MacOS Malware Trends of 2016
All around is very rapidly developing and malware are not far behind. Today we would like to sum up 2016 and noted. A few words about the most interesting instances:
In March 2016 Mac users acquainted with KeRanger – the first program-extortionist on OS X. Attackers KeRanger introduced in the popular Transmission software (version 2.90), after installing the Mac users that have infected their computers. This malicious code was unusual even by the fact that his infection vector number (for Mac malware) unique. It should be noted that currently Mac users should be protected anyways, as Apple revoked the signing certificate (ID Z7276PX673), as well as updated their XProtect signatures.
Experts analyze multiple instances of malware for Apple OS X every day. We know that Keydnap loader component is distributed as a .zip file. Unfortunately there is not enough information to say exactly how spread Keydnap. Despite the fact that OS X incorporates a special safety mechanisms for blocking malicious activity, phishing deceit techniques can help attackers to trick users by using a false icon of the executable file, Mach-O, which will lead to the launch of the system of malware.
In September 2016 experts published a detailed analysis of the cross-platform backdoor Mokes. Researchers report that for Mokes.A MacOS has the same functionality as backdoors for Linux and Windows. Malvar is spying on the user making screen shots every 30 seconds, captures keystrokes, captures audio and video signals from the microphones and cameras, as well as the system scans for Microsoft Office documents (xls, xlsx, doc, docx).