An EXE infection for your Mac

[harlan4096]

The idea that macOS is invulnerable is a myth, as we’ve said many times before. Recently, cybercriminals found yet another way to tiptoe past its built-in defense mechanism. They collected data about the infected system and fed it into adware using files with the EXE extension, which usually runs only in Windows. An EXE file infecting Mac users? Strange, but the method does work.

A tale of infection: A pirated firewall bundled with EXE malware

The irony is that the malware was added not just anywhere, but to a pirated copy of a security product — the Little Snitch firewall. Users who tried to save on paying for a license predictably ended up with a headache instead.

The infected version of the firewall was distributed using torrents. Victims downloaded to their computers a ZIP archive with a disk image in DMG format — so far, normal. But a close look at the contents of this DMG file reveals the presence of the MonoBundle folder with a certain installer.exe inside. This is not a typical macOS object; EXE files usually just don’t run on Mac machines.

Gatekeeper looks the other way

In fact, Windows executables are so unsupported in macOS that Gatekeeper (a security feature of macOS that prevents suspicious programs from running) simply ignores EXE files. This is quite understandable: It makes little sense to overload the system by scanning obviously inactive files, especially with one of Apple’s selling points being operating speed.

That would be fine were it not for one “but”: Many programs are available for Windows, and sometimes Mac users need some of them, so various solutions exist for running files that are not native to the platform. One of them is the Mono framework, a free system that lets users run Windows applications in other operating systems, including macOS.

As you can probably guess, the framework is what the cybercriminals exploited. A framework usually needs to be installed on the computer separately, but these cybercrooks came up with a method of packaging it with the malware (remember the sinister EXE in the MonoBundle folder?). As a result, the malware runs successfully even on Macs whose owners use only native programs.

Continue Reading

[Deep900]

An OS invulnerable and 100% secure doesn't exist. Even if we have an OS which would be more secure on download aspect (it allows only apps from OS store) there could be infections like phishing, malicious emails, typosquatting, etc.