SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1944
A researcher has conducted a detailed analysis of the two pieces of Mac malware delivered recently by threat actors to cryptocurrency exchanges via two Firefox vulnerabilities.
Updates released by Mozilla last Tuesday and Thursday for Firefox addressed two actively exploited vulnerabilities. The flaws, CVE-2019-11708 and CVE-2019-11707, allow an attacker to remotely escape the sandbox and execute arbitrary code.
The macOS malware delivered to Coinbase and other organizations involved with cryptocurrencies has been analyzed in detail by Patrick Wardle, a researcher who specializes in the security of Apple products.
Wardle has obtained samples of the malware and performed an analysis of their installation routines, persistence mechanism and capabilities.
[...] Despite the fact that both malware samples have been used in high-profile attacks, they still have fairly low detection rates on VirusTotal at the time of writing (Netwire, Mokes). On the other hand, that does not necessarily mean that advanced cybersecurity products would not detect them once they landed on a machine. Furthermore, Apple's XProtect system can detect the Netwire sample based on a Yara signature added by the company in 2016 for an older version of the malware.
Security researcher Vitali Kremez has found some links to previous campaigns, along with some evidence suggesting that Windows malware may have also been delivered in the recent Firefox attacks.
Source: https://www.securityweek.com/mac-malware-delivered-firefox-exploits-analyzed
(Score: 2, Funny) by Anonymous Coward on Wednesday July 03 2019, @12:55AM
Macs don't have viruses, because they come with unbeatable cyber security features enabled.