Saturday, November 28, 21:29
Home security Malicious Windows EXE files infect macOS users

Malicious Windows EXE files infect macOS users

exeSecurity researchers have discovered many Windows EXE files that use malicious payloads to infect users MacOS with infostealers and adware.

Η Trend Micro found an adware specimen hidden in an installation program for the Little Snitch Firewall app for Windows and Mac, which is available for download from various torrent sites. The sample was able to bypass Mac's Gatekeeper, as this built-in protection mechanism does not perform code signature checks, nor does it otherwise verify EXE files on computers running MacOS.

Inside a ZIP file, downloaded from torrent sites, there is a DMG file that hosts the Little Snitch installer. This installer hides an EXE file that loads an infostealer into the computer. The malware then collects basic system information, such as Memory, BootROMVersion, and SMCVersion, and scans the application directory for installed applications, such as the App Store, FaceTime, and Mail. After completing these steps, the malware sends all its findings to its command-and-control (C&C) server.

In addition, the executable file is able to download many other files from the internet. These files, in turn, download adware and other potentially unwanted applications.

Bridging Windows and MacOS with malware

These files are not the only case of a digital threat between Windows and MacOS. In May of 2017, for example, Fox-IT has identified a Mac OS X version of Snake malware, which is traditionally targeted at the Windows platform. Less than a year later, security researcher Patrick Wardle of Objective-See unveiled CrossRat, a flexible threat capable of targeting Windows, MacOS, and Linux machines.

In some cases, researchers have even noticed attack campaigns that distribute separate threats targeting Windows and Mac computers. Microsoft security researchers have been faced with such a case of 2011, which included Olyx backdoor and other Windows malware.

How to protect yourself from malicious .exe files

Security professionals can help protect you from EXE files by creating security policies that restrict the types of sites from which users can download apps. They can apply this policy to a wider application approval framework, through which security teams follow a logical sequence for downloading / reviewing applications and ensuring unification of suppliers. At the same time, security professionals should implement user activity analyzes in a long-term data repository to adequately protect corporate data from digital threats such as infostealers.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


How to choose which extensions will appear in the Edge toolbar

Extensions to Microsoft Edge can make your browser more useful. But sometimes you may not like it ...

COVID-19 vaccines: North Korea hacks drugs

South Korea, to be precise, its intelligence service, has thwarted North Korea's efforts to invade South Korean companies ...

Drupal: Security updates to deal with exploits

The developers of the Drupal content management system (CMS) have released emergency security updates due to the availability of some exploits, which can put in ...

How to disable "Get even more out of Windows" in Windows 10

Does it bother you that "Get even more out of Windows" appears every time you update to Windows 10? May be...

The US military is investigating "telepathic" communication technology

The U.S. Army Research Bureau is funding a new study on how brain signals could ...

Canon acknowledged the ransomware attack in August

About three months later, Canon publicly confirmed the ransomware attack it suffered in early August, which affected servers ...

Hackers love expired domains

Sometimes, website owners do not want to continue to have a domain name and allow it to ...

Word: How to add the same text to multiple documents with one link

Microsoft Word makes it easy to add the same text to multiple documents. This is especially convenient for text with special formatting, the ...

Black Friday: Cybercriminals are monitoring your shopping

Due to the conditions that have emerged from the pandemic of COVID-19, the online shopping will be particularly high on Black Friday and ...

US fertility: Ransomware attack on the largest fertility network in the USA!

US Fertility, the largest fertility network in the US, announced that some of its systems were encrypted in an ransomware attack that ...