Malicious Google Ads Target Mac Users with Fake Mac Cleaner Pages

Mac users searching for software on Google or other search engines should be extra careful...

A week in security (February 26 – March 3)

Last week on Malwarebytes Labs: PikaBot malware on the rise: What organizations need to know Malicious meeting invite fix targets Mac users Pig butchering scams, how they work and how to avoid them Airbnb scam sends you to a fake Tripadvisor site, takes your money Facebook bug could have allowed...

Malicious meeting invite fix targets Mac users

Cybercriminals are targeting Mac users interested in cryptocurrency opportunities with fake calendar invites. During the attacks the criminals will send a link supposedly to add a meeting to the target’s calendar. In reality the link runs a script to install Mac malware on the target’s machine...

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...

Atomic Stealer rings in the new year with updated version

Last year, we documented malware distribution campaigns both via malvertising and compromised sites delivering Atomic Stealer AMOS onto Mac users. This stealer has proven to be quite popular in the criminal underground and its developers have been adding new features to justify its hefty...

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to...

Mac users targeted in new malvertising campaign delivering Atomic Stealer

Summary Malicious ads for Google searches are targeting Mac users Phishing sites trick victims into downloading what they believe is the app they want The malware is bundled in an ad-hoc signed app so it cannot be revoked by Apple The payload is a new version of the recent Atomic Stealer for OSX...

MAC User's unable to see shared screen in VDI during MS teams call

Issue Description: MAC users connected to Citrix VDI are experiencing problems with Teams optimization. While these users can attend meetings without issue, they are unable to view shared screens from other participants. Instead of seeing the shared content, they encounter a black screen...

Mac users, update now! “Powerdir” flaw could allow attackers to spy on you

If you have been forgoing updating your Mac, this article might make you think twice. The Microsoft 365 Defender Research Team has discovered a vulnerability in macOS, which allows malicious apps to successfully bypass a users privacy preferences. This means attackers could access personal data...

Mac Users Targeted by Trojanized iTerm2 App

We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine...

Error: "SSL Error 61: You have not chosen to trust 'Certificate Authority'..." on Workspace App for Mac

Receiver for Mac users receive the following error message when accessing StoreFront or Web Interface applications: "SSL Error 61: You have not chosen to trust 'Certificate Authority', the issuer of the server's security certificate. Error : 183"...

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...

Office for Mac Users Warned of Malicious SYLK Files

Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute arbitrary code. The warning com...

Malvertising Campaigns Skirt Ad Blockers, Serve Up Mac Malware

Two fresh malvertising campaigns are making the scene that are abusing the convoluted underpinnings of the internet economy to find malware victims. One is a large-scale exploit kit EK campaign designed to circumvent traditional safeguards, such as ad blockers, and the other uses web redirects to...

Mac-Focused Malvertising Campaign Abuses Google Firebase DBs

A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...

An info stealer .exe malware is targeting Mac users around the globe

By Waqas Cybercriminals have identified a unique method of attacking Mac devices, which involves exploiting executable or .EXE files. Those files that can be executed both on Mac and Windows devices have the potential of infecting Mac computers as these unload a .exe malware. Discovered by Trend...

Malware in Ad-Based Images Targets Mac Users

A massive adware campaign has so far impacted up to a million Mac users, using a tricky steganography technique to hide malware in image files. Researchers at Confiant and Malwarebytes said the attacks have been running since Jan. 11, using ads on the web and steganography to spread; steganograph...

Errors using SecurAuth SAML to StoreFront Site

The customer is setting up a new SAML store to use SecurAuth in place of smart cards for certain MAC users due to a known compatibility of Smart Cards with MAC devices When navigating to the URL portal, we are returned with the following error after entering the PIN and being redirected to a seco...

Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users

A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018. Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computer...

Huge Flaws Affect Nearly Every Modern Device; Patch Could Hit CPU Performance

UPDATE: Researchers have finally disclosed complete technical details of two kernel side-channel attacks, Meltdown and Spectre—which affect not only Intel but also systems and devices running AMD, ARM processors—allowing attackers to steal sensitive data from the system memory. The first week of...