Chrysalis Mac OS
In 2015, macOS Security Expert Patrick Wardle reported an almost shockingly simple method hackers could employ to get around the Mac Gatekeeper system, which is the first line of defense against malware. He simply bundled two executable files: One signed and one not signed. Apple promptly fixed this weakness when Wardle reported it, but the hackers did not stop looking for new ways to infect Mac systems.
Jan 28, 2021 Supported operating systems Chrysalis is primarily developed under Linux, but we target all three major operating systems, and test our releases on Windows and macOS too. That said, our testing is done on Ubuntu 18.04 LTS, Windows 10, and macOS Mojave. Feb 18, 2021 Not long ago, a critical flaw in Linux SUDO was discovered and is being tracked as CVE-2021-3156. Given the nickname 'Baron Samedit,' it's a flaw in a Unix program that allows system admins to provide root level privileges to any users listed in the 'sudoers' file.
Recently, researchers at Trend Micro discovered an app on a popular Torrent site that was promised to install a macOS program called Little Snitch, which is a firewall app. Lurking inside the package, however, was an EXE file that could deliver a hidden payload.
A spokesman at Trend had the following to say about the discovery:
'We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design. We think that the cyber-criminals are studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cyber-criminals can use this information and routine.'
Normally, a Windows executable file can't and won't run on a Mac. The hackers have worked around this by bundling the EXE with a free framework called Mono. Trend's research team went onto say:
'Currently, running an EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a Mono framework installed in the system is required to compile or load executables and libraries. In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS' security features. As for the native library differences between Windows and MacOS, Mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts.'
Chrysalis Mac Os X
Long story short, Mac users have a new potential threat to worry about. Stay vigilant.
Chrysalis Mac OS