Search This Blog

Showing posts with label macOS. Show all posts

Malware creators producing more dangers to mac-OS


Illegal affair in Mac operating system proceeds to increase, with malware makers producing out bugs that aim users of the popular operating system Apple. Discovered by Trend Micro as 'backdoor.macOS.nukespeed,' a new modification of a Mac backdoor is associated with the cyber-criminal club Lazarus, which was recently infamous for targeting Korean organizations with a crafted MS Excel spreadsheet.


Connections to a first Lazarus routine- 

A malicious sample that was discovered by a twitter user named cyberwar_15 was analyzed, and the experts found that the virus used an embedded excel sheet to target the user. This kind of attack is similar to the one which was conducted by the Lazarus group. But, contrary to the earlier hack which includes many routines based on the Operating system the Excel sheet is running on, the embedded macro in this catalog will simply work a PowerShell text that joins to 3 C&C servers, established by the group Lazarus.

The Mac package also holds fake and genuine Flash Players- 

Aside from the examined specimen, Qianxin Technology and @cyberwar_15 also found an inhospitable Mac application package doubted to be connected to the crime as it yields alike C&C servers with crafted spreadsheets. But, this is merely a bait as the original flash player file is carried as a concealed Mac OS catalog. The package holds 2 adobe flash player files, one being a genuine version while the other a fake version named as 'trojan.macOS.nukesped.b.' The application will operate on the micro-size flash player file as its primary actor, which is the fake variant that simply acts as an 'adobe flash player'. To hide the malicious hacking activity, the virus runs the genuine flash player to do the trick.

Conclusion- 

In contrast to Lazarus’ previous method that used macros to install a backdoor Mac file for the backdoor entry, the examples examined by TrendMicro show that hacks like these use a fake application as a decoy to run along with the malicious macOS attacks. The criminal groups like Lazarus have become a threat to cybersecurity, Lazarus has been expanding its reach of intervention by various programs.

Libreoffice Users Receiving Security Warnings While Installing Macos 10.15 Catalina


Users of the open-source office productivity software LibreOffice have reported keeping running into numerous security warnings when installing the app on the newly released macOS 10.15 Catalina.

It was during the public beta for macOS Catalina that some LibreOffice users observed that Apple's GateKeeper warnings were competent enough to scare off many users.

Despite the fact that Apple had cautioned macOS designers in June that all Mac applications that are marked with a Developer ID would likewise be 'notarized' by Apple and furthermore guaranteed this would empower a "more streamlined Gatekeeper interface" when users download macOS applications from the web.

While LibreOffice version 6.2 was not authorized, the most recent 6.3 version evidently has been. Be that as it may, as per LibreOffice, users are as yet getting the GateKeeper alert with the extra notice that "macOS cannot verify that is app is free from malware”.

"Although we have duly followed the instructions when users launch LibreOffice 6.3.x – which has been notarized by Apple – the system shows the following scary message: 'LibreOffice.the app cannot be opened because the developer cannot be verified', and provides only two options: Move to Bin (delete) and Cancel (revert the operation, i.e., do not run LibreOffice)," writes LibreOffice's Italo Vignoli.

LibreOffice anyway suggested a couple of ways through which the users can without much of a stretch 'bypass' the message. With respect to Apple's notarization, app developer Jeff Johnson has clarified that the key security benefit originates from the necessity that developers utilize their Apple ID and password for their developer account to submit the application to Apple for legal approbation.

Along these lines, the attacker would need to 'compromise' both a signing certificate and the developer's Apple ID in order to distribute the malware.

Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.

Apple to shut down iTunes




Apple has officially confirmed that they are now shutting down their 18-year-old iTunes music library and replacing it with three new different apps. 

The firm revealed it will be launching three newer entertainment apps Apple Music, Apple Podcast, and Apple TV. 

The users of iTunes music should not worry as they will still have access to their existing music library. 

“Users will have access to their entire music library, whether they downloaded the songs, purchased them or ripped them from a CD,” reads a press release.

The customer’s music library would be automatically transferred to Apple Music, audiobooks and podcasts would be shifted to Apple Podcast, and videos will be stored in the Apple TV app. 

However, users using any other operating system rather than a Mac, will not be able to download the latest three apps, and for them, iTunes Music would be still available. 


This WWDC 2019 Its iOS 13, macOS Catalina, And More



At its Worldwide Developers Conference (WWDC) 2019 event Apple disclosed the 'next variant' of its operating system for Macs dubbed as macOS Catalina.

Being quite a progressive upgrade over the macOS 10 Mojave operating system and will be made accessible to eligible Mac users in fall 2019 while the public beta for macOS Catalina is scheduled to arrive in July 2019.

The expansion of the cross platform applications under Project Catalyst is a component that was first presented with macOS Mojave and iOS 12 for the organization's own applications and is considered as one of the biggest one.

Through iOS 13 and, Apple will now enable its developers to use this element for testing their very own applications for compatibility.



Aside from the introduction of macOS Catalina, Apple additionally displayed its new 'Find My' app likewise to be made accessible to iOS. The 'Find My' app incorporates yet another network feature system with the assistance of which consumers can track their Apple devices notwithstanding when they are not connected with the internet.

As a piece of the company's new cross platform application initiative, a large number of new and upgraded applications, including Apple Music, Podcasts, Books, TV and Reminders have likewise been brought into highlight.

While the music and TV apps are the new ones, the podcasts, Books and Reminders apps are simply overhauled. The Music app is known to have been supplanting iTunes, which has been being used for a long time now.

Notwithstanding this, the other updations made by Apple incorporates features like Sidecar, RealityKit and the Swift UI.

While the Sidecar is introduced with macOS Catalina, with the capacity to send any app to an external display, which includes connected monitors and iPads. The RealityKit feature accessible in Apple's AR Kit 3 can be accessed by developers within Xcode and numerous apps like Minecraft have already begun utilizing it.

Finally the Swift UI feature is the successor to the Swift code language Apple presented a couple of years prior, this element makes it a lot simpler for the developers to code apps for the majority of Apple's platforms and the X code -preview highlight displays how the apps will look like, in real life.