This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Chinese cybersecurity researcher has discovered a new strain of malware that spreads via “poisoned” search-engine results. The malware dubbed ‘OSX.ZuRu’ poses as the legitimate macOS tool called iTerm2. Currently, the attackers are only targeting the Chinese Baidu search engine but it would not be a surprise if they attempt to expand their operation in the near future.
Attackers are distributing iTerm2 malware through sites that mimic the original iTerm2 website. Mac users who attempt to install iTerm from the fake website are directed to a 3rd-party hosting service, which fetches the file iTerm.dmg. So far, on the user’s screen everything seems normal – the only noticeable red flag is the slightly different domain name. However, most people would not notice this.
Once a user implements and installs the suspicious iTerm.dmg app, they end up receiving a working copy of the app, which passed the Gatekeeper check and installed just fine because it was digitally “signed” by an Apple developer and wasn’t flagged by any antivirus software as malicious.
The main purpose of this malware is to establish a connection with a remote web application and send some data regarding the victim. The primary piece of information it sends is the serial number of the device. After this, it tries to establish a second connection to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: New Mac Malware Trick Users By Posing as Legitimate macOS Tool