'Xagent' malware arrives on Mac, steals passwords, screenshots, iPhone backups

2»

Comments

  • Reply 21 of 36
    gatorguygatorguy Posts: 20,009member
    lkrupp said:
    And most importantly... how do we protect our Macs?
    By not being stupid and paying attention to what you are clicking on. As with all malware, YOU the user must do something to get infected. It doesn’t happen without YOUR input. It’s not magic, it’s not a virus, it’s trickery. When you get a pop-up saying you need to update Flash, IGNORE it! When an offer is too good to be true, IGNORE it!
    Good to see you have such a realistic view of malware no matter the OS, and where the primary problem exists: PEBKAC. Seriously.
    edited February 2017
  • Reply 22 of 36
    For those of you unfamiliar with MacKeeper (or feigning ignorance), it is a highly controversial piece of software that many claim to be malware, scareware, or crapware. Its owners tout that it is useful and it has a very aggressive marketing campaign. Once installed it is difficult to remove (by Mac standards). It has also been linked to pervasive pop-ups in browsers.

    If you do a search on mackeeper it indicates that the most popular searches point to a lot of unhappy people:

    Searches related to mackeeper
    uninstall mackeeper
    mackeeper review
    mackeeper virus
    mackeeper reviews 2016
    mackeeper download
    is mackeeper safe
    mackeeper uninstall 2016

    IDG sure gets a lot of requests and articles related to it:
  • Reply 23 of 36
    gatorguygatorguy Posts: 20,009member
    irnchriz said:
    As with the majority of malware it is installed by fooling the user to click on something to initiate the install. You have to worry about the new malware on windows coming to other platforms, the type that uses zero day exploits to inject itself into the OS without user interaction, normally through flash adverts etc. These newer infections are 'fileless', sitting in memory before executing power shell commands which then encrypt file systems etc. 

    Its all fun...
    And right on time...
    https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/

    This affects pretty much every CPU being built from ARM to Intel to AMD.

    "Given how crucial caching is to the performance of modern CPUs, the researchers say architectural fixes are likely to be too costly to be feasible. And even if hardware mitigations are possible—say, by creating a separate cache for page tables—the researchers warn that the vulnerability may resurface in software. They conclude their findings with a recommendation that's sure to get the attention of software developers everywhere:

    "We hence recommend ASLR to no longer be trusted as a first line of defense against memory error attacks and for future defenses not to rely on it as a pivotal building block."

  • Reply 24 of 36
    boredumbboredumb Posts: 1,410member
    A couple of days ago, I got an eMail informing me that I had just purchased an album - "D.U.C." - on iTunes...
    And that, if I hadn't, I should "follow this link to cancel this purchase".
    It was such transparent phishing - even the graphics and punctuation were inept and inaccurate -
    that I wondered how anyone could be fooled, or how anyone could fail
    to go directly to their account on iTunes to see if the purchase was even there. 
    As I was reading this, I was wondering whether to suggest that phish might have been related.
    But on second thought, this was so clumsy, compared to the attack the article describes, it's hard to relate the two.
  • Reply 25 of 36
    tyler82 said:
    And who's to say there isn't some cardinal malware that has been able to access everything on all of our electronics for years that has not yet been discovered?

    There is. It has been hiding in plain sight. It's called the Apple Ecosystem!!
    Doesn't really make sense since Apple doesn't try to access all your stuff. Try the joke with Google, maybe?
    dysamoria
  • Reply 26 of 36

    frantisek said:
    MplsP said:
    Ditto the above comments. The article fails to answer two critical questions:
    How is it being spread?
    How do we find out if we're infected?
    But does not fail to jump into that political propaganda and guesses with: "Last year, the group allegedly hacked the Democratic National Committee and leaked emails through WikiLeaks during the 2016 presidential election. "
    Which is far more accurate than saying "hacked the election", which is a nonsense phrase. 
    dysamoriacgWerks
  • Reply 27 of 36
    daven said:
    That sounds sophisticated. I'm impressed. I'm also worried. What is the infection method? Web site? Email? 
    Ya - this article is thick of FUD but thin of fact.
    dysamoria
  • Reply 28 of 36
    Another typically terrible AI article! Where's Dilger?? Facts! Background! Actual realistic information complete with sarcasm, please!
    dysamoria
  • Reply 29 of 36
    Great.. Soon enough we don't need password just bio scan to confirm who we are or step close to implant chip under the skin?
  • Reply 30 of 36
    technotechno Posts: 691member

