Apple Macs are silently being infected with ultra stealthy malware, on both Intel and M1

[rcmaehl]

Summary

Malware has been found dormant on at least 30,000 Macs, including Intel and M1 based systems and is compatible with both.

 

Quotes

Quote

A new piece of macOS malware... runs on both Intel and M1-based Macs. That makes it the second piece of known malware for the latter. "The ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload" If you’re curious about whether you’ve been infected, odds are you haven’t, nor will you be going forward—Apple has suspended the developer certificates used to sign the package files that start the infection, meaning that Mac users will be unable to install it if they’re using the Mac’s default security settings.  Red Canary notes four files that suggest your system may be infected:

 

• ~/Library/._insu (empty file used to signal the malware to delete itself)
• /tmp/agent.sh (shell script executed for installation callback)
• /tmp/version.json (file downloaded from from S3 to determine execution flow)
• /tmp/version.plist (version.json converted into a property list)

A writeup from Ars Technica commenter effgee will help you find the offending files, confirm they’re problematic, and remove them. Since Malwarebytes worked with Red Canary on detection data for its analysis and published piece, odds are good that using the free version of that popular anti-malware scanner/remover should be sufficient, too.

 

My thoughts

Yet more Malware for the M1, just more proof that if you build it, they (malware writers) will come. I will be looking forward to more details as they come to light in regards to source of infection, additional payloads, and more. Considering the Malware appears to be just a test so far, it's likely there's worse to come. 

 

Sources

Ars Technica WriteUp (As mentioned)

Business Insider

Red Canary (Original Findings/Source)

Lifehacker (Quote source)

ZDNet

[WhitetailAni]

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

[captain_to_fire]

Which means that macOS's built in XProtect is not as good for new viruses. It would be interesting how antivirus programs perform now that Apple released a dev framework for EPP.

[Sauron]

I mean it's kind of expected... the stats still look like this overall:

Spoiler

 

(sauce)

[pythonmegapixel]

23 minutes ago, Sauron said:

I mean it's kind of expected... the stats still look like this overall:

  Hide contents

 

 

(sauce)

Ah yes, Browser. my favourite operating system...

[DrMacintosh]

43 minutes ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. 

[WereCat]

12 minutes ago, Grand Admiral Thrawn said:

This and also 'I pay extra for the security'.

Well, there is a saying "You pay for mistakes" 

[WhitetailAni]

Just now, DrMacintosh said:

Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. 

The myth has been around for awhile.

It's not believed by everyone, but there are a decent amount of people who say it.

[pythonmegapixel]

34 minutes ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

1 minute ago, Grand Admiral Thrawn said:

This and also 'I pay extra for the security'.

  As much as I dislike Apple's corporate behaviour, security/privacy (the two go hand-in-hand IMHO) is still a legimate reason to buy a Mac. There is still going to be more PC malware than Mac malware. It infuriates me that Apple haters will take any opportunity to imply that "almost every Apple person ever" is stupid and brainwashed and doesn't have a clue how computers work.

 

That said, claiming that Macs don't get viruses is clearly ludicrous. I don't understand how anyone believes that in this day and age.

[WhitetailAni]

2 minutes ago, pythonmegapixel said:

It infuriates me that Apple haters will take any opportunity to imply that "almost every Apple person ever" is stupid and brainwashed and doesn't have a clue how computers work.

Hyperbole.

I didn't do "every Apple person ever" because I know that's not true.

2 minutes ago, pythonmegapixel said:

That said, claiming that Macs don't get viruses is clearly ludicrous. I don't understand how anyone believes that in this day and age.

Totally in agreement.

[RejZoR]

59 minutes ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected. Big fucking difference. Inbefore I get yet again marked as biggest Apple fanboy just because I'm not shitting all over Apple. :rolleyes:

[WhitetailAni]

1 minute ago, RejZoR said:

No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected.

https://discussions.apple.com/thread/3988060?answerId=18510505022#18510505022

https://discussions.apple.com/thread/7296624?answerId=29166097022#29166097022

https://discussions.apple.com/thread/1635553

https://discussions.apple.com/thread/8245958?answerId=32897039022#32897039022
Just a few.

[NineEyeRon]

Apple devices are at least safer than Android ones... That still remains true.

 

How many Android devices downloaded compromised apps? Usually a number in the millions is quoted. 30k is 3% of that at most.

[RejZoR]

16 minutes ago, FakeKGB said:

https://discussions.apple.com/thread/3988060?answerId=18510505022#18510505022

https://discussions.apple.com/thread/7296624?answerId=29166097022#29166097022

https://discussions.apple.com/thread/1635553

https://discussions.apple.com/thread/8245958?answerId=32897039022#32897039022
Just a few.

Wow, you quoted 5 people on Apple community. Congrats, you managed to find all the Apple fanboys who actually believe that shit... Outside of that no one says that because it's stupid. Big drama just like 30k infections. Everyone flailing around with their hands up in the air and headlines crashing all the news. Let me just tell you, this is the number Windows malware (a single strain) gets in like 1 hour of its existence. The fact after all this time of "super stealthy" malware it managed to infect only 30k systems and got discovered is just laughable. And I'm saying this as someone who is into security for decades and I'm not even using Macs if you want to imply I'm some sort of Apple fanboy like everyone so quickly love to do the moment you say anything even remotely favorable about Apple.

