Login Register
MacInTouch Home Page MacInTouch Discussions

MacInTouch Amazon link...
malware
 


2017-09-06 at 14:10 #24377   (161)
Sophos wrote:Would-be cyberattackers caught by malware with a sting in the tail
   The Trojan smells like a RAT. Zscaler ThreatLabZ, who discovered it, has named it Cobian. It’s based on njRAT, which originally surfaced around 2013. It has the features that people who buy malware on the dark web want; a keylogger, webcam control, remote code execution, and screen capturing.
   But there’s more: unbeknown to customers, it also contains an encrypted library which has code that grants master control to Cobian’s developer. So while Cobian buyers get excited about acquiring their own botnet, Cobian’s author gets ultimate control of all of those botnets: it’s botnet acquisition as a sleazy pyramid marketing scheme.


2017-10-24 at 16:47 #27441   (162)
The Register wrote:Malware hidden in vid app is so nasty, victims should wipe their Macs
If you downloaded and installed stuff from Eltima, you are totally screwed 
  Eltima Software, which makes the popular Elmedia Player and download manager Folx, today confessed the latest versions of those two apps came with an unwelcome extra – the rather horrid OSX.Proton malware.
  The software nasty, which was injected into downloads of the applications, was spotted by security shop ESET, which alerted Elmedia. A subsequent investigation revealed miscreants had got into the developer's servers, implanted the malware into the download files, and then let the company infect its users as they fetched the software.
   Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command-line access to commandeer the computer, and can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. It can gain access to a victim's iCloud account, even if two-factor authentication is used, and went on sale in March with a $50,000 price tag.
ESET Security wrote:OSX/Proton spreading again through supply-chain attack
... Eltima, the makers of the Elmedia Player software, have been distributing a version of their application trojanized with the OSX/Proton malware on their official website. ESET contacted Eltima as soon as the situation was confirmed. Eltima was very responsive and maintained an excellent communication with us throughout the incident.
...
ESET advises anyone who downloaded Elmedia Player or Folx software recently to verify if their system is compromised by testing the presence of any of the following file or directory:
/tmp/Updater.app/
    /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
    /Library/.rand/
    /Library/.rand/updateragent.app/
If any of them exists, it means the trojanized Elmedia Player or Folx application was executed and that OSX/Proton is most likely running.
...
OSX/Proton is a backdoor with extensive data stealing capabilities. It gains persistence on the system and can steal the following:
  • Operating system details: hardware serial number (IOPlatformSerialNumber), full name of the current user, hostname, System Integrity Protection status (csrutil status), gateway information (route -n get default | awk ‘/gateway/ { print $2 }’), current time & timezone
  • Browser information from Chrome, Safari, Opera and Firefox: history, cookies, bookmarks, login data, etc.
  • Cryptocurrency wallets:
    Electrum: ~/.electrum/wallets
    Bitcoin Core: ~/Library/Application Support/Bitcoin/wallet.dat
    Armory: ~/Library/Application Support/Armory
  • SSH private data (entire .ssh content)
  • macOS keychain data using a modified version of chainbreaker
  • Tunnelblick VPN configuration (~/Library/Application Support/Tunnelblick/Configurations)
  • GnuPG data (~/.gnupg)
  • 1Password data (~/Library/Application Support/1Password 4 and ~/Library/Application Support/1Password 3.9)
  • List of all installed applications.


2017-10-25 at 02:06 #27458   (163)
(2017-10-24 at 16:47)Ric Ford wrote:  
ESET Security wrote:ESET advises anyone who downloaded Elmedia Player or Folx software recently to verify if their system is compromised by testing the presence of any of the following file or directory:
/tmp/Updater.app/
    /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
    /Library/.rand/
    /Library/.rand/updateragent.app/
Apple has updated their Malware Removal Tool (MRT) for OS X 10.11 and above to remove anything installed by OSX.Proton.C. It would appear from analyzing MRT that the following directory and files are also evidence that the user has been infected:

/Library/.cache/
   /Library/.cache/.lmx
   /Library/.cache/.prelim.png


2017-10-25 at 15:09 #27495   (164)
Guest
(2017-10-25 at 02:06)alvarnell wrote:  Apple has updated their Malware Removal Tool (MRT) for OS X 10.11 and above
Do you mean the application made by Malwarebytes or has Apple released its own MRT software? I searched Apple Support and couldn't find any references to an Apple-supplied MRT.


