Here are some stories for context about past macOS malware as related to my previous post about the acquisition of the Bartender app and related security concerns:
Transmission hijacked again to spread malware In March, the website of the Transmission torrent client was hacked, and a maliciously-altered copy of Transmission was uploaded in place of the real one. That incident was very well-publicized, as the malware being distributed this way was the KeRanger ransomware, which is currently the only real ransomware ever to affect the Mac platform. Almost exactly six months later, the story has repeated. Transmission has once again become a vector for the transmission of malware – in this case, a new variant of the Keydnap backdoor.
HandBrake hacked to drop new variant of Proton malware Last year, the Transmission torrent app was hacked not just once, but twice, to install the KeRanger ransomware and, later, the Keydnap backdoor. Now, the same thing has happened to the popular DVD-ripping HandBrake app, which is installing a new variant of the Proton malware.
Trend Micro apologises after Mac apps found scooping up users’ browser history In its advisory, Trend Micro confirmed researchers’ findings that products such as Dr Cleaner, Dr Cleaner Pro, Dr Antivirus, Dr Unarchiver, Dr Battery, and Duplicate Finder were snaffling users’ browser history… The discovery of the apps’ behaviour resulted in them being kicked out of the Mac App Store (for now at least).
Mac App Store apps are stealing user data There is a concerning trend lately in the Mac App Store. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around storage and protection of personally identifiable information like organizations based in the US or EU.
Apple Finally Boots Sneaky Adware Doctor App from Mac App Store Apple was initially alerted to the rogue app in early August – over a month ago. But it appears, only after faced with public scrutiny, did Apple remove the app. The app, which cost $5, was listed on Apple’s Mac App Store as the company’s fourth-highest “Top Paid” software program. Researchers said the app violates Apple’s sandboxing security policies by surreptitiously copying a user’s entire browser history and cookies and sending both to a China-based domain. |