(Notice the subtle difference in the two requestors. The one on the bottom is the fake one.— Swordmaker)
Posted on 08/19/2016 12:27:28 PM PDT by Swordmaker
No 9to5Mac reader is going to be at risk from malware that directs users to a scam website and asks them to download software, but Malwarebytes has discovered a previously unknown piece of Mac malware that could easily fool less technical users.
Thomas Reed, lead researcher at Malwarebytes, told us that he found the malware on a scam page hosted on the official Advanced Mac Cleaner website …
It does rely on a naive user approving a request to install Advanced Mac Cleaner on their machine, but doing so also installs a second app known as Mac File Opener. Reed said that it wasn’t initially obvious how the app could force users to launch it.
Even more intriguing, this app didn’t have any apparent mechanism for being launched. It hadn’t been added to my login items. There wasn’t a new launch agent or daemon designed to load it. It simply seemed to be sitting there, doing nothing.
But some digging found that the Info.plist file within the app defined a list of 232 different file types that it claimed to be able to open. If a user tries to open a file for which they don’t have a corresponding app, it will be opened by Mac File Opener which then presents a reasonably convincing fake version of the normal OS X dialog box advising that no suitable app is installed.
The fake dialog box links to the macfileopener[dot]com website, which downloads other junk PCVARK apps, such as Mac Adware Remover or Mac Space Reviver. All the apps have a valid, Apple-provided developer certificate, so OS X will happily install them without any warning.
It may be worth reminding your less-technical friends to stick to the official Mac App Store, and to ensure that they check for the above fake dialog trying to direct them to the web. Although there is very little Mac malware in the wild, examples do exist, along with a fair sprinkling of scamware.
thanks i got rid of mac keeper just now
I can fix 'em. I got my toolbox. I contains a hammer and WD-40 for what should move, but don't, and duct tape and bailing wire for what shouldn't move, but does.
I find it amusing that your linked article cited the 600,000 MacBot reported by DrWeb as proof that Macs could be infected by malware/viruses.
Unfortunately for DigitalTrends and you, that turned out to be a HOAX by DrWeb, a Russian anti-virus publisher who, at the time they claimed to have "discovered" this so called MacBot was just releasing their brand new Anti-Virus for Macs for business.
Why do I claim it was a hoax? Simple. Not a single infected Mac was ever found in the wild of DrWeb's claimed 600,000. Not one. Over the term of about three weeks, DrWeb's of 600,000 Trojan infected Macs shrank first to 279,000, then a few days later to 186,000, then 119,000, then under 78,000, and then dropped out of the news entirely. As more and more people failed to find any infected Macs in the wild.
DrWeb claimed to have discovered that they had intercepted infected Macs communicating with the bots home server for instructions and had created a "honey pot" server to intercept those Macs calling home. Mac users could check the Universally Unique ID (UUID) of their Mac, against the list compiled by DrWeb's Honey Pot server to know if a Mac was infected or not.
To be infected required a Mac that had JAVA installed. OOPS! That's a problem for DrWeb's scenario, because Java is not installed as a default on any Mac since OS X.4. . . but a lot of the supposed "infected" Macs that were on DrWeb's Honey Pot list did not have Java installed on them, so they could NOT possibly have been infected with a JAVA Trojan that would ever communicate with the server!
There were even more serious problems with the Trojan. The ONLY way one could get infected with the supposed Trojan (which incidentally had been identified and included in the Apple OS X GateKeeper a year before!) was for the user to have visited an obscure Russian language game website in Siberia and downloaded one of several specific character definitions for a Russian Language only, cross platform Java game that had sold only 18,000 copies, most of which were for PCs and sold in Russia! That was the ONLY source of this trojan, yet, according to DrWeb, over 600,000 Mac users, 95% of which were in the English speaking United States and English/French speaking Canada, had visited this site to download a character definition for a game that sold under 500 Mac versions, almost all in Russia! Yeah, Right!
I found that TWO of the Macs in my office were on DrWeb's Honey Pot list. . . but neither of them had Java installed, neither of them had the Trojan files installed, and one had never been allowed to connect to the internet since it was purchased being a Mac dedicated to a specific purpose that did not require Internet connection and DID require security which precluded having any possibility of an internet breach ever occurring.
