vendredi 29 mai 2015

Adware makers turn their sights on OS X

Adware

Hot on the heels of news that OS X topped the vulnerabilities charts in April comes Dr. Web's virus activity review for May which shows increasing quantities of adware and unwanted applications targeting the Apple operating system.

The company reports several programs aimed at OS X that either install adware, install other applications or inject JavaScript code into webpages.

Adware.Mac.InstallCore.1 cannot only install unwanted programs on the user's computer but also change the browser home page and the search engine used by default. The program incorporates debugging functions too -- once launched, it scans the system for the presence of virtual machines, anti-virus tools, and some other applications. If the scan returns positive results, the malware will not prompt the user to install additional programs.

Adware.Mac.WebHelper can be launched automatically with the help of PLIST (Property List) files. The application can modify the home page in Chrome, Firefox, and Safari. It can also change the default search engine to my-search-start.com. It contains a binary file that executes two AppleScripts (for Chrome and Safari) in an infinite loop. These scripts inject a JavaScript code into webpages browsed by the user. Running of this code, in turn, results in downloading other JavaScripts that display adverts in the browser window.

There's similar functionality in Mac.Trojan.Crossrider which is distributed in the guise of an installation package (Safari Helper). Crossrider trojans may be familiar to Windows users but this variant specifically targets Apple systems. Running it triggers a stealthy installation of the FlashMall extension for Safari, Chrome, and Firefox. It also adds two applications to the system startup list: "WebSocketServerApp" and "Safari Security". The first is responsible for communication with the command and control server and the second one installs browser extensions. In addition the malware modifies the startup scripts for the browser extensions to be updated in the future.

Apple users may like to know they're not the only ones that are coming under attack. Linux.Kluh.1, developed by a Chinese hacker group, infects routers with the purpose of launching DDoS attacks. Linux.Iframe.4 is a malicious plug-in for the Apache web server that injects code into web pages browsed by users redirecting the victim to the web page run by cybercriminals.

Trojans continue to be the big threat to Windows systems with an overall increase of 14.9 percent in the amount of malware and riskware detected in May. Android users aren't safe either with an increase in numbers of banking and SMS trojans as well as the emergence of new ransomware.

There's been a big increase in malicious websites too with 221,346 URLs being added to Dr. Web's database in May. Many of these use social engineering techniques like sending bulk SMS messages informing the recipient that they have won a car. The message contains a link to a wesbite which tries to get visitors to part with their financial details.

More information on these and other threats is available on the Dr. Web site.

Photo Credit: Stephen Finn/Shutterstock



Aucun commentaire:

Enregistrer un commentaire