Posted February 22, 2021 Summary Malware has been found dormant on at least 30,000 Macs, including Intel and M1 based systems and is compatible with both. Quotes Quote A new piece of macOS malware... runs on both Intel and M1-based Macs. That makes it the second piece of known malware for the latter. "The ultimate goal of this malware is a mystery. We have no way of knowing with certainty what payload would be distributed by the malware, if a payload has already been delivered and removed, or if the adversary has a future timeline for distribution. Based on data shared with us by Malwarebytes, the nearly 30,000 affected hosts have not downloaded what would be the next or final payload" If you’re curious about whether you’ve been infected, odds are you haven’t, nor will you be going forward—Apple has suspended the developer certificates used to sign the package files that start the infection, meaning that Mac users will be unable to install it if they’re using the Mac’s default security settings. Red Canary notes four files that suggest your system may be infected: ~/Library/._insu (empty file used to signal the malware to delete itself) /tmp/agent.sh (shell script executed for installation callback) /tmp/version.json (file downloaded from from S3 to determine execution flow) /tmp/version.plist (version.json converted into a property list) A writeup from Ars Technica commenter effgee will help you find the offending files, confirm they’re problematic, and remove them. Since Malwarebytes worked with Red Canary on detection data for its analysis and published piece, odds are good that using the free version of that popular anti-malware scanner/remover should be sufficient, too. My thoughts Yet more Malware for the M1, just more proof that if you build it, they (malware writers) will come. I will be looking forward to more details as they come to light in regards to source of infection, additional payloads, and more. Considering the Malware appears to be just a test so far, it's likely there's worse to come. Sources Ars Technica WriteUp (As mentioned) Business Insider Red Canary (Original Findings/Source) Lifehacker (Quote source) ZDNet PLEASE QUOTE ME IF YOU ARE REPLYING TO ME Desktop Build: Ryzen 7 2700X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 48GB Corsair DDR4 @ 3000MHz, RX5700 XT 8GB Sapphire Nitro+, Benq XL2730 1440p 144Hz FS Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 Which means that macOS's built in XProtect is not as good for new viruses. It would be interesting how antivirus programs perform now that Apple released a dev framework for EPP. There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 I mean it's kind of expected... the stats still look like this overall: Spoiler (sauce) Don't ask to ask, just ask... please sudo chmod -R 000 /* Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 23 minutes ago, Sauron said: I mean it's kind of expected... the stats still look like this overall: Hide contents (sauce) Ah yes, Browser. my favourite operating system... ____________________________________________________________________________________________________________________________________ ____________________________________________________________________________________________________________________________________ pythonmegapixel into tech, public transport and architecture // amateur programmer // youtuber // beginner photographer Thanks for reading all this by the way! By the way, my desktop is a docked laptop. Get over it, No seriously, I have an exterrnal monitor, keyboard, mouse, headset, ethernet and cooling fans all connected. Using it feels no different to a desktop, it works for several hours if the power goes out, and disconnecting just a few cables gives me something I can take on the go. There's enough power for all games I play and it even copes with basic (and some not-so-basic) video editing. Give it a go - you might just love it. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 43 minutes ago, FakeKGB said: "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 12 minutes ago, Grand Admiral Thrawn said: This and also 'I pay extra for the security'. Well, there is a saying "You pay for mistakes" Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 Just now, DrMacintosh said: Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. The myth has been around for awhile. It's not believed by everyone, but there are a decent amount of people who say it. elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 34 minutes ago, FakeKGB said: "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever 1 minute ago, Grand Admiral Thrawn said: This and also 'I pay extra for the security'. As much as I dislike Apple's corporate behaviour, security/privacy (the two go hand-in-hand IMHO) is still a legimate reason to buy a Mac. There is still going to be more PC malware than Mac malware. It infuriates me that Apple haters will take any opportunity to imply that "almost every Apple person ever" is stupid and brainwashed and doesn't have a clue how computers work. That said, claiming that Macs don't get viruses is clearly ludicrous. I don't understand how anyone believes that in this day and age. ____________________________________________________________________________________________________________________________________ ____________________________________________________________________________________________________________________________________ pythonmegapixel into tech, public transport and architecture // amateur programmer // youtuber // beginner photographer Thanks for reading all this by the way! By the way, my desktop is a docked laptop. Get over it, No seriously, I have an exterrnal monitor, keyboard, mouse, headset, ethernet and cooling fans all connected. Using it feels no different to a desktop, it works for several hours if the power goes out, and disconnecting just a few cables gives me something I can take on the go. There's enough power for all games I play and it even copes with basic (and some not-so-basic) video editing. Give it a go - you might just love it. