10–29-19 A zero day, in hacker jargon, is a secret security flaw in software, one that the company that created and maintains the software’s code doesn’t know about. The name comes from the fact that the company has had “zero days” to respond and push out a patch to protect users. A powerful zero day, particularly one that allows a hacker to break out of the confines of the software - application where the bug is found and begin to execute their own code on a target computer, can serve as a kind of global skeleton key—a free pass to gain entrance to any machine that runs that vulnerable software, anywhere in the world where the victim is connected to the internet. - ANDY GREENBERG https://www.vanityfair.com/news/2019/10/the-discovery-of-sandworm-the-worlds-most-dangerous-hackers
……………………………………………………….
macsecurity.net--GENUINE OR SCAM?
UPDATE YOUR FLASH PLAYER scam!! 11-24-19
The reason why the architects of this trickery have added the Flash Player to the mix of their shenanigans is probably because it’s a commonly used program trusted by most users. The caveat is that a completely different piece of code is camouflaged as the explicitly stated software. This part of the incursion is usually isolated to the web browser, although there are rare cases where the misguiding popups appear when the browser is closed. The virus manifests itself through random redirects to a site that instantly displays a popup alert saying, “Adobe Flash Player is out of date”. Meanwhile, a prompt at the top of the page layout may wrongfully emphasize that “Latest version of Adobe Flash Player is required to encode and/or decode (Play) audio files in high quality”. Everybody likes quality multimedia content, so a lot of users end up falling for this trick.
In all of these adverse situations, those who pay attention to detail will notice that there is something wrong with such a recommendation. First off, the URL of the website that generates these Adobe Flash Player update popups is a giveaway. Obviously, it has nothing to do with the genuine vendor, being clearly designed to mimic the legit update workflow. Furthermore, despite the fact that the alerts may provide a button to opt out, such as “Later” or “Cancel”, clicking it isn’t likely to close the dialogs for more than a few milliseconds. The pre-configured website script will relaunch the ads, so the victims may have to force quit Safari, Chrome, Firefox – or whatever browser is infected – to get the bogus notifications out of the way.
A whole new attack mechanism with the fake Adobe Flash Player update popups at its core is distributing an emerging Mac threat codenamed Tarmac. Also known as OSX/Tarmac, this infection relies on another type of harmful code called OSX/Shlayer. The latter is a notorious Mac Trojan whose objective is to set large-scale malvertising schemes in motion. Its original entry point is a phony alert about an out-of-date version of the Flash Player. Once inside, it reaches out to the Command and Control server and downloads a copy of Tarmac onto the host. The second-stage malware is code signed and leverages RSA encryption to camouflage the fishy gist of its payload, which allows the pest to fly below the radar of quarantine-aware software running on the Mac. As soon as OSX/Tarmac is launched, it attempts to elevate its privileges on the machine by generating a dialog that says, “Player wants to make changes”.
This popup asks for the administrator’s username and password, making it look like the request comes from Adobe Flash Player. Even if the victim is prudent enough to refrain from entering the credentials, Tarmac continues to run with fairly high permissions.
Just like Shlayer, it can easily connect to its C&C server and download arbitrary code from it, such as rogue system utilities, adware, or even Mac ransomware. This recently discovered tandem of dangerous programs relying on counterfeit Flash Player update ads demonstrates that the campaign is evolving and assuming more unsettling characteristics. …
.........................................................................................
10-2-19 As per John Dee from macsecurity.net, the Bing redirect program gains access to a computer system as a third-party app. This occurs when users download applications from unknown developers and do not pay attention to all steps of the installation wizard....Often, the Bing redirect program is considered to be a virus even though it is not malicious. It is a browser hijacker. The Bing redirect program is created for advertising purposes. It generates pay per click revenue for its creator. It is not meant to cause serious harm to the computer. For its aggressive online advertisements, the Bing redirect program is categorized as adware. Again, it is not illegal and does not perform any espionage, data theft, fraud, or data corruption. https://www.techtimes.com/articles/245559/20191002/how-to-remove-bing-redirect-from-mac-computers.htm
.......................................
No comments:
Post a Comment