Macs impervious to Malware? Think again.

Computers showing malware and virus warnings

In the past, before the rise of Apple that began at the turning of the Millennium, it was quite rare for Apple’s computers to be the targets of viruses, trojans, worms, and other types of malware. Those were usually reserved for the Microsoft Windows platform, more popular at the time and less controlled than the MacOS.

However, in today’s times of the internet and the popularity of Apple, there’s greater risk of being susceptible to attacks from malware. These attacks usually occur when accessing links or files, such as clicking on ad banners online, downloading software from crowd-sharing means such as through torrent files, and clicking on attachments in emails, even if those emails are from known sources.

One recent malware called “Searchmine.net” is an example of malware that infects the MacOS. It targets web browsers such as Chrome, Safari and Firefox. The malware has the ability to change the browser’s homepage, new tab page or default search and take measures to prevent users from changing those settings back. This can allow the malware designers to track users’ browsing habits, and target them with customized ads, or sell this information to 3rd parties.

Unfortunately, accessing the location where the application is installed and removing it will not cure the issue, as this malware is persistent. Scanning with an application like Malwarebytes, frequently used to assist in detection and removal of items such as this, will be fruitless as well, as Malwarebytes has difficulty detecting the application. With Malwarebytes being ineffective, the next step of researching online for other tools to remove Searchmine can reveal potential solutions. However, some of these “solutions” could actually be additional malware that cause additional problems. And they are not inexpensive to use, even if they don’t have bad intentions and actually solve the problem.

For users of the Chrome browser, a recent tool developed by a product expert appears to remove the malware through the running of a script in the MacOS Terminal application. The Terminal application is a way to run processes and navigate the Macintosh file structure through a text command line interface. This script method has been shown to work. Instructions on its use can be seen at this link. If you have questions on its use or need assistance, don’t hesitate to contact us.

As for users of Safari and Firefox, the solutions don’t appear to be as clear. It is best to contact us to ask questions or have us address the issue . As a general tip for users, it is a smart move to not download files from sources that are not trustworthy. Also avoid clicking on banners on sketchy websites, and beware of clicking on email attachments, especially from untrustworthy sources.

For users with recent versions of the MacOS, you can read this site on how to take some steps to protect your Mac from malware. For Safari users, this page on Apple’s site explains how to block pop-ups in Safari, and gives tips on dealing with pop-ups in general to protect the user’s system from potential infections.

Beware Applications requesting a plug-in be downloaded

Computer displaying directory computer code

As noted in this article, “a security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps, or malware, from accessing a user’s private data, webcam or microphone without their explicit permission.” Recent privacy protections, expanded in the Mojave version of the Macintosh operating system, were meant to make it more difficult for malicious apps to get access to the user’s private information, unless the user allows access through a pop-up dialog.

However, these protections weren’t as good as Apple previously believed. This bug is the result of a whitelist of approved applications that are allowed to create “synthetic clicks” to prevent them from breaking. This includes the popular video playing application VLC, which the researcher showed could access a user’s camera, microphone, and other Macintosh computer services, through a plug-in that performed malicious actions.

This is a reminder that users should be aware anytime an application asks for permission to download and/or load additional software. In this case, any application that requires a download and installation of a plug-in would require closer scrutiny. This is especially true for anyone who attempts to access files through something like torrent services, which could potentially request to download a plug-in to view the downloaded file (or else the file that is downloaded through the torrent file could also be a payload with malicious intent, even if not requiring a plug-in).

If you’d like to discuss further, please let us know!

Beware mobile VPN services promoted by scam ads

Mobile phone user holding iPhone with VPN application in use

It is becoming more and more popular for a user to be on a mobile device and receive pop-up windows or be otherwise directed to a site to indicate that you’ve been hacked or are being tracked, and the solutions is to install a VPN (Virtual Private Network) application. A VPN allows the user to connect to another public IP in order to mask their current IP, and encrypt data sent.

With these pop-up redirect ads, what is occurring is that various VPN providers provide affiliate programs, where individuals are compensated for driving traffic to the VPN provider. These individuals create scare-tactic ads that promote users install the VPN application, and in return, the affiliate marketer receives compensation in exchange.

As the article states, if you receive one of these warnings, just close the page. If you are having issues closing the page, close your web browser. Upon re-opening the browser, attempt to close the page if it still exists. Also, closing the page that prompted the redirection is also advised, to prevent further issues. Also, NEVER install any applications being promoted on these sites, as they could install any variety of malware onto your device.

Please let us know if you have questions or would like to discuss setting up a more secure VPN into your computing environment!

Mar-a-Lago intruder sneaks surveillance Hardware into Club

Wood-grain USB thumb drive laying on tree stump

An intruder into Donald Trump’s Mar-a-Lago private club had, amongst several other pieces of technology such as cell phones, a thumb drive that could apparently immediately begin installing files onto a computer when plugged in, per the U.S. Secret Service. They indicated that this is very out of the ordinary, as detailed in this story.

A few interesting aspects of this story, in relation to thumb drives as well as other hardware and security. The first is that thumb drives (aka flash drives) are very popular, primarily because of their ease of use: they are an easy way to get programs and files from one computer to another. Because of this, they’re also easy to use to get malicious software onto a computer. This leads to the second and most important point: it is wise to not plug-in thumb drives without positively knowing their source and potential side effects. On this point, it’s a bit alarming that the Secret Service agent didn’t follow this point when they plugged it into their work computer.

The lesson to be gained from the linked article is that employers should not allow their employees to plug-in items such as thumb drives into their computers, or at the very least have security software which prevents the mounting of this type of hardware when it is plugged in.

In addition to being wary of thumb drives, other insecure types of hardware purchased off of sites such as eBay should give a user pause, whether the hardware has been previously used or not. Used hardware always has the potential of having been tampered with, from both a hardware and installed software perspective. For example, users could be spied on through a laptop’s camera, or their keystrokes captured through a hidden keylogger program.

In the realm of “new” hardware, what one person may think is new may actually not be. New hardware should always come in a factory sealed box with a security sticker. Of course, it is possible that this could be faked, but it is much less likely, especially when purchased direct from the Manufacturer.