Security software development firm Malwarebytes has just exposed what could be the first known case of Mac malware for the year of 2017.

It appears to be a highly antiquated piece of malware. In other words, it’s not super advanced and it’s using methods to infect machines that are so well-known that only a small number of unsuspecting users would even fall victim to it.

According to the report from Malwarebytes, this malware relies on two things: a hidden file and the user’s action to prompt the file. This can be achieved with a user interface that looks legit and then forces the launch of the malware rather than what the user was expecting to launch.

This malware seems to be targeting biomedical research institutions moreso than anyone else, so it’s not really intended to harm the general populous. Nevertheless, it opens a backdoor and allows anyone who’s listening in grab basic information, such as screen captures, system up-time data, mouse cursor position, and more; a serious security breach.

This information is then inconspicuously passed along to the listener via a third-party server, so it requires an internet connection. To help keep it from being noticed, a special boolean variable inside the code keeps the malware app from being spotted in the Dock.

Also noteworthy is how this malware has code for simulating mouse cursor movements and clicks, as well as keyboard key presses, both of which appear to be means of remote control whenever the listener wants to have more access. Perhaps with a little help from the up-time schedule, the listener will know when people are away and can do malicious things when the time is right.

The code reportedly worked just fine on Linux-based machines, as well as that of Macs running Apple’s macOS, so it appears to be viable on two different platforms.

Interestingly, Malwarebytes points out that because the malware uses such an antiquated method of attack, it would be easy to spot and remove via a trained eye or with malware removal programs. That said, it’s infecting machines that clearly don’t get a lot of anti-malware treatment – so perhaps they should start.

The experts who conducted the reverse engineering of the malware found comment files that suggest this malware has been in effect for quite some time; at least since OS X Yosemite (launched in 2014). The reason this malware may have gone unnoticed for so long was because it targeted a very small sample of machines. Had it have been present on more machines, it may have been noticed and reported much faster.

It’s very unlikely that your Mac at home has been infected with this malware, which is being dubbed OSX.Backdoor.Quimitchin, named after the Aztec spies who were known for infiltrating other tribes for information. Nevertheless, that’s not to say that other rogue malware couldn’t infect your machine, so you should always be wary of what you download.

  • markypolo

    Only morons open mysterious or unknown files!

    • ravinigga

      True, the thing I trust is porn:)

      • Agneev Mukherjee


      • markypolo

        LOL. Most web sites are trustworthy. Best way to prevent malware is to set your router firewall to med-high. Also your computer firewall as additional security. Sadly, many ( if not most) people forget to even turn ON their FireWalls.

  • White nigga from the 6

    So, I guess that explains that random iPhone 7+ giveaway I never received… smh.

    • Agneev Mukherjee

      Ha ha LOL

  • Reilitas

    I hate these people who even make the malware, like are you that much of a loser? You even have to infect browsers just to place more ads.. It should be a crime to use exploits on someone’s computer without consent or approval.

    • Gerardo Castro

      Uh… it is a crime… IT’S CALLED HACKING

      • Reilitas

        Hush. Don’t need to attack me, I was talking about that one that affects browsers (which I didn’t state, oops). I know about actual malware, which I never get. That’s why I thought differently.

    • Snailpo

      Hahaha it is a crime. But to be honest the person(s) that made are possibly profiting off of it, so they aren’t really losers .

      • Reilitas

        Yeah.. but then they still force me to go through the whole process of removing it, that’s really annoying. I even got something to pop up called “win10hackin…” in defender on my Mac because I use boot camp. I don’t even download! I stream everything online so I could be sufficient with my storage.

  • Bugs Bunnay

    good ol’ Malwarebytes