    After years of priding itself on its "virus free" Mac OS X platform, Apple is becoming increasingly susceptible to targeted malware attacks. The shift in hacker attention from Windows to Apple products is likely due to the success of iOS, an operating system used by a huge percentage of smartphone users worldwide.
    The first sentence in the last paragraph bothers me.

    The average person confuses malware for viruses and he/she really doesn't understand the difference. There is a big distinction in respect to vulnerability and protection. This confusion is often exploited by security companies to make money.

    I find it a bit irresponsible for AI to conflate the two and feed into this confusion.
    SpamSandwichdysamoria
  • Reply 31 of 36
    gatorguygatorguy Posts: 20,009member
    techno said:

    After years of priding itself on its "virus free" Mac OS X platform, Apple is becoming increasingly susceptible to targeted malware attacks. The shift in hacker attention from Windows to Apple products is likely due to the success of iOS, an operating system used by a huge percentage of smartphone users worldwide.
    The first sentence in the last paragraph bothers me.

    The average person confuses malware for viruses and he/she really doesn't understand the difference. There is a big distinction in respect to vulnerability and protection. This confusion is often exploited by security companies to make money.

    I find it a bit irresponsible for AI to conflate the two and feed into this confusion.
    Happens all the time, and intentionally conflated by the security software purveyors. Think of all the malware scare stories about competing platforms you read here and elsewhere. Same general thing but readers here see "OOOHH VIRUS!!".  
    techno
  • Reply 32 of 36
    And how does it install? On local account? Well then your local account is in danger. I never allowed regular user account to be default or admin.... even if it was my own account.
  • Reply 33 of 36
    tyler82 said:
    And who's to say there isn't some cardinal malware that has been able to access everything on all of our electronics for years that has not yet been discovered?

    There is. It has been hiding in plain sight. It's called the Apple Ecosystem!!
    Doesn't really make sense since Apple doesn't try to access all your stuff. Try the joke with Google, maybe?

    woosh!
  • Reply 34 of 36
    MacProMacPro Posts: 17,985member
    linkman said:
    98% chance the infection method involves the user allowing access to an installer and it isn't coming from the App store or an identified developer.
    I'd agree but guess 100% chance.  Malware is a misnomer, it should be called 'IdiotWare' as it takes an idiot to install it.

    I've lost track of folks i know with Macs that installed so called  'anti-virus software for macs'  while on ... cough cough ... dubious web sites.  There's one born every minute!
    edited February 2017
  • Reply 35 of 36
    Once the malware is installed
    And there you go. Problem solved. Just don’t install things that are unsigned or from places you don’t trust.
  • Reply 36 of 36
    cgWerkscgWerks Posts: 1,945member
    frantisek said:
    MplsP said:
    Ditto the above comments. The article fails to answer two critical questions:
    How is it being spread?
    How do we find out if we're infected?
    But does not fail to jump into that political propaganda and guesses with: "Last year, the group allegedly hacked the Democratic National Committee and leaked emails through WikiLeaks during the 2016 presidential election. "
    No doubt. Also, unspecified government intelligence agencies have confirmed that having bottles of vodka within a 10m radius of your devices, might lead to infection. (There, now I'm qualified to join the MSM 'journalists'. Oh, and I should probably also get a commission check from the US Industrial Military Complex for cleverly working the Russian angle in there. Cold War Redux, here we come!)
    edited February 2017
Sign In or Register to comment.