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 2 minutes ago, pythonmegapixel said: It infuriates me that Apple haters will take any opportunity to imply that "almost every Apple person ever" is stupid and brainwashed and doesn't have a clue how computers work. Hyperbole. I didn't do "every Apple person ever" because I know that's not true. 2 minutes ago, pythonmegapixel said: That said, claiming that Macs don't get viruses is clearly ludicrous. I don't understand how anyone believes that in this day and age. Totally in agreement. elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 59 minutes ago, FakeKGB said: "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected. Big fucking difference. Inbefore I get yet again marked as biggest Apple fanboy just because I'm not shitting all over Apple. :rolleyes: Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 1 minute ago, RejZoR said: No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected. https://discussions.apple.com/thread/3988060?answerId=18510505022#18510505022 https://discussions.apple.com/thread/7296624?answerId=29166097022#29166097022 https://discussions.apple.com/thread/1635553 https://discussions.apple.com/thread/8245958?answerId=32897039022#32897039022 Just a few. elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 Apple devices are at least safer than Android ones... That still remains true. How many Android devices downloaded compromised apps? Usually a number in the millions is quoted. 30k is 3% of that at most. i5 8600 - RX580 - Fractal Nano S - 1080p 144Hz Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 16 minutes ago, FakeKGB said: https://discussions.apple.com/thread/3988060?answerId=18510505022#18510505022 https://discussions.apple.com/thread/7296624?answerId=29166097022#29166097022 https://discussions.apple.com/thread/1635553 https://discussions.apple.com/thread/8245958?answerId=32897039022#32897039022 Just a few. Wow, you quoted 5 people on Apple community. Congrats, you managed to find all the Apple fanboys who actually believe that shit... Outside of that no one says that because it's stupid. Big drama just like 30k infections. Everyone flailing around with their hands up in the air and headlines crashing all the news. Let me just tell you, this is the number Windows malware (a single strain) gets in like 1 hour of its existence. The fact after all this time of "super stealthy" malware it managed to infect only 30k systems and got discovered is just laughable. And I'm saying this as someone who is into security for decades and I'm not even using Macs if you want to imply I'm some sort of Apple fanboy like everyone so quickly love to do the moment you say anything even remotely favorable about Apple. The fact Apple devices are not so wide spread as Android or Windows and they are also much harder to infect as is because of the way how entire ecosystem is managed (the so much hated muh walled garden all of a sudden becomes super beneficial). So, they are not as profitable to even bother infecting and they are also harder to infect at the same time. It's the usual effort:benefits ratio in front of malware writers. And it's often so bad no one even bothers. That's just a fact any security researcher will acknowledge. EDIT: On top of that, basically all links you provided, the people are describing phishing or fakeAV's. That's not malware, that's just fake crap you can deliver to any mailbox or browser. It doesn't make it malware even if it can compromise user data. To protect users from that you'd have to make a phone or computer that's literally a non functional brick. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 1 minute ago, RejZoR said: Outside of that no one says that because it's stupid. I'm not refuting you, I'm just saying that you're refuting my statement if it's not hyperbole when I meant it as hyperbole. elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 37 minutes ago, DrMacintosh said: Sounds like a stereotype to me. Anyone with a brain knows any system can be compromised. Anyone tech savvy knows any system can be compromised But to the average computer illiterate person, the "Apple doesn't get viruses" is something they do believe, there is a reason it's a stereotype. There's been people on this very forum who complain that either they or their parents computer got infected with a virus and their response was "fuck Windows, I'm just going to buy me/them a mac". Whether it's true or not doesn't stop some people from thinking it's a fact. ◒ ◒ Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 1 minute ago, Arika S said: Anyone tech savvy knows any system can be compromised But to the average computer illiterate person, the "Apple doesn't get viruses" is something they do believe, there is a reason it's a stereotype. There's been people on this very forum who complain that either they or their parents computer got infected with a virus and their response was "fuck Windows, I'm just going to buy me/them a mac". Whether it's true or not doesn't