Malware

Mac malware installer automatically grants access to keychain

A researcher published a zero-day vulnerability in OS X in July without giving Apple preemptive warning or notification. Following that news, Malwarebytes discovered an adware installer exploiting the flaw.

Apple patched the OS X DYLD_PRINT_TO_FILE bug, but now, Malwarebytes is reporting that a new variant of the adware installer has surfaced. This time, however, it is no longer blocked by OS X anti-malware protections.

The updated installer, when executed, slips an installer window into the process that asks for permission to access the user's keychain. It is automatically clicked as soon as it appears, which allows the installer to gain access to the Safari Extensions List. This lets it install a Genieo Safari extension.

But far more concerning, the researcher wrote, is it could easily be modified to gain access to other things from the keychain, including a user's iCloud password.

Related

GitHub search exploited for malware distribution

Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.

Rhadamanthys infostealer deployed via AI-based PowerShell

Several organizations across Germany have been targeted by suspected initial access broker TA547, also known as Scully Spider, with attacks using a generative artificial intelligence-based PowerShell to deliver the Rhadamanthys information-stealing malware, reports BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.