A new malware in macOS appears through Adobe Flash Player
This week we talked about that in technology devices none was 100% sure. Earlier this week we echoed a story that affected 76 App Store applications that would be infected. Today again security researchers have discovered new malware through Adobe Flash Player.
Apparently, this new malware called 'MacDownloader' could have been created by hackers to attack Iranian companies in the industry are in US defense. According to Claudio Guarnieri and Collin Anderson, security researchers analyzing threats from Iran , have made clear that they have found this malware because they posed as an American aerospace company, 'United Technologies Corporation'.
New malware in Adobe Flash Player
The website referred to Lockheed Martin, Sierra Nevada Corporation, and Boeing to offer special programs and courses. This fake website was previously used as part of a spearphishing attempt, as it spread malicious programs to the Windows platform.
This site apparently was intended to be held by Iranian agents , who had previously used for other phishing attempts in dental clinics and an entertainment page of the US Air Force.
This is what malware does
Users who visit this website will be infected by malicious programs for both the Windows platform and MacOS. In the case of MacDownloader , it creates a fake Adobe Flash Player dialog which offers enhancements by updating Flash Player, or the option to close the window . Once users accept the upgrade, a second dialogue in which reports that it has a listed 'adware removal tool Bitdefender'. As well as, advertising programs.
After installing the alleged update, the malware attempts to collect all possible data from the infected Mac, sending the information collected from the user to the attacking server. This malware can also create a dialog box with the preferences of the system, this is all false, since in this way they get the user name and password of the key chain to use it and access the encrypted data.
Poorly developed malware
Apparently researchers say that is a code underdeveloped because behind this virus is someone who looks like this beginning with the development of hackers , since problems spelling and grammar are appreciated, as well as changing Flash to Bitdefender in dialog boxes.
This malware has a code that apparently has been copied from other sources. It also reveals that the developer initially wanted to install a persistent process, as it tried to make this malware run automatically at system startup.
Based on the observations of the infrastructure, and the state of the code, we believe that these incidents represent the first attempts to distribute the agent, and characteristics such as the persistence of working do not appear. 'MacDownloader is a simple filtering agent with broader ambitions.
It should be remembered that such malware can be used to attack a human rights defender and could be used to attack other communities in the future. Be very careful with this malware. what do you think about this news? Have you been affected by this malware? Tell us about it in the comments.