stop some people from thinking it's a fact. To be honest, the chance is so low to casuals it really almost doesn't matter. On iOS it's pretty much almost impossible and bad actor has to either use exploits to deliver payload to devices or sneaking malicious app past all the checks Apple puts in place. Which means they yet again have full control over it to banish it. The magic of ever hated "muh walled garden". On Macs it's a bit different, but apart from some pretty much proof of concept malware, there really isn't much. It's just not profitable to bother. Which is why this whole thing is pretty much just proof of concept. And on top of that I'd love to see more details on all this drama. I mean real in depth details by any of actual security researchers and not 500 sensationalist webpages repeating same BS just to generate clicks. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 2 hours ago, FakeKGB said: "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever I’ve only heard this from people like you on forums. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 Just now, Jet_ski said: I’ve only heard this from people like you on forums. Read a few other posts to see the explanation. elephants Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 22, 2021 Its not an accident we call stealth malware a "trojan horse". The best way to get maximum impact is to do nothing, just sit there hiding in plain sight, wait and hope you're not discovered. This allows you to infect as many devices as possible without anyone ever really knowing or caring. You don't release your payload until you've reached your target, maximum impact, minimal effort. Main Rig:- Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Ubuntu 20.04.2 LTS | Server:- Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 23, 2021 2 hours ago, Arika S said: "fuck Windows, I'm just going to buy me/them a mac". It depends on how the use the Mac tbh. A Mac can actually be a better option as long as they stick to the Mac App Store (now with iOS apps) Honesty simply installing an ad blocker and sticking to the Mac App Store would put the security risk at a minimum for the tech illiterate. Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 23, 2021 3 hours ago, RejZoR said: No, that's what every single Apple hater is parroting around. The rest keeps saying it's much harder to get infected. Big fucking difference. Inbefore I get yet again marked as biggest Apple fanboy just because I'm not shitting all over Apple. :rolleyes: Not trying to continue the flame war. I think a bit of context may help. As somebody who works in retail, and sells Mac's. The general consumer does seem to think that Mac's are invunerable to malware. I would say at least half, on certain days considerably more. Even mentioning antivirus to these people gets a very distinct "Mac's don't get virus's" response. Also, being mad at people for spreading this. When correct me if I'm wrong, but wasn't apple the one making ad's where the windows computer (man in a suit) was sick. And the Mac (trendy dude) was all like I don't get virus'. I mean they kind of did start it. Don't get me wrong OSX/OS11 seems to be much more secure since they've moved to gpl3.0 compliance and agreement. But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it. Realistically, the best solution would be people needing a common sense best practises online license to even be able to use the internet. That would likely solve a good 80% of malware cases on all platforms. One Steam to rule them all, One Sale to find them, One Sale to bring them all and with their wallets, bind them! - r/pcmasterrace 17/01/2014 Spoiler CPU: Intel Core i7 6700k CPU Cooler: CM Hyper 212+ RAM: 16GB Kingston HyperX Fury 2400Mhz (2x8GB) GPU: Gigabyte G1 R9 390 Mobo: Asus Z170-AR PSU: Antec High Current Gamer 900W Storage: 240GB intel 520 SSD (OS), Sandisk 128GB SSD(Other OS) 2x 2TB Seagate Barracuda Case: Fractal Design R4 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 23, 2021 57 minutes ago, SubTract said: But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it. What good PR does Apple get by making a statement every time some new malware is discovered when they can simply stay silent and patch out the malware? The direction the Mac is heading is towards the way of the iPhone. Meaning that very soon, their position of “security” is going to be significantly more attainable (to the detriment of power users). Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 23, 2021 5 hours ago, FakeKGB said: "mAcS dOnT gET vIrUSeS!!" - almost every Apple person ever I don't understand why people are upset by this. I don't have any numbers but a big chunk of the people buying Macs (and computers in general) don't know much about this and a lot of them decide to buy a Mac because it never fails, because it has a retina display so it's better than any non-Mac display, and yes, because it doesn't get viruses. Heck I've even heard a seller say that to a customer once so you can't deny that statement. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted February 23, 2021 2 hours ago, SubTract said: But apples inability to publicly acknowledge problems will mean that this will likely remain a problem unless they themselves address it. One the other hand, Apple actually publishes patched vulnerabilities and gives credit to the person/individual who discovered such bugs https://support.apple.com/en-us/HT201222 There is more that meets the eye I see the soul that is inside Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now