Unfortunately, Apple delayed the elimination of serious vulnerabilities in macOS Mojave, which allows you to bypass the Gatekeeper — apparently, cybercriminals started actively exploiting this gap in real attacks. About this experts warn company Intego.
Not surprisingly, all this came after PoC code was published last month. As a result, cybercriminals had to do a minimum of work to equip your campaign with the appropriate exploit.
According to researchers at Intego, last week managed to find four instances of malware for macOS on VirusTotal. They all used the vulnerability to bypass GateKeeper and execute malicious code in the system macOS.
The vulnerability allows to avoid any notification of the user, so the process of system infection goes unnoticed.
The malware used in these attacks, received a metal “OSX/Linker”. Experts believe that the malware is still under development, and currently just “driven around” with criminals.
This is indicated by the specific behavior of malware — it won’t load in the attacked system with additional malicious programs.
“One of us discovered a file signed with an Apple Developer ID. This partly can serve as proof of borrowing techniques from adware OSX/Surfbuyer”, the analyst writes Intego Joshua long blog.
Recall that in late may the details of an unpatched vulnerability in the system macOS 10.14.5 (Mojave) and earlier appeared in the Network. Using this security problem, an attacker can execute arbitrary code without any user interaction.
Read more •••