Jump to content

Recommended Posts

Hello!

 

I downloaded several video files from uploading site using Safari. Bunch of Mackeeper or something like that ads popped up, but I shut them down. Videos played nice and were exactly what I expected them to be. Though I deleted them later.

 

1) It's highly unlikely that something malicious would have followed in and if it did, Malwarebytes would have found it? Trojans and malware both fall under this app's detection capability? I also relied on Safari's file quarantine mechanism and it didn't give any warning when opening (though I did take them out from downloaded folder - not sure if quarantine warning appears if downloaded files are opened outside of download folder).

 

2) Also, I moved them to external hard drive, before deciding I really don't want them and deleting them from there as well. The likelihood of something slipping in and infecting external drive would be pretty impossible too I hope? So if I put other files from external hard drive to Mac's hard drive, it bringing infection would be unlikely? And if something does come, Malwarebytes would be plenty to find it? I only have image, video, music, text and pdfs there.

 

Link to post
Share on other sites

5 minutes ago, Beknholm said:

Hello!

 

I downloaded several video files from uploading site using Safari. Bunch of Mackeeper or something like that ads popped up, but I shut them down. Videos played nice and were exactly what I expected them to be. Though I deleted them later.

 

1) It's highly unlikely that something malicious would have followed in and if it did, Malwarebytes would have found it? Trojans and malware both fall under this app's detection capability? I also relied on Safari's file quarantine mechanism and it didn't give any warning when opening (though I did take them out from downloaded folder - not sure if quarantine warning appears if downloaded files are opened outside of download folder).

 

2) Also, I moved them to external hard drive, before deciding I really don't want them and deleting them from there as well. The likelihood of something slipping in and infecting external drive would be pretty impossible too I hope? So if I put other files from external hard drive to Mac's hard drive, it bringing infection would be unlikely? And if something does come, Malwarebytes would be plenty to find it? I only have image, video, music, text and pdfs there.

 

I'd also like to add, if Malwarebytes for Mac has any real time protection planned?

I am thinking about different AV apps to scan incoming files, but... Mac AVs are all so infamous. Maybe someone can advise if there are any good ones. I keep hearing about ClamXav, but the detection rate is said to be gone downhill. Is AVG perhaps any good?

Link to post
Share on other sites

Malwarebytes Anti-Malware for Mac does detect all kinds of malware, adware and PUPs (potentially unwanted programs). It should detect any such things that get installed on your computer.

External hard drives cannot be "infected," per se. There is no such thing as "autorun" viruses on the Mac as there are on Windows, for example. An external hard drive can contain malicious files, of course, but unless you open them they aren't active in any way, and there's no Mac malware that attempts to self-replicate and spread itself like a virus.

Regarding video download sites... all sites offering "free" download or streaming of commercial content (such as movies or TV shows) are pretty universally bad. They're illegal, and they exist only to lure people in and infect them with something. Sounds like you got lucky this time, but I wouldn't go back to such sites in the future. (The only exception to this rule are sites that offer streaming of content that they own for free, with ads. For example, streaming a TV show that airs on NBC via the NBC website is fine.)

Link to post
Share on other sites

46 minutes ago, treed said:

Malwarebytes Anti-Malware for Mac does detect all kinds of malware, adware and PUPs (potentially unwanted programs). It should detect any such things that get installed on your computer.

External hard drives cannot be "infected," per se. There is no such thing as "autorun" viruses on the Mac as there are on Windows, for example. An external hard drive can contain malicious files, of course, but unless you open them they aren't active in any way, and there's no Mac malware that attempts to self-replicate and spread itself like a virus.

Regarding video download sites... all sites offering "free" download or streaming of commercial content (such as movies or TV shows) are pretty universally bad. They're illegal, and they exist only to lure people in and infect them with something. Sounds like you got lucky this time, but I wouldn't go back to such sites in the future. (The only exception to this rule are sites that offer streaming of content that they own for free, with ads. For example, streaming a TV show that airs on NBC via the NBC website is fine.)

Thank you so much for answer!

That part about external hard drives was really good to know. And if I open malicious file, it can only harm Mac by asking to be run? And no image or video file does that so I'd know right away? I mean, if image files, video files or text files ACT like image files, video files and text files, then it means they are safe?

