Search This Blog

Showing posts with label Mac OS. Show all posts

'InterPlanetary Storm' Botnet Now Targeting MAC and IoT Devices


First discovered in 2019, the InterPlanetary Storm malware has resurfaced with a new variant targeting Mac and Android along with Windows and Linux machines, as per the findings by researchers at IT security firm, Barracuda Networks.

The malware is known as ‘InterPlanetary Storm’ as it makes use of InterPlanetary File System (IFES) peer-to-peer (p2p) network - using a legitimate p2p network makes it difficult to identify the malicious traffic because it gets intermixed with legitimate traffic. The malware targets Windows machines and lets the attacker execute any arbitrary PowerShell code on the compromised systems.

“The malware detects the CPU architecture and running OS of its victims, and it can run on ARM-based machines, an architecture that is quite common with routers and other IoT devices,” the researchers noted.

The earlier versions of the Interplanetary Storm malware that surfaced in May 2019 compromised Windows-based devices, however, by June 2019; the botnet could also infect Linux machines. The new versions with add-on capabilities attempt to infect machines via a dictionary attack, it’s a form of brute force attack technique that involves breaking into a password-protected system by systematically guessing passwords. The most recent version detected in August is configured to infect Mac along with IoT devices like televisions running the Android OS, as per a report published on Thursday by Barracuda Networks.

In the report, Erez Turjeman, a researcher with Barracuda, says, "The malware detects the CPU architecture and running OS of its victims, and it can run on ARM-based machines, an architecture that is quite common with routers and other [internet of things] devices.” "The malware is called InterPlanetary Storm because it uses the InterPlanetary File System (IPFS) p2p network and its underlying libp2p implementation," the report further notes.

"This allows infected nodes to communicate with each other directly or through other nodes (i.e., relays).”

The malware was found building a botnet that has infected approximately 13,000 devices in 84 different countries worldwide including the U.S., Brazil, Europe, and Canada. However, the majority of targets were based in Asia constituting a total of 64%. Infections found in South Korea, Taiwan, and Hong Kong amounted to a total of 59%. Russia and Ukraine constituted 8% to the total and United States and Canada did 5%. Rest, China and Sweden constituted 3% each.

Alert! Your Mac maybe under threat - SHLAYER MALWARE attacks every 10th Mac OS


The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous security threat.


Kaspersky reports that Macs have become a hot target for a dangerous malware - SHLAYER, been active for two years this malware-infected 10 percent of MacOS, affecting more than one in ten users.

“The Shlayer Trojan is the most common threat on macOS,” Kaspersky Labs reported on Jan 23, 2020. The users from France, Germany, the United States, and the United Kingdom become the top target of Shlayer in 2019.

As for what is Shlayer, Seals said, "Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code...Its main purpose is to fetch and install various adware variants. "These second-stage samples bombard users with ads, and also intercept browser searches in order to modify the search results to promote yet more ads."

As per the report by Kaspersky, after the malware is installed on the system it displays chains of advertisement, recovering advertisement revenue and slowing your Mac. “The macOS platform is a good source of income for cybercriminals,” warns Kaspersky. However, “the most widespread threats are linked to illicit advertising,” reassures the report.

Hides behind fake updates

The malware enters your system through fake flash updates, fooling the victim into installing the update and paving the way into your Mac. Many illegal streaming websites are filled with these fake updates. You may have encountered streaming websites asking for flash updates before playing the video, this malware hides behind such adverts.

"Our statistics show that the majority of Shlayer attacks are against users in the U.S. (31%), followed by Germany (14%), France (10%), and the UK (10%). This is wholly consistent with the terms and conditions of partner programs that deliver the malware, and with the fact that almost all sites with fake Flash Player download pages had English-language content", Kaspersky reports.

These fake updates could also be present on some legitimate websites, so be careful while downloading any updates.