It is normal for this type of installer to contain preinstall and/or postinstall scripts, for preparation and cleanup, but in this case the script was used to load the malware and then launch the legitimate Little Snitch installer. The installer also contained a postinstall script-a shell script that is executed after the installation process is completed. Remove malware on mac library files install#Malicious Little Snitch installerĮxamining this installer revealed that it would install what turned out to be the legitimate Little Snitch installer and uninstaller apps, as well as an executable file named "patch", into the /Users/Shared/ directory. Worse, the installer package was pointlessly distributed inside a disk image file. However, this installer was a simple Apple installer package with a generic icon. To start, the legitimate Little Snitch installer is attractively and professionally packaged, with a well-made custom installer that is properly code signed. RUTracker post showing magnet link to malicious installer InstallationĪnalysis of this installer showed that there was definitely something strange going on. In fact, we discovered that not only was it malware, but a new Mac ransomware variant spreading via piracy. A post offered a torrent download for Little Snitch, and was soon followed by a number of comments that the download included malware. The new name, ThiefQuest, is also more fitting for our updated understanding of the malware.Ī Twitter user going by the handle messaged me yesterday after learning of an apparently malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links. Editor’s note: The original name for the malware, EvilQuest, has been changed due to a legitimate game of the same name from 2012.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |