Review title of Robert Trend Micro Security APP blocking link previews in FB. This product blocks link information on facebook so when you see a post from a friend and it has a link, you can no longer see what the link is about until you click on it because it's blocked in a solid green box with a little letter (i) icon in the green box. Mar 13, 2020 Trend Micro Security for Mac 1.5 Trend Micro Security for Mac 2.0 Trend Micro Security for Mac 3.0 Platform: Windows 2003 Compute Cluster.
Update as of 6:00 P.M. PST, May 3, 2019: Our continued observation of the malware sample showed that it spoofs popular Mac apps, instead of being included in the app installers themselves as previously reported. We made the corrections in the technical analysis in this post. We would also like to thank Objective Development for clarifying this issue.
Trend Micro’s Antivirus for Mac offers solid malware detection and deterrence in a simple package with a straightforward interface. AV-Test found in its testing that it detected 99.5 percent of. Trend Micro Maximum Security 2020 Version 16 3 Devices 3 Years for PC, Mac, Android and IOS Product Key card Windows7, 8.1 and 10 Trend Micro 4.0 out of 5 stars 54. The sample we examined is an installer of a popular firewall app for Mac and Windows called Little Snitch, available for download from various torrent websites. Names of the.NET compiled Windows executable are as follows: ParagonNTFSforMacOSSierraFullyActivated.zip; WondershareFilmora924PatchedMacOSXX.zip.
Update as of 5:00 P.M. PST, February 18, 2019: Further analysis on the sample indicated that it does not bypass the Gatekeeper mechanism as previously reported. We made the necessary changes in the technical analysis in this post. We would also like to thank Apple Product Security team for reaching out to us to clarify this issue.
By Don Ladores and Luis Magisa
EXE is the official executable file format used for Windows to signify that they only run on Windows platforms, and to serve as a security feature. By default, attempting to run an EXE file on a Mac or Linux OS will only show an error notification.
However, we found EXE files in the wild delivering malicious payload on macOS recently. While no specific attack pattern is seen, our telemetry showed the highest numbers for infections to be in the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States.
Behavior
The samples pose as installers of popular apps and are often available for download from various torrent websites. Examples of the applications they pose as are as follows:
When the downloaded .ZIP file is extracted, it contains a .DMG file hosting the supposed installer of the spoofed app.
Figure 1. Sample of the malicious file.
Figure 2. Installer contained in the .DMG sample we analyzed posing as a legitimate application.
Inspecting the installer contents, we found the unusual presence of the .EXE file bundled inside the app, verified to be a Windows executable responsible for the malicious payload.
Figure 3. Suspicious .EXE bundled for Mac app installer.
Trend Micro For Mac Download
When the installer is executed, the main file also launched the executable as it is enabled by the mono framework included in the bundle. This framework allows the execution of Microsoft .NET applications across platforms such as OSX.
Once run, the malware collects the following system information:
Under the /Application directory, the malware also scans for all the basic and installed apps and sends all the information to the C&C server:
Reinstall Trend Micro Maximum Security
It downloads the following files from the Internet and saves it to the directory ~/Library/X2441139MAC/Temp/:
Figure 4. Downloaded files saved in the directory.
These .DMG files are mounted and executed as soon as they are ready, as well as displaying a PUA during execution.
![]()
Figure 5. One of the adwares downloaded posing as a popular app.
This malware runs specifically to target Mac users. Attempting to run the sample in Windows displays an error notification.
Figure 6. Error notification when installer is executed in Windows.
Currently, running EXE on other platforms would have no impact on non-Windows systems such as MacOS. A mono framework installed in the system is required to compile or load these executables and libraries. In this case, however, the bundling of the said framework with the malicious files becomes a workaround to enable EXE files to run on Mac systems. As for the native library differences between Windows and MacOS, the mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts. Overall, this technique may be done to overcome a malicious user’s Objective-c coding limitations.
Conclusion
We suspect that this specific malware can be used for future inter-platform attacks, where a single executable can perform its payload on different operating systems. We believe that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites. We will continue investigating how cybercriminals can use this information and routine. Users should avoid or refrain from downloading files, programs, and software from unverified sources and websites, and install a multi-layered protection for their individual and enterprise systems.
Trend Micro Solutions
Trend Micro Security 10 Download![]()
The following Trend Micro products detect and block this threat:
Trend Micro Internet Security Mac
Indicators of Compromise
Trend Micro Internet Security Download Mac
Trend Micro Internet Security App Mac Download
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |