12 Feb 2019

Hackers are using a new technique to bypass Apple’s MacOS security systems and to infect the Mac Computers by deploying malicious Windows EXE file which usually runs only on Windows systems.

This was found by the security researchers at Trend Micro and they found numerous samples of malicious macOS application (.dmg) disguised as installers for popular software on a torrent site which includes an EXE application compiled with Mono framework to make it compatible with macOS.

Mono is an open source implementation of Microsoft’s .NET Framework which are used by developers to create cross-platform .NET applications. They can be used in all platforms including Linux, Windows and Mac OS X.

Normally, when the Windows executables are run on MacOS systems, it resulted in error and the built-in protection mechanisms such as Gatekeeper also does not scan .exe files for any malicious code.

However, the fake installer will install the Little Snitch firewall application, and also comes bundled with mono-compiled hidden payload, designed to collect and send system information about the targeted Mac computer to a remote command-and-control server controlled by the attackers.

The malware can collect system information such as model name, model identifier, processor speed, processor details, memory, etc. It is also designed to scan all the installed apps on the compromised machine, sending all the collected information to a command and control server.

After the installation the exe malware downloads and provokes the users to install various adware apps, most of which are camouflaged as legitimate Adobe Flash Media Player and Little Snitch apps.

The researchers have analyzed this and they haven’t found any specific attack pattern associated with the malware, but their surveys showed that the highest number of infections were found in United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States.

It is important to note that when the researchers tried to run the same malicious EXE file on Windows, it resulted in error which indicates that this malware were specially designed to target MacOS systems.

Those who use Mac systems can protect themselves from being a victim of this attack by avoiding downloading apps, tools, and other files on your computers from torrent websites or any untrusted source.

Leave your thought

This site uses Akismet to reduce spam. Learn how your comment data is processed.