![]() ![]() ![]() After this, it tries to establish a second connection to a malicious Web server. The primary piece of information it sends is the serial number of the device. However, most people would not notice this.Once a user implements and installs the suspicious iTerm.dmg app, they end up receiving a working copy of the app, which passed the Gatekeeper check and installed just fine because it was digitally "signed" by an Apple developer and wasn't flagged by any antivirus software as malicious. The main purpose of this malware is to establish a connection with a remote web application and send some data regarding the victim. So far, on the user's screen everything seems normal – the only noticeable red flag is the slightly different domain name. Mac users who attempt to install iTerm from the fake website are directed to a 3rd-party hosting service, which fetches the file iTerm.dmg. Currently, the attackers are only targeting the Chinese Baidu search engine but it would not be a surprise if they attempt to expand their operation in the near future. Attackers are distributing iTerm2 malware through sites that mimic the original iTerm2 website. The malware dubbed ‘OSX.ZuRu’ poses as the legitimate macOS tool called iTerm2. Chinese cybersecurity researcher has discovered a new strain of malware that spreads via "poisoned" search-engine results. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |