A destructive Home windows EXE file can even infect your Mac computer as well.
Yes, you heard me correct — a .exe malware on macOS.
Protection researchers at antivirus organization Development Micro have discovered a novel way hackers are applying in the wild to bypass Apple’s macOS safety protection and infect Mac desktops by deploying malicious EXE files that typically run only on Windows computers.
Researchers observed several samples of malicious macOS application (.dmg) masquerading as installers for well-known software program on a torrent web-site that features an EXE application compiled with Mono framework to make it suitable with macOS.
Mono is an open up source implementation of Microsoft’s .Web Framework that enables builders to produce cross-platform .Net applications, which perform across all supported platforms, like Linux, Home windows and Mac OS X.
Usually, functioning any Home windows executable benefits in error on macOS units, and its created-in defense mechanisms these as Gatekeeper also skips scanning .exe documents for any malicious code.
“This regime evades Gatekeeper because EXE is not checked by this computer software, bypassing the code signature examine and verification considering the fact that the know-how only checks indigenous Mac data files,” Development Micro explained in a blog put up posted Monday.
The bogus installer analyzed by the scientists promised to install the Minimal Snitch firewall application, but also will come bundled with mono-compiled concealed payload, developed to accumulate and deliver procedure information about the targeted Mac personal computer to a distant command-and-command server controlled by the attackers.
At the time put in, the exe malware then also downloads and prompts customers to install various adware apps, some of which disguise as authentic variations of Adobe Flash Media Player and Minimal Snitch.
For the duration of their evaluation, the researchers located “no unique attack sample” involved with the malware, but their telemetry showed that the optimum figures for bacterial infections existed in the in the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States.
Curiously, the protection researchers could not get the identical destructive EXE file to operate on Windows—attempting to run the file on Home windows resulted in an error, which means that this malware has been created to goal macOS consumers especially.
“At this time, working EXE on other platforms could have a more substantial influence on non-Windows methods these as MacOS. Commonly, a mono framework installed in the system is essential to compile or load executables and libraries,” researchers discussed.
“In this case, nonetheless, the bundling of the files with the explained framework becomes a workaround to bypass the programs given EXE is not a recognized binary executable by MacOS’ protection functions. As for the indigenous library discrepancies amongst Windows and MacOS, the mono framework supports DLL mapping to assistance Home windows-only dependencies to their MacOS counterparts.”
The finest way to secure oneself from becoming a sufferer to these kinds of malware is to steer clear of downloading apps, resources, and other files on your computer systems from torrent internet sites or any untrusted supply.