Apple updates macOS’ XProtect to block ‘Windows’ malware files: Report

By Digit NewsDesk | Published on Apr 25 2019
Apple updates macOS’ XProtect to block ‘Windows’ malware files: Report
HIGHLIGHTS

Apple release update to plug vulnerability in macOS.

A Windows .exe file was found that used to run on macOS using the Mono .NET framework and drop Malwares.

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

Apple has reportedly updated the macOS’ built-in antivirus software XProtect to include signatures that detect Windows PE files and Windows executables that can run on Macs by utilising the Mono .NET framework. Citing mac security expert Patrick Wardle, Bleeping Computer reported that two new signatures were released on April 19 that, when used together, can detect adware bundles that contain Windows executables that can run on macOS.

“These two new signatures are called ‘PE’, which detects Windows PE files, and ‘MACOS.d1e06b8’, which is used to detected a specially crafted Windows executable that can run on Macs,” the tech news platform reported. Initially, Japan-based cybersecurity firm Trend Micro found .exe files (executable files) delivering malicious payload on macOS. The highest number of infections were seen in the UK, Australia, Armenia, Luxembourg, South Africa, and the US.

The malware utilizes a Mac installer to execute Windows executables using the Mono .NET - a cross-platform framework that allows C# programmes to run on Windows, Macs, and Linux. These malware samples would extract a Windows executable file named Installer.exe that, once run, would contact remote servers to download “offers” to install. “These offers could be unwanted browser extensions, adware, miners, and password stealing Trojans,” Bleeping Computer said.

What’s interesting is that although these files are Windows executables, they won’t be able to run on Windows. The reason for this is that these adware bundles attempt to load the Mac Mono framework libraries, which are not available in Windows.

This is not the first time that a vulnerability has been found in macOS. In February, an 18-year-old German, Linus Henze, discovered a vulnerability that used to leave users’ saved passwords exposed to hackers. This reportedly included passwords saved in the iCloud Keychain or even passwords to banking websites, social networking websites, email websites and streaming services like Netflix, Amazon and more.

logo
Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.