By Richard Goon on Friday, 24 February 2017
Category: General

Security Warnings in February 2017

Here is a list of new strains of malware going around in Mac world:

OSX/Filecoder
This file-encrypting ransomware program is found on BitTorrent websites, masquerading as an Adobe Premiere CC or Office 2016 patcher. If you get infected, it encrypts your files permanently — even if you pay the “ransom.” You can read more about it here.

OSX/Sofacy.gen
The biggest buzz in Mac malware this month involved a backdoor associated with a group known variously as Sofacy, APT28, and Fancy Bear. If a Mac has previously been infected by Sofacy’s malware known as Komplex, that malware may download and install XAgent as a secondary infection. Read more about it here

iKitten
A report was published describing Mac malware called MacDownloader or OSX.iKitten.A. The malware was targeted at the United States defense industry, and was distributed through a site that impersonated an aerospace firm. 

EmPyre Word Macro
A file recently circulated that contained a Microsoft Word macro which contained the EmPyre malicious code, and become infected with additional malware. Read more about it here.

OSX.Proton.A
A new remote-access Trojan (RAT) called PROTON (OSX.Proton.A) was found on a Russian cybercrime message board. The RAT was reportedly available for other would-be criminals to purchase for their own targeted campaigns, and even offered to add an Apple-approved developer signature to the attacker’s custom RAT software in order to bypass Apple’s Gatekeeper protection on the victim’s Mac.

Thank you Intego for keeping us up to date.

Leave Comments