 

The fact Apple devices are not so wide spread as Android or Windows and they are also much harder to infect as is because of the way how entire ecosystem is managed (the so much hated muh walled garden all of a sudden becomes super beneficial). So, they are not as profitable to even bother infecting and they are also harder to infect at the same time. It's the usual effort:benefits ratio in front of malware writers. And it's often so bad no one even bothers. That's just a fact any security researcher will acknowledge.

 

EDIT:

On top of that, basically all links you provided, the people are describing phishing or fakeAV's. That's not malware, that's just fake crap you can deliver to any mailbox or browser. It doesn't make it malware even if it can compromise user data. To protect users from that you'd have to make a phone or computer that's literally a non functional brick.

[WhitetailAni]

1 minute ago, RejZoR said:

Outside of that no one says that because it's stupid.

I'm not refuting you, I'm just saying that you're refuting my statement if it's not hyperbole when I meant it as hyperbole.

[Arika]

37 minutes ago, DrMacintosh said:

Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. 

Anyone tech savvy knows any system can be compromised

 

But to the average computer illiterate person, the "Apple doesn't get viruses" is something they do believe, there is a reason it's a stereotype. 

 

There's been people on this very forum who complain that either they or their parents computer got infected with a virus and their response was "fuck Windows, I'm just going to buy me/them a mac". 

 

Whether it's true or not doesn't stop some people from thinking it's a fact. 

[RejZoR]

1 minute ago, Arika S said:

Anyone tech savvy knows any system can be compromised

 

But to the average computer illiterate person, the "Apple doesn't get viruses" is something they do believe, there is a reason it's a stereotype. 

 

There's been people on this very forum who complain that either they or their parents computer got infected with a virus and their response was "fuck Windows, I'm just going to buy me/them a mac". 

 

Whether it's true or not doesn't stop some people from thinking it's a fact. 

To be honest, the chance is so low to casuals it really almost doesn't matter. On iOS it's pretty much almost impossible and bad actor has to either use exploits to deliver payload to devices or sneaking malicious app past all the checks Apple puts in place. Which means they yet again have full control over it to banish it. The magic of ever hated "muh walled garden". On Macs it's a bit different, but apart from some pretty much proof of concept malware, there really isn't much. It's just not profitable to bother. Which is why this whole thing is pretty much just proof of concept. And on top of that I'd love to see more details on all this drama. I mean real in depth details by any of actual security researchers and not 500 sensationalist webpages repeating same BS just to generate clicks.

[Jet_ski]

2 hours ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

I’ve only heard this from people like you on forums.

[WhitetailAni]

Just now, Jet_ski said:

I’ve only heard this from people like you on forums.

Read a few other posts to see the explanation.

[Master Disaster]

Its not an accident we call stealth malware a "trojan horse".

 

The best way to get maximum impact is to do nothing, just sit there hiding in plain sight, wait and hope you're not discovered. This allows you to infect as many devices as possible without anyone ever really knowing or caring. You don't release your payload until you've reached your target, maximum impact, minimal effort.

[DrMacintosh]

2 hours ago, Arika S said:

"fuck Windows, I'm just going to buy me/them a mac". 

It depends on how the use the Mac tbh. A Mac can actually be a better option as long as they stick to the Mac App Store (now with iOS apps) 

 

Honesty simply installing an ad blocker and sticking to the Mac App Store would put the security risk at a minimum for the tech illiterate. 

[SubTract]

3 hours ago, RejZoR said:

No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected. Big fucking difference. Inbefore I get yet again marked as biggest Apple fanboy just because I'm not shitting all over Apple. :rolleyes:

Not trying to continue the flame war. I think a bit of context may help.

 

As somebody who works in retail, and sells Mac's. The general consumer does seem to think that Mac's are invunerable to malware. I would say at least half, on certain days considerably more. Even mentioning antivirus to these people gets a very distinct "Mac's don't get virus's" response. 

 

Also, being mad at people for spreading this. When correct me if I'm wrong, but wasn't apple the one making ad's where the windows computer (man in a suit) was sick. And the Mac (trendy dude) was all like I don't get virus'.

 

I mean they kind of did start it. 

Don't get me wrong OSX/OS11 seems to be much more secure since they've moved to gpl3.0 compliance and agreement. But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it.

 

Realistically, the best solution would be people needing a common sense best practises online license to even be able to use the internet. That would likely solve a good 80% of malware cases on all platforms.

[DrMacintosh]

57 minutes ago, SubTract said:

But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it.

What good PR does Apple get by making a statement every time some new malware is discovered when they can simply stay silent and patch out the malware? 
 

The direction the Mac is heading is towards the way of the iPhone. Meaning that very soon, their position of “security” is going to be significantly more attainable (to the detriment of power users). 

[IAmAndre]

 

5 hours ago, FakeKGB said:

"mAcS dOnT gET vIrUSeS!!"

- almost every Apple person ever

I don't understand why people are upset by this. I don't have any numbers but a big chunk of the people buying Macs (and computers in general) don't know much about this and a lot of them decide to buy a Mac because it never fails, because it has a retina display so it's better than any non-Mac display, and yes, because it doesn't get viruses. Heck I've even heard a seller say that to a customer once so you can't deny that statement.

[captain_to_fire]

2 hours ago, SubTract said:

But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it.

One the other hand, Apple actually publishes patched vulnerabilities and gives credit to the person/individual who discovered such bugs 

https://support.apple.com/en-us/HT201222