Malware

What you need to know about the KeRanger ransomware found in the Transmission app

Users of the popular open-source Transmission BitTorrent client for OS X were in for quite a surprise this weekend when it was discovered that certain installers for version 2.90 of the application were found to bundle unwanted ransomware with the installation, which is a type of malware that restricts file access across the system to cause trouble for the user.

Dubbed KeRanger by security research firm Palo Alto Networks, the malicious software will try to encrypt the user’s system files in such a way as to tamper with the user’s access to their Mac and then force the user to pay money to get their access back.

The makers of the Transmission app are now pushing immediate mandatory app updates to remove the ransomware and fix the problem for those that may have been affected, and it’s recommended for all users, but how do you know if you’re affected?

Using Gatekeeper to help secure your Mac

OS X comes with a security feature known as Gatekeeper, which can help prevent unwanted apps from launching on your Mac without your permission. It can also prevent potentially malicious apps from launching because it can be used to limit the kinds of apps that are allowed to open on your Mac.

In lieu of the recent Sparkle updater framework vulnerability having been uncovered in a variety of popular OS X apps, now is a great time to set up your Gatekeeper settings to prevent potential issues with malware on your Mac in the future. In this tutorial, we’ll be showing you how Gatekeeper works and how you can configure it to keep your Mac just as secure as you want it to be.

About OS X System Integrity Protection aka ‘Rootless’ and how to disable it

All Macs with OS X El Capitan installed on them have a new layer of security known as System Integrity Protection, which has been given the nickname ‘Rootless’ because it closes off a lot of system files to user access to prevent malicious programs and code from causing harmful changes to the core of OS X.

For some, the added security feels like a must for protection of your personal information, but for more advanced users who poke their noses into system files quite often, the feature can get in the way and prevent user modifications to the operating system. In this tutorial, we’ll give you an overview of System Integrity Protection and show you a way to disable it.

What to know about ‘YiSpecter,’ new malware targeting all iOS devices

Just as all the hoopla surrounding the XcodeGhost attack appears to have died down, security researchers over at Palo Alto Networks have identified a new type of harmful malware.

Dubbed YiSpecter, it can install itself on both jailbroken and non-jailbroken iOS devices and is the first iOS malware that exploit Apple’s private APIs to implement malicious functionalities.

Here’s everything you need to know about this new type of attack, what Apple is saying about the malware and what you can do in order to protect your devices from becoming infected with YiSpecter.

Apple lists top 25 apps infected by XcodeGhost

Apple today refreshed its official XcodeGhost FAQ webpage, listing the top 25 iPhone and iPad apps on the App Store that contain the widely reported though mostly harmless XcodeGhost malware.

In addition to WeChat, one of the top messaging apps in the world, Rovio’s Angry Birds 2 and China Unicom’s Customer Service app, most of the listed apps are distributed on the Chinese App Store only.

“If users have one of these apps, they should update the affected app which will fix the issue on the user’s device,” writes the company. “If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.”

Apple has pulled many of the infected apps and said it’s working closely with developers to get impacted apps back on the App Store.

Apple to offer local Xcode downloads in China, posts official XcodeGhost malware FAQ

The XcodeGhost malware couldn’t have arrived at worst time for Apple as the company prepares to launch its iPhone 6s and iPhone 6s Plus tomorrow. The company has already removed the App Store apps infected by the malware, which has been found to inject its payload into apps compiled with compromised copies of Xcode that were distributed on non-Apple servers in China.

Wednesday, the Cupertino firm has confirmed plans to mitigate the threat by hosting local Xcode downloads within China. In addition, Apple has posted an XcodeGhost FAQ webpage on its Chinese website detailing the XcodeGhost malware and how customers might be affected by it.

Apple educates developers on validating Xcode downloads following XcodeGhost malware attack

A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.

The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.

As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.

This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with.

XcodeGhost: a new malware infecting many popular iOS apps

A few dozen iPhone and iPad applications, most of them developed for China, have been infected with XcodeGhost, a malware that collects information on the devices and uploads that data to remote servers.

Among them is WeChat, one of the most popular instant messaging applications in the world.

Rather than exploit an iOS vulnerability, the malware in question sneaks its way into apps indirectly, by targeting Apple’s official compilers used to create legitimate apps. The malware was found to inject its malicious code into a Mach-O object file that was repackaged into some versions of Xcode, Apple’s official tool for developing iOS and OS X apps.

These Trojanized Xcode installers were then uploaded to Baidu’s cloud file sharing service used by Chinese app developers, explains Palo Alto Networks. The malicious code then inserts itself into any iOS app compiled with the infected Xcode without the developers’ knowledge.

It’s not Apple’s fault, really: this would have never happened had these developers downloaded Xcode files directly from Apple. Baidu has since removed all of the infected files from its servers and some of the infected apps have since removed the malware code in their latest builds.

Apple reportedly doing away with antivirus apps in the App Store

Apple has decided to eliminate the category of anti-virus and anti-malware products from the App Store, according to security firm Intego.  The company announced this week that Apple informed them of their decision after pulling their app ‘VirusBarrier for iOS.’

“To be clear, this wasn’t an action directed specifically at Intego, we were one of several companies affected by Apple’s decision,” writes Intego’s Jeff Erwin. Erwin adds that users will continue to get virus definition updates, but there will be no more updates to the app.

Chinese authorities shut down WireLurker site, suspects arrested

Chinese authorities arrested three individuals last Friday that are believed to have developed the “WireLurker” malware, according to a police post on Sina Weibo. The authorities were tipped off by Chinese security company Qihoo 360 technology. Additionally, the post says that authorities have also identified and shut down the website that was hosting and distributing the malware.

US government warns iOS users about new ‘Masque Attack’ threat

The United States government issued a warning for iPhone and iPad users today regarding the recently-discovered ‘Masque Attack’ vulnerability, reports Reuters. The security flaw, which began circulating the web earlier this week, allows malicious third-party apps to be installed to a device using enterprise provision profiles.

Today’s bulletin was issued by the National Cybersecurity and Communications Integration Center, and it warns users of how Masque Attack can spread and what it’s capable of doing. The malware installs itself through a phishing link disguised as a new app or game, and then it can masquerade as a well-known app like Gmail.

Apple now blocking apps infected with WireLurker malware

Apple released a statement today saying that it is aware of the newly discovered WireLurker malware that targets Macs and iOS devices, and it has taken action. “We’ve blocked the identified apps to prevent them from launching,” a spokesman for the company told the Wall Street Journal.

Yesterday security researchers at Palo Alto Networks published a report saying they had discovered a new malware targeting Macs and iOS that is the “biggest in scale” it has ever seen. They named the malware “WireLurker” for its ability to jump from infected Macs to iOS devices over USB.