Many other legitimate computer security companies were searching for Macs infected by this antique trojan and just NOT FINDING IT. Symantec, Kaspersky, etc. all set up their own Honey Pots and not a single one of the got a hit. Not one. It was this development that caused DrWeb to keep dropping their numbers every few days, claiming that people were finding infected Macs and "curing" them as an explanation why Symantec, Kaspersky, et al, were not encountering any infected Macs. However browsing Apple and Mac forums found no one at all claiming to have found one except reports of the nature of "i heard that my second cousin's brother-in-law had his iMacs all infected with this horrible virus!" or "I bought a MAC because I believed they were immune to viruses and now it doesn't even start up because its got all these viruses on it that DrWeb reported!" which obviously came from someone who never bought or owned a Mac. Nothing was legitimate!
One more problem. Many of the UUIDs listed in DrWeb's Honey Pot were actual UUIDs for Macs, but they were for Brand New Macs that had yet to be sold which therefore could not have ever been on the internet or downloaded and installed Java or gone to the obscure Russian Game site and downloaded a character definition! In fact, many of them were UUIDs for Macs that were yet to be manufactured!
Ergo, DrWeb had a random list of UUIDs assigned to Apple in the range for Macs but it was NOT a list of Trojan infected Java running Macs. DrWeb had created a HOAX to market their Mac OS X Anti-virus for Business.
DrWeb tried the same thing two years later, this time reporting finding a more modest MacBot of only 20,000 Macs when they were trying to launch their DrWeb Anti-virus Personal product. It was laughed out of the news. Again, they were claiming the SAME antique Trojan was responsible and again not a single infected Mac was found in the wild.
Rootpipe: Rootpipe.mac was a LOCAL VULNERABILITY that requires the local user to install some malware with already established Root Privileges before it can be used to elevate a lower level user to Root and the Root User must be activated and a Root USER created providing a Root user name and Root password so that any user can be elevated to that exalted user status. No Mac comes with such a Root user by default. Less than 1/10th of 1% of the Macs in the wild would ever have the Root User activated. It is not a big problem and it's been patched long ago. It was a Vulnerability not an exploit.
“We have discovered and registered more than 48 million new unique malware samples this year alone, but more than 98% have been written for the Windows platform,” says Andreas Marx, AV-Test CEO, “Less than 5,000 new viruses were written for Mac OS X, but these kinds of malicious software do exist.”
That "less than 5000" is completely exaggerated (even the unexploited vulnerabilities in OS X did not rise to anything close to that number). . . because we know the exact total number of OS X Malware and it is nowhere near 5000, 1000, or even 100. There are 87 known Mac OS X Trojans in the wild, every one of which the OS will recognize and alert the user about. There are ZERO true viruses for OS X. This guy is blowing fear smoke in an attempt to sell his anti-virus industry's products by using that fear.
I've been working in this area for 40 years and I do know what I am talking about. I have nothing to sell you.
Even were we to accept the specious 5,000 figure of malware for the Mac, that is 0.01% of the Malware that was produced for the Windows platform just last year alone.
unfortunately, because it is malware, it is not as simple as just dragging the app to the trashcan. Here is an article on how to completely removing it from your computer:
I quote what I wrote: "They usually know TWO operating systems because the vast majority of the have come from using Windows, or still use Windows at work."
Did you even bother to read what I wrote??? You quoted me completely out of context.
LOL! You Mac guys will believe anything. "There are none so blind as those who will not see..."
Link: “Document Not Found / Sorry, the requested document does not exist on this server.”
What was that about blind?
Sorry, I screwed up the hyperlink. The URL is there. You know how to use a browser, right?
Anyway, there’s a correction above.
They usually know TWO operating systems because the vast majority of the have come from using Windows, or still use Windows at work.”
==
No, I understood it fine. What I’m saying is you don’t have to be some tekno-uber geek to **use** an OS. It’s “point and click”.
Now, if you’re looking for a even safer OS, you have to go to Linux. But even when I use it on my PC (my PCs are always dual-boot, Win & Linux) I used a premium anti-malware product.
With Windows and Linux - and Android (Linux-based) a user can get under the hood and they have to know what’s what. With Apple, you can’t even pop the hood open. You have to turn it over to Apple.
Unless ya got a couple of free years to tinker with it, maybe:
https://www.washingtonpost.com/news/the-switch/wp/2016/06/17/apple-wants-to-kill-a-bill-that-could-make-it-easier-for-you-to-fix-your-iphone
Can’t you just set up a poorboy proxy server to avoid all this in OS X ?