2017-10-25 at 23:16 #27523   (165)
(2017-10-25 at 15:09)Guest wrote:  Do you mean the application made by Malwarebytes or has Apple released its own MRT software? I searched Apple Support and couldn't find any references to an Apple-supplied MRT.
It's provided by Apple to OS X 10.11 and above as a critical background feature as long as you have System Preferences->App Store "Install system data files and security updates" enabled.

As with most of its Security features, Apple doesn't provide detailed documentation on it. It runs every time you reboot your computer and checks a variety of specific locations for currently known installed malware files.


2017-10-26 at 12:58 #27548   (166)
(2017-10-25 at 23:16)alvarnell wrote:  As with most of its Security features, Apple doesn't provide detailed documentation on it. It runs every time you reboot your computer and checks a variety of specific locations for currently known installed malware files.
I hope it runs on a schedule as well. My Mac Mini server only gets rebooted after power outages and some system updates.


2017-10-26 at 18:51 #27562   (167)
(2017-10-26 at 12:58)David Charlap wrote:  
(2017-10-25 at 23:16)alvarnell wrote:  It runs every time you reboot your computer and checks a variety of specific locations for currently known installed malware files.
I hope it runs on a schedule as well. My Mac Mini server only gets rebooted after power outages and some system updates.
It does not. But how often to you install anything that might be malware-infected on that server?


2017-10-27 at 00:12 #27577   (168)
(2017-10-26 at 18:51)alvarnell wrote:  
(2017-10-26 at 12:58)David Charlap wrote:  I hope it runs on a schedule as well. My Mac Mini server only gets rebooted after power outages and some system updates.
It does not. But how often to you install anything that might be malware-infected on that server?
Not everyone reboots their non-server Mac regularly. My MacBook Air and iMac spend most of the time either in use or asleep. The MacBook gets restarted a couple times per month; the iMac maybe once a quarter, if that.

Scheduled scans might be a good idea these days.


2017-10-27 at 12:01 #27584   (169)
Guest
(2017-10-27 at 00:12)Robert Mohns wrote:  
(2017-10-26 at 18:51)alvarnell wrote:  It does not. But how often to you install anything that might be malware-infected on that server?
Not everyone reboots their non-server Mac regularly. My MacBook Air and iMac spend most of the time either in use or asleep. The MacBook gets restarted a couple times per month; the iMac maybe once a quarter, if that.
Scheduled scans might be a good idea these days.
If you don't want to restart, you can also force an update on-demand by running this Terminal command:

sudo softwareupdate --background-critical
You don't need the "Install system data files and security updates" option checked in the App Store system preference, and you don't need to do a restart. This Terminal command doesn't trigger an immediate update, but if you wait a while and then check your System Information --> Software --> Installations, you'll see that it happened (look for new Gatekeeper, MRT, and XProtectPlist configuration data).

I run this Terminal command periodically via Apple Remote Desktop on my "headless" FileMaker Server Minis, because I keep all automatic updates off (as recommended by FileMaker for its servers), and I wouldn't restart it often, anyway.

But just restarting a non-server Mac once in a while would be simpler. Refreshes the RAM, too!


2017-10-27 at 18:37 #27601   (170)
(2017-10-27 at 12:01)Guest wrote:  If you don't want to restart, you can also force an update on-demand by running this Terminal command:
   sudo softwareupdate --background-critical
You don't need the "Install system data files and security updates" option checked in the App Store system preference, and you don't need to do a restart. This Terminal command doesn't trigger an immediate update, but if you wait a while and then check your System Information --> Software --> Installations, you'll see that it happened (look for new Gatekeeper, MRT, and XProtectPlist configuration data).
First of all, that will update MRT, etc., but the original poster was asking about scheduled MRT scans, which won't occur using that command.

Secondly, it's been my experience (and that of everybody else I know of) that you do need to at least temporarily check the "Install system data files and security update" option in order for that command to work. It's even been discussed in this forum before.


