransomware samples are built manually, rather than automatically. This makes the service far less appealing compared to other ransom-as-a-service products on the darknet these days. In fact, one could argue this ruins the entire concept of ransomware-as-a-service, since there is no automation whatsoever.

To make matters even worse, MacRansom’s encryption keys are included in the source code. However, there are two encryption keys associated with the ransomware code, and one of the keys is lost once the encryption process is completed. It is also impossible to have files decrypted, as MacRansom uses no command & control server, which is quite odd. Plus, there is no payment page, but rather a request to victims to contact the author directly via email. All things considered, this is quite sloppy, and anything but professional.

The same flaws apply to MacSpy, the spyware component offered by the same developers. It is evident this type of malware has received even less attention, as the source code seems to be a copy of the information found on Stack Overflow. Additionally, the spyware payload is not digitally signed, which means security alerts will be triggered once it is running. This could have been easily avoided by the developers, but for some reason, they decided not to pursue this option.

All of this seems to hint at two types of Macintosh malware which may appear to be harmless. That is not the case, though, as MacSpy and MacRansom can inflict quite a bit of damage to users all over the world. Especially the ransomware strain is quite disconcerting, as paying the ransom will not result in the files getting decrypted. It does not appear there is a decryption tool available either, which creates a very odd situation.

Luckily, it does not appear MacSpy and MacRansom are actively distributed right now. It is only a matter of time until this happens, though, and it will be interesting to see if the developers come up with improved versions of both. It is impossible to deny the Mac malware market is expanding, which does not bode well for Apple users all over the world. It remains to be seen if this “market” will be profitable, though.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

New Macintosh Malware Hijacks All Internet Traffic

TheMerkle Dok Malware MacintoshMacintosh users are quickly becoming a new target for cyber criminals these days. A new type of Mac malware has been discovered, which is capable of intercepting encrypted web traffic. Moreover, this malware uses Tor to hide traffic diverted to a remote proxy. It is a very problematic threat that needs to be thwarted as soon as possible. Dok Malware Targets Macintosh Users Up until a year or two ago, one would hardly ever put the words “Macintosh” and “malware” in the same sentence. Things have changed a lot over the past few months, that much is evident. Dok is

TheMerkle Dok Malware Macintosh

Macintosh users are quickly becoming a new target for cyber criminals these days. A new type of Mac malware has been discovered, which is capable of intercepting encrypted web traffic. Moreover, this malware uses Tor to hide traffic diverted to a remote proxy. It is a very problematic threat that needs to be thwarted as soon as possible.

Dok Malware Targets Macintosh Users

Up until a year or two ago, one would hardly ever put the words “Macintosh” and “malware” in the same sentence. Things have changed a lot over the past few months, that much is evident. Dok is the latest type of malware discovered by security researchers, and it seems to be packing quite the punch under the hood. Dok, as this malware is known, uses nag screens to gain administrator privileges on the Macintosh machine targeted by the criminals.

To be more specific, the Dok malware is mainly targeting European Macintosh users for some unknown reason. As one would come to expect, the malware is distributed through spam emails, all of which are related to inconsistencies with tax returns. It is not surprising to find out a lot of people open these email attachments to take a closer look at what is going on. All of the emails are seemingly written in the German language, which is quite interesting.

Once the Dok malware package is downloaded onto the computer, users will be greeted with a fake OS X update screen. Once a user clicks the button to update all software, the malware will be installed and gain administrative privileges. Moreover, it will start to hijack encrypted web traffic and even use Tor to reroute traffic through malicious proxies. Moreover, the Macintosh device in question will receive a new loginItem called AppStore, which allows the Dok installation procedure to carry on even if a user reboots the computer in the meantime.

Having all of your internet traffic routed through a remote proxy is not a pleasant experience by any means. Although this process is invisible to the user, it also means the criminals are given access to everything their victims do on the Internet. Although it remains unclear how all of this information is used later on, having someone monitor your everyday activity is very unsettling, to say the least.

Unfortunately, it appears the most nefarious act by this malware is conducted at a later stage. Security researchers have discovered Dok will also install a new root certificate and the Macintosh device in question. This particular certificate is then used to perform man-in-the-middle attacks. This can lead to having sensitive information stolen, such as banking logins, social media account details, and who knows what else.

Moreover, the Dok malware also means the criminals can inject their own web pages in the victim’s browser. Phishing pages, for example, can easily be displayed on the user’s computer, regardless of them typing in the correct address or not. This means anyone who owns a Macintosh can become vulnerable to having a man-in-the-middle attack performed against them.

Luckily, there is a small silver lining for Macintosh users as well. Even though Dok was initially not detected by antivirus solutions, it looks like all major companies have updated their virus definitions over the past week. This does not mean Macintosh users are completely safe from harm either, as the malware can still be downloaded onto a computer without being aware of it. Beware of any email attachments related to the returns, as they are usually not legitimate.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

New OS X Backdoor Can Scan Computers For Cryptocurrency Wallet Files

TheMerkle_OS X Backdoor CryptocurrencyFor the longest time, many people assumed Mac OS X was one of the most secure operating systems. But several exploits and backdoors have been uncovered in recent months, which paint a very different picture. The latest such exploit attempted to steal data from users. Although this malware is not limited to OS X, it did manage to cause some concern. A New Threat Arrives On Mac OS X Internet criminals are becoming craftier when it comes to releasing harmful code on the web. Albeit most of the attacks are targeted at Windows users, Macintosh fans are getting a lot

TheMerkle_OS X Backdoor Cryptocurrency

For the longest time, many people assumed Mac OS X was one of the most secure operating systems. But several exploits and backdoors have been uncovered in recent months, which paint a very different picture. The latest such exploit attempted to steal data from users. Although this malware is not limited to OS X, it did manage to cause some concern.

A New Threat Arrives On Mac OS X

Internet criminals are becoming craftier when it comes to releasing harmful code on the web. Albeit most of the attacks are targeted at Windows users, Macintosh fans are getting a lot of unwanted attention as well. A new backdoor was recently discovered which affects multiple operating systems, including OS X and Linux.

What this malicious code does is capture audio and taking screenshots every 30 seconds. Regardless of what the user might be doing at that time, the information is logged, and communicated through a server. Although this may seem rather harmless, it is a serious worry for any computer user.

But there is more, as the backdoor can also monitor removable storage, and search the entire system for Office documents. Hackers can also execute remote code through this vulnerability, although it remains unknown how far the privileges go. Adjusting what files to look for on the computer is one possibility, which may put cryptocurrency users at risk.




To make matters worse, the backdoor will create multiple copies of itself and attach to any existing caches. Services such as Skype, Dropbox, Firefox, and Google and among the potential targets. Once this step has been completed, the backdoor will create a remote connection to the command and control server using AES-256 encryption.

For the time being, it remains unclear as to how much damage was done through this malware. It is possible no harmful data has been captured, although having things screenshotted in the background is a rather invasive manner. While OS X is still less prone to vulnerabilities than Windows, criminals are no longer putting all of their eggs in the Microsoft basket.

Image credit 1

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.