Disguised as a Windows executable file, a new MacOS malware has been found by experts within an installer for a firewall and network monitor, which has been named “Little Snitch.” The .ZIP files were able to be downloaded from numerous torrent sites. Experts stated, “By default, attempting to run an EXE file on a Mac or Linux OS will only show an error notification. However, we found EXE files in the wild delivering a malicious payload that overrides Mac’s built-in protection mechanisms such as Gatekeeper. This routine evades Gatekeeper because EXE is not checked by this software, bypassing the code signature check and verification since the technology only checks native Mac files.” The malware is able to collect information from the system including ModelName, ModelIdentifier, ProcessorSpeed, ProcessorDetails, NumberofProcessors and then send them back to the C&C server. PUAs are then downloaded by the malware which could include adware disguised as Adobe Flash and a flawed version of Little Snitch. Infections were seen all over the world, specifically the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States. It seems as if this is a study being ran by malware authors to find new methods of spreading the malware.
Analyst Notes
Users should use caution when downloading anything from the internet that is found for free or that they do not one-hundred percent trust downloading for free. Users should take a close look at all the documents that come with the download and be wary of any unsolicited documents within the download.
