Delaware, USA – February 13, 2019 – Adversaries are constantly looking for ways to infect Mac systems with malware bypassing Gatekeeper, and sometimes they succeed. Unexpectedly a .exe file overbore MacOS native security protection tool that enabled it to deploy the malicious file, Trend Micro researchers reported. A new malware delivering campaign hits victims in the US, Australia, European countries, and others.
On the top of the popular Little Snitch firewall app downloaded from peer-to-peer networks, the victim gets an abscond payload that will send the system info and the list of installed apps to the C&C server. After the file is installed, the next step of the infection is downloading and leading the user to install other malware that conceals pretending to be legitimate applications such as Flash Player.
In this campaign, malware authors used the open source framework to run .exe files, which are marked as safe by default bypassing the Gatekeeper protection. This technique allows attackers to attack Mac users distributing various malware written on .NET and it is much more efficient than using large-sized files to avoid analysis. An infected Mac system is quite difficult to detect in an organization’s network, but you can use Netflow Security Monitor rule pack to uncover traces of malicious activity: https://my.socprime.com/en/integrations/netflow-security-monitor-kibana