To set it up, launch Firefox, go to “Preferences”, select the “Advanced” sidebar button, select the “Network” tab and click on the “Settings” option for Connections. From there, select “Manual Proxy Configuration”, then add “127.0.0.1” or “localhost” in the “SOCKS Host” field and enter your port 3333 in the port field, or whatever you told ssh to use to dynamically direct traffic over. Select the SOCKS v5 option, hit OK and browse away. Now every website you browse in Firefox is pulling the information, encrypted, from your home server, over SSH, then delivering it to your browser.
STAY SAFE !
Your claim that with Apple you can't even pop the hood open reveals your ignorance of the Mac and shows you seriously do not know what you are talking about, Louie.
Every Mac user is exactly two key strokes or one click away from a powerful command line Terminal with complete control of the underlying UNIX™ Operating System of OS X with which you can do anything you want.
Further, the Mac can run both your vaunted Windows and Linux, as well as OS X, UNIX™ and other Operating systems, either dual boot, or most often in virtual machines, and frequently simultaneously in sandboxed partitions. I have run NINE OSes simultaneously on my main Mac so I can bring them up when clients called for support so I can run what they are doing and step them through the same thing, mirroring what they need to do.
Your link on the New York "Fair Repair Act" mischaracterizes the reason Apple opposes such a repair bill. It's really about security issues. Allowing anyone access to some of the parts they demand access to allows anyone to compromise the ultimate security of the iOS system which is one of the primary economic values of iOS. Apple WILL not compromise that.
These third party repairers want to be able to reset the secure boot, which would allow stolen phones to be re-activated by people other than their owners. Currently only Apple or their certified repair stations can do such a thing, or have access to the Apple certified replacement parts which even can be reset.
Until Apple added these security parts, the iPhones were the single most stolen items in New York City and many other cities' crime reports, strong arm robberies, snatch and grabs, and muggings. Now, because they cannot be resold except for being broken down for just some of their parts to repair damaged iPhones, a very limited market, and not as a re-usable and very valuable black-market phone, they are not a desirable item for thieves to steal at all. The thieves have moved back to other items in their crimes.
Uh, vulnerabilities do not equal EXPLOITS, NaturalScience. They never have and never will. Apple has far fewer EXPLOITED vulnerabilities than any of the others. Click on OS X and follow the link to the next page and you get this graphic showing the history over time:
Total OS X Vulnerabilities, Type, and Exploits — 1999 to Date.Notice that the total number of exploits over 17 years is just TWELVE (12)! All of the rest of those vulnerabilities were totally innocuous. Many of the vulnerabilities were local, required participation of the local user, or required compound vulnerabilities to ever be exploitable. For these and other reasons it was VERY difficult for them to turn into an exploitable application.
Keep in mind that OS X is an OS that includes multiple products when shipped and the vulnerabilities reported under it include all the vulnerabilities of those products as well. It is UNIX™ and therefore ever vulnerability found for UNIX and Linux usually is cross platform and will affect OS X as well as those other platforms so will also be included in the CVEs reported for Apple's OS X. Apple also ships OS X with many UNIX™ applications such as Python. If there are vulnerabilities in those Apps, they are listed in OS X, as well, because they are part of the distribution. OS X also ships with Safari, Pages, Numbers, Keynote, Maps, Mail, Notes, GarageBand, FaceTime, Calendar, iMessenger, iTunes, etc., all of which have vulnerabilities reported under OS X as well. Windows does not suffer from the same combined CVE reporting requirements.
So, yes, Apple OS X did have 1601 vulnerabilities over the last 17 years, but it had only 12 that wound up in exploitable apps. So much for your claims of real danger. Every one of those 12 turned out to be a Three Day Wonder in the press. . . and the vulnerabilities they took advantage of were closed very quickly by Apple.
You could, but for those who might ever be caught by this, they'd never, ever have the smarts to do it. Those who know how to do it, would never need to do it, because they'd know that OS X will block it from happening anyway.
How come Apple lets them continue to have a “valid” Apple authenticated certificate? If even Apple says they are a scam outfit - shouldn’t they repeal the certificate and further - block their stuff in Apple’s own protection?
Apple hasn't. They've "borrowed" some other developers' authentic certificates. Highly unethical, but there it is.
Oh boy - add fraud to the charges!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.