as well.
Yes, you heard me right — a .exe malware on macOS.
Security researchers at antivirus firm Trend Micro have
discovered a novel way hackers are using in the wild to bypass
Apple’s macOS security protection and infect Mac computers by
deploying malicious EXE files that normally run only on Windows
computers.
Researchers found several samples of malicious macOS application
(.dmg) masquerading as installers for popular software on a torrent
site that includes an EXE application compiled with Mono framework
to make it compatible with macOS.
Mono is an open source implementation of Microsoft’s .NET Framework
that allows developers to create cross-platform .NET applications,
which work across all supported platforms, including Linux, Windows
and Mac OS X.
Usually, running any Windows executable results in error on
macOS systems, and its built-in protection mechanisms such as
Gatekeeper also skips scanning .exe files for any malicious
code.
“This routine evades Gatekeeper because EXE is not checked by this
software, bypassing the code signature check and verification since
the technology only checks native Mac files,” Trend Micro said in a
blog
post[1] published Monday.
the Little Snitch firewall application, but also comes
bundled with mono-compiled hidden payload, designed to collect and
send system information about the targeted Mac computer to a remote
command-and-control server controlled by the attackers.
prompts users to install various adware apps, some of which
disguise as legitimate versions of Adobe Flash Media Player and
Little Snitch.
During their analysis, the researchers found “no specific attack
pattern” associated with the malware, but their telemetry showed
that the highest numbers for infections existed in the in the
United Kingdom, Australia, Armenia, Luxembourg, South Africa, and
the United States.
Interestingly, the security researchers could not get the same
malicious EXE file to run on Windows—attempting to run the file on
Windows resulted in an error, which means that this malware has
been designed to target macOS users specifically.
“Currently, running EXE on other platforms may have a bigger impact
on non-Windows systems such as MacOS. Normally, a mono framework
installed in the system is required to compile or load executables
and libraries,” researchers explained.
“In this case, however, the bundling of the files with the said
framework becomes a workaround to bypass the systems given EXE is
not a recognized binary executable by MacOS’ security features. As
for the native library differences between Windows and MacOS, the
mono framework supports DLL mapping to support Windows-only
dependencies to their MacOS counterparts.”
malware is to avoid downloading apps, tools, and other files on
your computers from torrent websites or any untrusted source.
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/g6W88w0L4hQ/macos-windows-exe-malware.html