I  know... it is especially stupid because I always avoid them, but that one time, late at night, I got feverish and decided "I want to" because I laways keep tight check on my impulses. Regretted it few days later and cleaned everything, especially as I really didn't even need those clips.

It was https://openload.co/f/

Checked site checker and no one had any complaints. Looking back, I must have been too tried to not think this through...

https://safeweb.norton.com/report/show?url=https%3A%2F%2Fopenload.co%2F

 

 

 

Link to post
Share on other sites

15 minutes ago, Beknholm said:

Thank you so much for answer!

That part about external hard drives was really good to know. And if I open malicious file, it can only harm Mac by asking to be run? And no image or video file does that so I'd know right away? I mean, if image files, video files or text files ACT like image files, video files and text files, then it means they are safe?

I  know... it is especially stupid because I always avoid them, but that one time, late at night, I got feverish and decided "I want to" because I laways keep tight check on my impulses. Regretted it few days later and cleaned everything, especially as I really didn't even need those clips.

It was https://openload.co/f/

Checked site checker and no one had any complaints. Looking back, I must have been too tried to not think this through...

https://safeweb.norton.com/report/show?url=https%3A%2F%2Fopenload.co%2F

 

 

 

Sorry, I couldn't found edit button.

 

To dumb it down to my level. In Mac:

1) Even if those were malicious files, when I put them onto External Hard Drive and then deleted them from there, other files did not get infected and External Drive is clean?

2) Mac's malware or trojans don't infect their "neighbour" files? And to run one of those, it has to actually ask allowance? So even if something comes with download, attached to video file or hidden in it, it has to ask allowance to be run if it is malicious executive file? But as long as it is normal video file, it plays nicely and if it is malicious file to wants to make changes into system, Mac will ask user if user wants to let it run?

3) And as I used Safari the quarantine app, it should have notified me if there was something off with them, even if I did move the files out from download folder before opening them?

I'm just so used to Windows' "infected file on disk, everything else is also now corrupted, throw the disk away, you done for"...

Link to post
Share on other sites

Mac malware does not infect other files. It installs components when you open an installer, or "dropper," and then those components run in the background. No Mac malware at this time attempts to spread on its own or infect other files.

Quarantine works regardless of where the downloaded file is moved to. If it's an executable file, you'll get a quarantine warning of some kind when trying to open it the first time.

Link to post
Share on other sites

58 minutes ago, treed said:

Mac malware does not infect other files. It installs components when you open an installer, or "dropper," and then those components run in the background. No Mac malware at this time attempts to spread on its own or infect other files.

Quarantine works regardless of where the downloaded file is moved to. If it's an executable file, you'll get a quarantine warning of some kind when trying to open it the first time.

 

Thank you so much for taking your time and explaining it to someone as slow as me. It really means a lot to me to get clear answers I can't seem to find from official articles and forums!

Link to post
Share on other sites

On 9.12.2016 at 3:53 PM, treed said:

Regarding video download sites... all sites offering "free" download or streaming of commercial content (such as movies or TV shows) are pretty universally bad. They're illegal, and they exist only to lure people in and infect them with something. Sounds like you got lucky this time, but I wouldn't go back to such sites in the future. (The only exception to this rule are sites that offer streaming of content that they own for free, with ads. For example, streaming a TV show that airs on NBC via the NBC website is fine.)

I'm really embarrassed to bother You again, but I was reading Your fascinating article about RAT trojan and how shows .jar file extension while trying to pretend being legitimate file.

That reminded me Your comment, especially the bold one and gave me troubling question.

If suspicious download sites try to lure people in to infect them, is it done by using user's absent mindedness to make install malicious software while they really think it is video file for example?

Or are there Mac malware/adware/trojans, that can mask themselves with for example  .mp4  file extension and when user clicks, it already runs and/or installs something?

For example catvideo.mp4 is instead installer to malware/trojan?

Wouldn't there be some window asking about installing or can it just run/install without asking user's allowance?

 

Or is there a possibility user downloads a video.mp4, clicks on it, video plays normally, but in background something malicious, without user noticing, activates when video was activated?

 

Sorry for questions, but all this new data is making me curious of what threats can exist in Mac world.

