Jump to content

Recommended Posts

Hi Thomas,

Wondering if Malwarebytes will be covering Pegasus as on-access (as a zero-click would assume not) or even for a post infection scan.

Seeing that the Mac sec update is only available for Big Sur, nothing even for Catalina. As I'm restricted to HS or Mojave, would be nice to know if Malwarebytes may offer any form of protection.

 

https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

 

Edited by AdvancedSetup
disabled live hyperlink
Link to post
Share on other sites

We're actually not aware of any current Pegasus malware for macOS. Keep in mind that the vulnerability affected both iOS and macOS, but the only known exploits are on iOS (where, of course, nobody can do anything), and not on macOS.

That's not to say a Mac Pegasus implant can't exist, but no security researchers to my knowledge have found it. Either it exists, but is used so cautiously that nobody's managed to find it, or NSO is only focused on mobile.

Link to post
Share on other sites

Thanks for the information. Relieved to hear that. Supposing also that it doesn't target the "average" user. Just your average human rights activist, journalist, dissident, etc.

 

From

https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

 

Quote

Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed.

 

Edited by AdvancedSetup
disabled live hyperlink
Link to post
Share on other sites

  • 1 month later...
On 9/14/2021 at 9:42 AM, treed said:

We're actually not aware of any current Pegasus malware for macOS. Keep in mind that the vulnerability affected both iOS and macOS, but the only known exploits are on iOS (where, of course, nobody can do anything), and not on macOS.

That's not to say a Mac Pegasus implant can't exist, but no security researchers to my knowledge have found it. Either it exists, but is used so cautiously that nobody's managed to find it, or NSO is only focused on mobile.

Presumably for malware like this to be useful to the bad actor, it needs to send data home from the infected device. Assuming a Pegasus/FORCEDENTRY exploit were developed for macOS Mojave and older, would it be detectable by Malwarebytes or something like Little Snitch?

I have a couple of systems running macOS Mojave and I have no desire to update them for a few reasons. I'd like to know if I can keep them protected using software like Malwarebytes, Little Snitch, and others.

Link to post
Share on other sites

Malwarebytes for Mac still fully supports Mojave, and if any NSO spyware for Mac were ever discovered, we'd update very quickly to detect it.

Little Snitch wouldn't be able to detect a particular piece of malware unless you knew exactly what IP addresses and/or domains that malware communicated with. That information isn't readily available. The problem with using something like Little Snitch is that it can be difficult - even for a knowledgeable person - to determine whether a particular connection attempt is legitimate or not. Is that strangely-named process trying to communicate with Amazon AWS malware, or is it a part of some legitimate software? Legit software often uses some strange names, and anyone can communicate with Amazon AWS, for either legit or criminal reasons.

I don't recommend using Little Snitch, or something like it, unless you know _exactly_ what you're doing. I've seen too many people cause too many different weird problems by misconfiguring Little Snitch and other similar tools.

  • Like 1
Link to post
Share on other sites

21 minutes ago, treed said:

Malwarebytes for Mac still fully supports Mojave, and if any NSO spyware for Mac were ever discovered, we'd update very quickly to detect it.

Little Snitch wouldn't be able to detect a particular piece of malware unless you knew exactly what IP addresses and/or domains that malware communicated with. That information isn't readily available. The problem with using something like Little Snitch is that it can be difficult - even for a knowledgeable person - to determine whether a particular connection attempt is legitimate or not. Is that strangely-named process trying to communicate with Amazon AWS malware, or is it a part of some legitimate software? Legit software often uses some strange names, and anyone can communicate with Amazon AWS, for either legit or criminal reasons.

I don't recommend using Little Snitch, or something like it, unless you know _exactly_ what you're doing. I've seen too many people cause too many different weird problems by misconfiguring Little Snitch and other similar tools.

Thomas,

Thanks for the quick response. You make some good points about Little Snitch. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.