OceanLotus: macOS malware update

A little virtual exercise for anyone reading this article this morning – raise your hand if, when you close your eyes and go to your happy place, you truly believe Apple Mac computers cannot get viruses or malware.  Go ahead.  Be honest.  Search your heart for what is often a painful truth.  I saw a few hesitant hands go up, at least for a second or two.  It is ok.  I get it.

I am a Mac user too, and though I would love to believe my Mac is safe and sound from all malware attacks and virus strains, the truth is Macs are targets too and viruses and malicious code is being developed and deployed everyday to infiltrate our Apple devices, collect data, and cause harm.  Yes, Macs represent a smaller target pool in comparison to Windows workstations, but Macs are still a target.  In many cases, Macs are specifically targeted because of the types of power users and executives who choose to use Apple products.

As this article from Eset demonstrates, the threats are real and precautions are warranted.  Make sure you properly patch and configure your Mac workstations and laptops.  Run a form of advanced malware protection.  Be prepared.

https://www.welivesecurity.com/2019/04/09/oceanlotus-macos-malware-update/

Apple Works to Fix Serious Mac Security Bug

If you are a Mac user or have Mac users you support, please take time to mitigate this problem by setting the root password by following the instructions provided by Apple and referenced in these articles.  Hopefully a patch is coming soon.

https://www.infosecurity-magazine.com/news/apple-works-to-fix-serious-mac/

https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/?utm_source=feedly&utm_medium=webfeeds

Researchers Discover New ‘WireLurker’ Malware Affecting Macs and iOS Devices in China

This is yet another frightening attack vector making the rounds.  It is particularly scary because most Mac users consider themselves impervious to virus and malware infection and rarely employ A/V solutions on their devices.  iOS users are also less diligent when it comes to monitoring their devices for suspicious software.  I am curious how vulnerable the Apple App Store commonly accessed in the US is to this attack.

http://www.macrumors.com/2014/11/05/wirelurker-malware-affecting-macs-ios-devices/