Mac users who have installed warned the MacKeeper program for malware that attempts to spread via a flaw in the software that an update was published in May. Last month, a vulnerability in MacKeeper discovered that an attacker could execute arbitrary code with root privileges without much user interaction. The problem was caused by the way MacKeeper with "custom URLs" deal.
Braden Thomas researcher who discovered was a proof-of-concept that ensures that carried when visiting a specially prepared page with Safari arbitrary commands on the system problem. A few days after the proof-of-concept appeared online are also the first malicious MacKeeper URLs appear, discovered researcher Sergei Shevchenko of security company BAE Systems.
Phishing Mail
The URLs can for example be spread through phishing emails. When users click on the link, a pop-up warning that malware was found on the computer that must be removed. For this, the user must enter his password. Fills the user password, the malware is downloaded and installed. According to Shevchenko, it is a backdoor which receives an attacker remote access to the computer.
The malware collects all sorts of data on the system, including running processes, operating system name and version, user name, and the presence of VPN connections. According to the researcher, it is interesting to see how quickly attackers made use of the leak. To carry out the attack, a user must have installed a vulnerable version of MacKeeper. The developers of the software claim that MacKeeper has been downloaded over 20 million times.
Shevchenko also does not exclude that the attackers bombard their targets with phishing emails in the hope that one MacKeeper installed. After the leak last month became known MacKeeper came quickly but with an update that is installed automatically in most cases. It is also the question of how successful this attack campaign is or was.
No comments:
Post a Comment