Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Desktops (Apple) Technology

Scareware Signed With Apple Cert Targets OS X Machines (threatpost.com) 39

msm1267 writes: A unique scareware campaign targeting Mac OS X machines has been discovered, and it's likely the developer behind the malware has been at it a while since the installer that drops the scareware is signed with a legitimate Apple developer certificate.

"Sadly, this particular developer certificate (assigned to a Maksim Noskov) has been used for probably two years in similar attacks," said Johannes Ullrich, dean of research of the SANS Institute's Internet Storm Center, which on Thursday publicly disclosed the campaign. "So far, it apparently hasn't been revoked by Apple."

This discussion has been archived. No new comments can be posted.

Scareware Signed With Apple Cert Targets OS X Machines

Comments Filter:
  • by ColdWetDog ( 752185 ) on Friday February 05, 2016 @06:19PM (#51449939) Homepage

    Turns out that it does install an updated version of Flash. Now that is scareware.

  • by Anonymous Coward

    So far, it apparently hasn't been revoked by Apple.

    Why the fuck not? It's not like this Maksim guy has legit software sitting on millions of Macs and revoking his cert would cause massive headaches for anyone. There's no excuse to let a known compromised certificate remain active for 2 years.

    • by jrumney ( 197329 )
      You mistakenly believe that signed software is promoted by the large software companies for reasons of security. It is not, it is so they can act as gatekeepers and extract a tithe from the peasantry.
      • Signing software prevents it from being surreptitiously tampered with by a third party. Other platforms do not require you to purchase a developer certificate from them - this is specific to Apple and it's walled garden (or other closed stores and platforms). Don't conflate whatever issues you have with closed ecosystems and the security benefits of signed software in general! That's as flawed as blaming encryption because bad actors might use it to avoid being snooped on by law enforcement.

        • You are not forced to sign Apps on Macs either.

          My Apps run quite fine without signing. I only can not sell them via the App-Store, which I could not anyway as my Apps are all written in Java.

  • If Apple doesn't revoke it, shouldn't it be possible to configure individual machines to revoke such certificates once they're known? Or is that secured against lest someone start putting out malware that installs local revocations of others' certificates, such as one's competitors or anti-malware developers' certificates?

  • by Lumpy ( 12016 ) on Friday February 05, 2016 @06:51PM (#51450139) Homepage

    Use a good browser plugin or some good backend rules, but block every single advert out there. That stops the "OHHH YOU GOTTA INSTALL THIS" vector that fools clueless visitors into downloading and running the trojan.

    Good people install adblocking on every single computer they touch. Bad people allow ad's from websites.

    Dear web admins.... WAHH. If you cant vet and host your ads yourself to make sure they are safe, you dont DESERVE your ad's to make it through.

  • by lkcl ( 517947 ) <lkcl@lkcl.net> on Friday February 05, 2016 @09:01PM (#51450787) Homepage

    i have a friend who called me to say that their computer had had the default browser search settings changed to some adware. so i checked the instructions on how to remove it, only to find that the settings shown in the screen-shots *weren't there*. turns out that inspection of the timestamps on the filesystem, the phishing-malware had *replaced* legitimate system libraries, which enabled them to disguise the malware and prevent its own removal. it was necessary for us to go round some friend's houses, drop the macbook into single-user mode and copy over replacement files from an identical copy of macosx.

    now, this is the first time i've ever dealt with macosx viruses, but i was surprised that it was so easy for my non-technical friend to be fooled by a phishing attempt which scared her with the "you have 2,500 viruses do you want us to fix it?" tactic. as a purely software-libre end-user for the past 20 years, all i can say is, "welcome to the monoculture world, apple. your false sense of security myth is well and truly over, and you have a hell of a lot of catching up to do".

    • by Anonymous Coward

      Not a virus; trojan horse.

    • by Anonymous Coward

      El Capitan does not allow replacement of system libraries at all, even with root access; was your friend running an older OS X?

  • Perhaps I've missed some items that would give me a different opinion, but it seems to me that the ubiquitous "Timothy" loves stories that screw Apple almost as much as he loves stories alleging Windows 10 isn't as much of a privacy nightmare as sensible people know it is.

"It doesn't much signify whom one marries for one is sure to find out next morning it was someone else." -- Rogers

Working...