Apple updates macOS’ XProtect to block ‘Windows’ malware files: Report

By Digit NewsDesk | Updated 26 Apr 2019
Apple updates macOS’ XProtect to block ‘Windows’ malware files: Report
  • Apple release update to plug vulnerability in macOS.
  • A Windows .exe file was found that used to run on macOS using the Mono .NET framework and drop Malwares.

Apple has reportedly updated the macOS’ built-in antivirus software XProtect to include signatures that detect Windows PE files and Windows executables that can run on Macs by utilising the Mono .NET framework. Citing mac security expert Patrick Wardle, Bleeping Computer reported that two new signatures were released on April 19 that, when used together, can detect adware bundles that contain Windows executables that can run on macOS.

advertisements

“These two new signatures are called ‘PE’, which detects Windows PE files, and ‘MACOS.d1e06b8’, which is used to detected a specially crafted Windows executable that can run on Macs,” the tech news platform reported. Initially, Japan-based cybersecurity firm Trend Micro found .exe files (executable files) delivering malicious payload on macOS. The highest number of infections were seen in the UK, Australia, Armenia, Luxembourg, South Africa, and the US.

The malware utilizes a Mac installer to execute Windows executables using the Mono .NET - a cross-platform framework that allows C# programmes to run on Windows, Macs, and Linux. These malware samples would extract a Windows executable file named Installer.exe that, once run, would contact remote servers to download “offers” to install. “These offers could be unwanted browser extensions, adware, miners, and password stealing Trojans,” Bleeping Computer said.

What’s interesting is that although these files are Windows executables, they won’t be able to run on Windows. The reason for this is that these adware bundles attempt to load the Mac Mono framework libraries, which are not available in Windows.

advertisements

This is not the first time that a vulnerability has been found in macOS. In February, an 18-year-old German, Linus Henze, discovered a vulnerability that used to leave users’ saved passwords exposed to hackers. This reportedly included passwords saved in the iCloud Keychain or even passwords to banking websites, social networking websites, email websites and streaming services like Netflix, Amazon and more.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

windows updates error
chunkila
May 20, 2016
Responses
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements