iTerm2 has some great features like auto updates, unlimited history. 30, Trend Micro researchers found that the malware campaign also offers corrupted macOS versions of Microsoft Remote Desktop, the SecureCRT terminal emulator and the Navicat database administration tool. iTerm2 is a powerful alternative for the Terminal application that comes with Mac OS X. In an analysis of the iTerm2 Mac Trojan (opens in new tab) posted Sept. Update: Microsoft also spoofed by Mac malware Apple has revoked the developer certificate used to sign the fake iTerm2 installer, the fake iTerm2 site is now offline, Baidu has removed the poisoned results from its search engine and about a dozen of the best Mac antivirus programs now recognize the fake installer as malware.īut it wouldn't take much for the criminals behind this to replicate their methods with another website, another corrupted Mac app and another Mac developer license, which costs just $99. Wardle wasn't able to completely dissect this piece of malware, so he's not quite sure what it does.īut he discovered that the server where it resides has been flagged as hosting a pirated copy of Cobalt Strike, a legitimate penetration-testing tool that criminals have cracked and repurposed for illicit means.Īs Wardle noted, it's possible that this mysterious fake Google Update is actually a Cobalt Strike "beacon," a program that creates a hidden backdoor on a system for other Cobalt Strike users to find. The other piece of malware masquerades as a Google Update application and is downloaded from a different server. Includes ports to Terminal, Konsole, PuTTY, Xresources, XRDB, Remmina, Termite, XFCE, Tilda, FreeBSD VT, Terminator, Kitty, MobaXterm, LXTerminal, Microsofts Windows Terminal, Visual Studio, Alacritty - GitHub - mbadolato/iTerm2-Color-Schemes: Over 250 terminal color schemes/themes for iTerm/iTerm2. One of the two new pieces of malware is an information-stealer that profiles the Mac it's running on, steals the user's Keychain database (containing passwords and other sensitive data), and packages all the data in a Zip file before sending it back to the same server from which the information-stealer is downloaded. Over 250 terminal color schemes/themes for iTerm/iTerm2. There's a little something extra in the fake iTerm2 app - a "downloader" that itself reaches out to an online server and installs at least two more strains of malware. (The real iTerm2 app is notarized.) But even though a Mac will notify a user that an app hasn't been notarized, the user can still choose to install it. The fake app wasn't "notarized" with an extra security badge that Apple grants apps it has verified to be trustworthy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |