In both this and the previous instance, online criminals signed their malicious code with an Apple developer certificate, allowing the malware to bypass a key part of OS X’s built-in defence.
Two months ago we described how an earlier version of OSX/InstallCore had been spread after Mac users began to see bogus pop-up warnings about Adobe Flash requiring an update, which resulted in scareware being installed onto their computers.
Intego researchers report that third-party apps they have seen being installed by the fake Adobe Flash update include MegaBackup, ZipCloud, and MacKeeper.Įmbedded within the installer’s code is a copyright message, referencing an Israeli company that develops the InstallCore software installation platform, and has been criticised in the past for “turning a blind eye to malware”:Ĭopyright © 2016 ironSource. However, if the Package installer is located in the DMG volume, then you will be prompted to continue the installation.Īs a result, victims may find that their OS X computers have had a number of potentially unwanted programs (PUPs) installed on their systems. pkg file, also known a flat package, and has been signed with a legitimate Developer ID certificate - effectively tricking OS X’s built-in Gatekeeper security to believe that the files can be trusted and are not malicious.Ĭuriously, if the Mac Package installer, called Product.pkg, is located outside the DMG volume and the DMG volume Installer is unmounted, then you will receive a “Missing parameters” error. The in-the-wild attack has been spread in the form of a Mac Package installer. Intego security experts have identified the rogue package installer as a variant of OSX/InstallCore, and have updated Intego VirusBarrier definitions to provide protection. Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers.
Take a stroll through the history of Mac OS from 1984’s System 0.97 to Ventura.
How to edit and unsend messages on iPhone.Twelve South HiRise 3 iPhone stand beautifully charges trio of Apple devices.Today in Apple history: iOS 4 brings FaceTime and multitasking.Apple iWork 12.1 desperately tries to make presentations more exciting.Last chance: Clear clutter with 4-in-1 iPhone charging stand.Another set of top-shelf ANC cans takes on AirPods Max.MacDailyNews Take: Just to be safe, we only update Flash – on the few Macs that still have Flash installed – directly via Adobe’s website. Intego researchers report that third-party apps they have seen being installed by the fake Adobe Flash update include MegaBackup, ZipCloud, and MacKeeper.” “As a result, victims may find that their OS X computers have had a number of potentially unwanted programs (PUPs) installed on their systems. pkg file, also known a flat package, and has been signed with a legitimate Developer ID certificate - effectively tricking OS X’s built-in Gatekeeper security to believe that the files can be trusted and are not malicious,” Cluley reports. “The in-the-wild attack has been spread in the form of a Mac Package installer. “Intego security experts have identified the rogue package installer as a variant of OSX/InstallCore, and have updated Intego VirusBarrier definitions to provide protection.” “Mac users are once again being urged to exercise caution when installing updates to Adobe Flash Player, after a fake update was discovered infecting computers,” Graham Cluley reports for Intego.