Jump to content

Recommended Posts

Is there anything known about, at least as far as Malwarebytes is concerned, the new Mac Malware infecting the XCode projects found by TrendMicro (link here on TrendMicro Blog XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits)?

Thanks

Greetings

Massimiliano

Link to post
Share on other sites

I don't think there's anything to share that isn't already in Trend's report, except to note that we detect the malware as OSX.DubRobber. Trend's report noted that they were primarily seeing it in India and China, and I can confirm that we also have primarily seen it in India. Cases outside India have been quite sparse.

Link to post
Share on other sites

3 minutes ago, treed said:

I don't think there's anything to share that isn't already in Trend's report, except to note that we detect the malware as OSX.DubRobber. Trend's report noted that they were primarily seeing it in India and China, and I can confirm that we also have primarily seen it in India. Cases outside India have been quite sparse.

So MB 4.0.493 definitions from the end of July (as I'm told) detect this threat?  This "new" threat that everyone is just now reporting on, MB had it in the latest definitions 4.0.493 at the end of July.  That is the latest definition update, correct

Link to post
Share on other sites

  • 11 months later...
11 minutes ago, TarryFaster said:

I am not an expert but it seems to me only an article for advertising purposes trying to infuse fear

Cite verbally

Quote

When the virus retrieves the master password for Keychain, it uploads usernames and passwords stored in Google Chrome to the same remote server.

For what little I know the iCloud keychain and the credentials stored in Google Chrome are two entities completely disconnected

Again

Quote

We recommend our sponsor, TOTALAV

More than an article by Cybersecurity Experts, admitted and not granted that the news is real, it seems to me to be considered like Mackeeper's sponsorships (from both I keep very far away)

In addition, searching online, it appears that Kimberly Ann Komando conducts a radio broadcast on consumer technology not really the meeting of the maximum experts on the subject.
However, surely @treed or other staff members will be able to give greater and more precise information about it

 

  • Like 1
Link to post
Share on other sites

Here is how I addressed the issue in my news letter to my 220 clients:

NOTE from Terry Sneller: Since I have recommended the free version of Malwarebytes, for years, you may like to know that Malwarebytes has already got this issue covered.  Here is a screenshot of a Malwarebytes Forum discussing the XCSSET malware:
 

 

Screen Shot 2021-08-02 at 2.49.20 PM.jpg

Link to post
Share on other sites

1 hour ago, TarryFaster said:

Yup, we detect XCSSET, though we call it OSX.DubRobber.

Some commentary on the Kim Komando article:

  1. There are a number of factual inaccuracies... examples:
    1. There was no "jump" from macOS to other apps
    2. This was NOT the first upgrade to XCSSET
    3. This did not give it any better ability to run on M1, as the malware is mostly written in AppleScript
  2. The article recommends a program that we detect as a potentially unwanted program
  3. Kim Komando has absolutely no credibility in the security space at a very minimum. (I'd extend that to say she has absolutely no credibility, but ...)
  • Like 1
  • Thanks 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.