Link to post
Share on other sites

There's currently no way to booby-trap a normal video file, image file, etc on a Mac. That could always happen in the future... there have been cases where a maliciously-constructed image file or PDF file could have been used to run malicious code, and that will undoubtedly happen again in the future. But there's nothing like that out there right now.

The bigger danger is applications (or other executable files) that are disguised as other kinds of files, and that you double-click to open. Pay attention to the OS warnings, and if opening a video file results in the OS warning you that it's an application that was downloaded from the internet, don't continue.

Link to post
Share on other sites

16 hours ago, treed said:

There's currently no way to booby-trap a normal video file, image file, etc on a Mac. That could always happen in the future... there have been cases where a maliciously-constructed image file or PDF file could have been used to run malicious code, and that will undoubtedly happen again in the future. But there's nothing like that out there right now.

The bigger danger is applications (or other executable files) that are disguised as other kinds of files, and that you double-click to open. Pay attention to the OS warnings, and if opening a video file results in the OS warning you that it's an application that was downloaded from the internet, don't continue.

So executable file in Mac can even change its file extension to look like harmless file?
Like dmg file having mp4/jpg extension? And Mac always asks if the file has different nature than what is seems to be?

Link to post
Share on other sites

No, the extension cannot change without altering how macOS handles the file. The apparent extension can change, though... for example, on systems that hide the extension, a file named "malware.jpg.app" will appear to be named "malware.jpg". But when opening that file, you'll get a warning from the OS that the file is an app.

For more information about all this stuff, see:

http://www.thesafemac.com/mmg/

Link to post
Share on other sites

4 hours ago, treed said:

No, the extension cannot change without altering how macOS handles the file. The apparent extension can change, though... for example, on systems that hide the extension, a file named "malware.jpg.app" will appear to be named "malware.jpg". But when opening that file, you'll get a warning from the OS that the file is an app.

For more information about all this stuff, see:

http://www.thesafemac.com/mmg/

I see... so when extensions are visible, user can notice it themselves? Thank you for clarification!

Oh, this... this is good. I'll be reading all of it!

I'll finish with question about Malwarebytes: You mentioned it finds all sorts of trojans and malware. After reading Your RAT article, I searched more about it and found Intego's blog with more descriptions.

Does Malwarebytes also detect RAT

https://www.intego.com/mac-security-blog/adwind-rat-malware-everything-you-need-to-know/

And these mentioned here

https://www.intego.com/mac-security-blog/uptick-in-malware-and-vulnerabilities-what-you-need-to-know/
Eleanor (though I doubt I'll ever need file converter app)

Keydnap

https://www.intego.com/mac-security-blog/malware-spreads-through-modified-transmission-application-again/

iWorm (though if it comes with Flash Player I likely won't be getting that thing)

Mokes malware - that one sounds scariest.

 

I don't really want such programs either, but if ransomware like this does get in, would simple scan from Malwarebytes detect it?

https://www.intego.com/mac-security-blog/mac-users-hit-by-rare-ransomware-attack-spread-via-transmission-bittorrent-app/

 

Or like these

https://www.intego.com/mac-security-blog/apple-updates-xprotect-malware-definitions-for-netweirdrc/

https://www.intego.com/mac-security-blog/new-komplex-trojan-malware-targeting-macs/

https://www.intego.com/mac-security-blog/silverinstaller-sneakier-than-previously-thought/

 

These one only works if you actually want to install them?

https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/

https://www.intego.com/mac-security-blog/type-a-url-wrong-and-you-might-end-up-with-malware-on-your-mac/

 

I thank you all the help You have offered to me already! I understand if I have gone too nosy. I'd never install those Flash Player pop-ups (I don't even have it) nor do I need torrent apps, but it would help me to know if Malwarebytes would also detect bad things like these just in case.

 

Link to post
Share on other sites

4 hours ago, treed said:

Malwarebytes Anti-Malware for Mac will detect all those things you read about on Intego's blog.

Thank you so much! Seeing all those malicious things made me nervous and made me feel like I need to go and use their manual instructions to check every folder for every path... but it really does destroy nerves, doing all of it. Knowing I can just run one scan eases my stress so much!

I can count on this wonderful program to detect everything that Intego writes about in future as well?

 

Thank you so much!

Edited by Beknholm
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.