Security watchers have spotted a shareware scam targeting Apple users that features malicious code signed with a legitimate Apple developer certificate.
The dodgy software poses as an Adobe Flash update, typically presented to potential marks as a pop-up reminder.
Those who fall for the ruse will end up unwittingly downloading and running a bogus version of Adobe Flash that actually infected their system with scareware.
A genuine version of Adobe Flash is downloaded in the background onto Macs alongside the malware – presumably in an attempt to appear more legitimate to any user who begins to suspect something is amiss.
But the malware component of the downloads will soon start warning about fictitious security problems in a bid to trick victims into buying dodgy software. Compromised Macs may also get loaded with malicious browser extensions.
The developer certificate (assigned to a Maksim Noskov) has yet to be revoked by Apple, according to an alert by Johannes Ullrich of the SANS Institute’s Internet Storm Center.
The signing aspect of what’s still essentially a social engineering-based attack means that the malicious code will bypass protections offered by OS X Gatekeeper, Apple’s built-in security technology. The malicious code will not install itself automatically as soon as a potential victim strays onto a dodgy website.
Mac security specialist firm Intego warns that the installers in play as part of the attack might easily change, so that crooks might easily switch to using a different bait (perhaps posing as either freeware, shareware or an open source tool). Security firms already detect the malware in play but it’d be foolish to rely on that alone.
Computer users in general should see the incident as a lesson that they are far safer getting software updates from software developers directly. “Help” from random third-party sites in getting software updates is best ignored, and this goes for Windows fans as much as Mac users.
Scareware has become a problem of late on Macs but it’s a far bigger issue on Windows PCs – or, at least, it was, up until ransomware took over as an even more potent threat. Scams that rely on scrambling the files of compromised machines before extorting victims into paying up seem quaint, a relic of a civil era of malware slinging.
Nonetheless, scareware, the automated cousin of the tech support scam, remains an all too real problem. ®
Building secure multi-factor authentication