Articles
Pages
Products
Research Papers
Blogs
Search Engines
Events
Webinar, Seminar, Live Classes
Saturday, 29 April 2017 05:29

New Mac malware has an evil way of taking over your entire computer

By: 

It used to be that Mac users didn’t really have to worry about malware. But we live in a brave new world with easy internet access and a bunch of jerks, so the good ‘ole days are over. A new strain of Mac malware uses a familiar method to gain entry to your computer, but it’s the way it takes over that makes it particularly nasty.

The initial malware package is loaded by a standard phishing attack. The hackers send an email saying that there’s issues with your tax return, with details in a .zip file attached. When you try to open the .zip folder, the malware package instead installs a small executable named AppStore.

That program then runs every time you boot the computer up, until the full malware package has been installed. Once that happens, users will see a fake macOS update page which looks decently close to the real thing. The “update” page sits on top of every other window, and prevents you from using your computer until you hit update.

Once you hit update, you’re prompted to enter your password. That’s where the really nasty stuff starts. Using the administrator privileges just granted, the malware installs dark-web surfing program Tor, and changes your web settings using a developer certificate, so all your web traffic gets routed through a third-party proxy server.

With all that established, the attacker can see and modify all your web browsing behavior, including any data sent over encrypted web links that would normally be secure. With that kind of access and a little time, the attacker will be able to steal most people’s login info for every site, online banking details, and anything else you can really think of.

As per usual, the best defence isn’t antivirus software: it’s strong account security and a healthy skepticism of any email attachments. Not opening attachments unless they’re from a well-trusted source is a good start; using two-factor authentication on all your accounts, particularly important emails and online banking, will mitigate the potential damage from a hack.

This article was  published on bgr.com by Chris Mills

Leave a comment

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.
Please wait
online research banner

airs logo

AIRS is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Subscribe to AIRS Newsletter

Receive Great tips via email, enter your email to Subscribe.
Please wait

Follow Us on Social Media