Tag - Malware
You didn't buy your Mac or your iPhone in order to while away the hours avoiding phishing scams and malware. Unfortunately, other people did buy theirs in order to con money or data out of you, so we have to be vigilant. That's the purpose of our three-part Pointers Special. This is how to protect your Apple device, your work, and your money -- and in this concluding edition, how to keep people from seeing what you're doing.
The login details of over 32 million Twitter accounts may be at risk, according to a search engine that specializes in leaked account credentials. The leak, which is believed to have been caused through malware infestations rather than a breach of Twitter's own servers, are said to include the usernames, passwords, and email addresses, notably with the passwords supplied to the search engine in plain text instead of being encrypted.
Researchers at Duo Security have released a scathing analysis of the PC industry and its lax security measures. In particular, the researchers found that every major Windows-based OEM, including Dell, Lenovo, Asus, Acer, and HP, ship brand-new PCs that are vulnerable to hackers from the moment that they are booted up out of the box, a phenomenon the report dubs "Out-of-Box Exploitation" (OOBE). The issues stem from the bloatware routinely pre-installed on new PCs, which include third-party software update tools -- even supposed "bloat-free" PCs carrying the Microsoft Signature Edition label are shipping with vulnerabilities.
After an app called InstaAgent was discovered in the Google Play and iOS App Stores last November to be credential-stealing malware, the program was removed. The developer of the software, Turker Bayram, has returned with two new apps -- "Who Cares With Me -- InstaDetector" and "InstaCare -- Who Cares With Me" for both iOS and Android that appear to again steal login credentials by claiming the app will show users who is tracking their Instagram account, when in fact it obtains user passwords and then uses that information to insert ads into the user's feed.
A rare example of iOS malware that does not rely on either the inherent security flaw of jailbreaking or an abused enterprise certificate has been spotted by Palo Alto Networks in China, and leverages a flaw in Apple's own digital rights management software FairPlay combined with a "man in the middle" attack to potentially install malicious or spyware apps following the initial install of the affected app the user thought was legitimate. The malware has been dubbed "AceDeceiver," but at present its malice is limited to users in China.
A re-use of an old malware core of code formerly made by disgraced Mac malware authors HackingTeam may or may not signal a re-emergence of the group, who had specialized in largely-unsuccessful attempts to create Mac-based malware for profit, before being counter-attacked by "white hat" hackers and having the group's private email and source codes revealed. The new malware, however, does have one notable element; it uses Apple's own encryption scheme to protect the contents of the binary file.
Listen, the Living With articles have become a staple of MacNN, and in every single case they are articles about what we've learned using hardware and software over an extended period, instead of solely in the initial testing. In some cases, they are apps or products that we loved, and that instantly became part of our working life, and sometimes we didn't really appreciate them until many months down the line, when they've somehow become indispensable. This is the first and hopefully last Living With where it isn't our choice: we have been trying to get rid of Kaspersky Internet Security from the day we finished testing it.
Although Apple "quickly reacted" to a threat emanating from China last month where altered, pirated versions of Xcode found to contain non-threatening spyware were in use that could have been used to launch a greater attack, variant versions of the XcodeGhost malware are still present, and have been found on servers in the US in the enterprise sector. The actual danger is greatly reduced, as the command-and-control networks have mostly been disabled, but there is still some potential risk.
A security researcher planning a presentation at the Virus Bulletin Conference in Prague on Thursday has revealed that he has discovered a relatively simple way to bypass OS X's Gatekeeper security feature, potentially allowing a malicious file buried within a trusted application free reign to run unobstructed. The exploit could be used to steal passwords by modifying a legitimate app that already has Gatekeeper approval, for example. Apple is already aware of the issue and working on a fix.
Apple has now responded publicly to the XcodeGhost malware scare, explaining in a page on its Chinese website addressed to customers that even if they used apps affected by the issue, no personally-identifiable information was gathered. The company removed any affected apps, and explained the cause (iOS programs were built using compromised Chinese versions of Xcode downloaded from other sources), while offering developers a method of ensuring that their own installations of Xcode were valid.