Mac Malware Pushed via Google Search Results, Masquerades as Flash Installer

[silversurfer]

Never-before-seen Mac malware, dubbed OSX/CrescentCore, has been discovered in the wild. The trojan, spotted on various websites masquerading as an Adobe Flash Player installer, drops malicious applications and browser extensions on victims’ systems when downloaded.
 
OSX/CrescentCore is spread via various websites, where it is masqueraded as an Adobe Flash Player installer. However, the “installer” is actually a .dmg file (an Apple disk image) that delivers the malware.
 
“One variant of OSX/CrescentCore was observed dropping potentially unwanted applications, rogue software like OSX/AMC (short for ‘Advanced Mac Cleaner’),” Joshua Long with Intego told Threatpost on Tuesday. “Another variant of OSX/CrescentCore tried to install a malicious Safari browser extension.”
 
The malware was discovered by researchers being distributed via numerous sites – some of which popped up on Google search results.  One such site, called “GetComics,” purported to share digital copies of new comic books for free. The malware was also spread via high-ranking Google search results, which were observed redirecting users to multiple sites.

SOURCE: https://threatpost.com/mac-malware-pushe...er/146178/