- #Dropbox macupdater for mac os x#
- #Dropbox macupdater mac os x#
- #Dropbox macupdater full#
- #Dropbox macupdater software#
- #Dropbox macupdater code#
#Dropbox macupdater software#
In general, avoid any kind of download aggregation sites, and download software directly from the developer. When I tried to download EasyDoc Converter from MacUpdate, the first thing I got was a MacUpdate installer that would have, on top of installing the malware, also installed a bunch of other adware. If an app has been abandoned, you probably should think twice about downloading it, and you should be cautious about even running an old copy on your hard drive if the app has a self-updating mechanism.įinally, be cautious about where you download apps from. This gives the malicious software a hint of legitimacy, by infecting software that has a history. Again, not all apps that haven't seen updates in a while are malicious, but it is becoming an increasingly popular thing (especially amongst Chrome extensions in the Chrome store) for unsavory developers to turn abandoned software into adware or malware. Second, be cautious about running old, abandoned apps. At a minimum, if the app is found to be malicious, Apple can revoke the certificate used to sign the app, rendering it inoperable.
#Dropbox macupdater code#
Certainly, not every unsigned app is malicious, and not every signed app is legit, but having that code signature is at least some measure of protection.
#Dropbox macupdater mac os x#
First and foremost, if an application doesn't have a code signature, and Mac OS X doesn't want you to open it by default, you should pay attention to that. Since this malware appears to have first "turned on" in April, I suspect that the real EasyDoc Converter may have been abandoned by its developer and somehow obtained by malware authors. Interestingly, this app's page on MacUpdate has ratings submitted by users between 2014 and March 26, 2016, all but one of which are 4.5 or 5 stars. Further, the fact that it was disguised as a file converter meant to convert two relatively obscure file formats, coupled with the lack of any code signature, means that its distribution was probably fairly limited. In all, although this is a nasty bit of malware, the good news is that it's awfully easy to remove. According to Bitdefender's report, the first upload to Pastebin by this malware occurred on April 19, about two and a half months ago.
The Pastebin agent is used to upload the infected Mac's Tor address to Pastebin, where the attackers can find it. The web service provides the means for the attacker to send commands to the infected machine. The Tor service sets up an address through which the attacker can establish communications with the web service component. The three launch agents initiate a Tor hidden service, a web service and a Pastebin agent. Note that there is a legitimate folder named ".dropbox" that gets installed by Dropbox, except it is directly inside the user folder, not the user's Library folder.Īccording to Bitdefender, this malware is capable of all manner of backdoor activities, such as access to the file system, remote code execution and webcam access. The three launch agents load different executables from this folder. The ".dropbox" folder is a hidden folder, since its name begins with a period, and it contains all the executable files and data used by the malware. Users/username/Library/LaunchAgents/.plist All these items have names that attempt to make them seem like Dropbox components.
#Dropbox macupdater full#
If LittleSnitch is not present, and if the malware has not already been installed, it then installs three LaunchAgents in the user folder plus a hidden folder full of executable files. When the app is opened, it runs a shell script whose first task is to check for the presence of Little Snitch. (By default, Mac OS X will not open unsigned apps.) However, it's also unfortunate, because a determined user will be able to open it anyway, and because there's no certificate involved, Apple cannot kill the app by revoking the certificate. This is fortunate, in a way, as this makes it more difficult to open. The app is not signed with a certificate issued to an Apple developer ID. Instead, it installs a backdoor when run. The app purports to convert a couple file formats into Microsoft Word files, but there's no sign that it actually does this. The malware was available on MacUpdate, in the form of a free app called EasyDoc Converter. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.) This malware, which Bitdefender is calling, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware.
#Dropbox macupdater for mac os x#
A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.
0 kommentar(er)
