WZZZ Posted September 14, 2021 ID:1479770 Share Posted September 14, 2021 (edited) Hi Thomas, Wondering if Malwarebytes will be covering Pegasus as on-access (as a zero-click would assume not) or even for a post infection scan. Seeing that the Mac sec update is only available for Big Sur, nothing even for Catalina. As I'm restricted to HS or Mojave, would be nice to know if Malwarebytes may offer any form of protection. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Edited September 14, 2021 by AdvancedSetup disabled live hyperlink Link to post Share on other sites More sharing options...
treed Posted September 14, 2021 ID:1479790 Share Posted September 14, 2021 We're actually not aware of any current Pegasus malware for macOS. Keep in mind that the vulnerability affected both iOS and macOS, but the only known exploits are on iOS (where, of course, nobody can do anything), and not on macOS. That's not to say a Mac Pegasus implant can't exist, but no security researchers to my knowledge have found it. Either it exists, but is used so cautiously that nobody's managed to find it, or NSO is only focused on mobile. Link to post Share on other sites More sharing options...
WZZZ Posted September 14, 2021 Author ID:1479834 Share Posted September 14, 2021 (edited) Thanks for the information. Relieved to hear that. Supposing also that it doesn't target the "average" user. Just your average human rights activist, journalist, dissident, etc. From https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Quote Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating “despotism-as-a-service” for unaccountable government security agencies. Regulation of this growing, highly profitable, and harmful marketplace is desperately needed. Edited September 14, 2021 by AdvancedSetup disabled live hyperlink Link to post Share on other sites More sharing options...
FlipSkip Posted November 3, 2021 ID:1486801 Share Posted November 3, 2021 On 9/14/2021 at 9:42 AM, treed said: We're actually not aware of any current Pegasus malware for macOS. Keep in mind that the vulnerability affected both iOS and macOS, but the only known exploits are on iOS (where, of course, nobody can do anything), and not on macOS. That's not to say a Mac Pegasus implant can't exist, but no security researchers to my knowledge have found it. Either it exists, but is used so cautiously that nobody's managed to find it, or NSO is only focused on mobile. Presumably for malware like this to be useful to the bad actor, it needs to send data home from the infected device. Assuming a Pegasus/FORCEDENTRY exploit were developed for macOS Mojave and older, would it be detectable by Malwarebytes or something like Little Snitch? I have a couple of systems running macOS Mojave and I have no desire to update them for a few reasons. I'd like to know if I can keep them protected using software like Malwarebytes, Little Snitch, and others. Link to post Share on other sites More sharing options...
treed Posted November 3, 2021 ID:1486810 Share Posted November 3, 2021 Malwarebytes for Mac still fully supports Mojave, and if any NSO spyware for Mac were ever discovered, we'd update very quickly to detect it. Little Snitch wouldn't be able to detect a particular piece of malware unless you knew exactly what IP addresses and/or domains that malware communicated with. That information isn't readily available. The problem with using something like Little Snitch is that it can be difficult - even for a knowledgeable person - to determine whether a particular connection attempt is legitimate or not. Is that strangely-named process trying to communicate with Amazon AWS malware, or is it a part of some legitimate software? Legit software often uses some strange names, and anyone can communicate with Amazon AWS, for either legit or criminal reasons. I don't recommend using Little Snitch, or something like it, unless you know _exactly_ what you're doing. I've seen too many people cause too many different weird problems by misconfiguring Little Snitch and other similar tools. 1 Link to post Share on other sites More sharing options...
FlipSkip Posted November 3, 2021 ID:1486813 Share Posted November 3, 2021 21 minutes ago, treed said: Malwarebytes for Mac still fully supports Mojave, and if any NSO spyware for Mac were ever discovered, we'd update very quickly to detect it. Little Snitch wouldn't be able to detect a particular piece of malware unless you knew exactly what IP addresses and/or domains that malware communicated with. That information isn't readily available. The problem with using something like Little Snitch is that it can be difficult - even for a knowledgeable person - to determine whether a particular connection attempt is legitimate or not. Is that strangely-named process trying to communicate with Amazon AWS malware, or is it a part of some legitimate software? Legit software often uses some strange names, and anyone can communicate with Amazon AWS, for either legit or criminal reasons. I don't recommend using Little Snitch, or something like it, unless you know _exactly_ what you're doing. I've seen too many people cause too many different weird problems by misconfiguring Little Snitch and other similar tools. Thomas, Thanks for the quick response. You make some good points about Little Snitch. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now