2017-10-27 at 19:22 #27603   (171)
A client of mine clicked a link saying her Flash was out of date. She dutifully entered her password when an installer requested it. Scamware was installed. She sent me a screenshot showing Advanced Mac Cleaner's claim that her Mac had 853 issues. I had her immediately shut down the Mac until I can examine it.

Here's the rub: I searched for Advanced Mac Cleaner to verify it was a scam. One search result led to the site HowToRemove.Guide. It says to install MacKeeper to remove Advanced Mac Cleaner. Oh the irony, replacing scamware with scamware.

I don't recommend visiting HowToRemove.Guide unless you're very savvy about how they could compromise your web browser or Mac.


2017-10-27 at 23:28 #27607   (172)
(2017-10-27 at 19:22)CyborgSam wrote:  A client of mine clicked a link saying her Flash was out of date. She dutifully entered her password when an installer requested it. Scamware was installed. She sent me a screenshot showing Advanced Mac Cleaner's claim that her Mac had 853 issues.
That software is well known "crapware" or PUP (potentially unwanted program). Here's one article about its developer, written by a colleague of mine who happens to have developed software capable of eliminating it: PCVARK plays dirty.

I agree that almost all of the so-called malware removal sites are best avoided. Many will simply recommend installing another PUP that makes matters even worse.


2017-10-28 at 21:16 #27612   (173)
(2017-10-27 at 23:28)alvarnell wrote:  That software is well known "crapware" or PUP (potentially unwanted program). Here's one article about its developer, written by a colleague of mine who happens to have developed software capable of eliminating it: PCVARK plays dirty.
Thanks for the article. Before reading it I found other scamware: MyCouponize, MyMacUpdater, and MegaBackup. The article mentioned techyutils, I found references to that but didn't know it was scamware. I used ClamXAV to scour her system, it didn't detect the techyutils apps. I'll use MalwareBytes and manual removal next.

Their installer's dmg is named Adobe Player Installer. They icon is green, not the Adobe Flash icon. The installer executes a curl command to download the scamware from cdn.strangealaddin[dot]win. That domain is privately registered using WhoisGuard. The name resolves to an akamai.net server.

Too many bottom-feeders...


2017-12-21 at 13:24 #30489   (174)
Amit Serper wrote:OSX.Pirrit Mac Adware Part III: The DaVinci Code
   In April 2016, I published a research report that analyzed a very nasty piece of adware that targets Mac OS X. Called OSX.Pirrit, I discovered that it wasn’t your typical adware program that just floods a person’s browser with ads. With components such as persistence and the ability to obtain root access, OSX.Pirrit has characteristics usually seen in malware. While OSX.Pirrit’s main goal was to display ads, the way it did this contains many practices borrowed from traditional malware. Ultimately, OSX.Pirrit’s code had the potential to carry out much more malicious activities. As a result of the report, some of Pirrit’s servers and a few distribution websites were taken down. But the story doesn’t end there.
   A few months later, I learned that a new variant of OSX.Pirrit was in the wild. After investigating it, I discovered that a company called TargetingEdge created OSX.Pirrit and, in July, wrote a report discussing how I figured this out. And once again, some Pirrit’s servers and distribution websites were taken offline.
   Now it’s time for chapter three (download a PDF of this report here). Curious to see if OSX.Pirrit was still alive and spreading, I recently started to research it again. And, to my surprise, it’s very active. Not only is it still infecting people’s Macs, OSX.Pirrit’s authors learned from one of their mistakes (They obviously read at least one of our earlier reports)....


2017-12-22 at 12:31 #30578   (175)
(2017-12-21 at 13:24)Amit Serper wrote:  OSX.Pirrit Mac Adware Part III: The DaVinci Code
That's fascinating, especially the mechanism by which the software installs itself with a randomly chosen name in each instance of infection, making it hard or impossible for anti-malware software to look for a common denominator to recognise and purge the infection.


2017-12-22 at 19:15 #30615   (176)
So how do you squash this thing?


2017-12-23 at 06:15 #30633   (177)
(2017-12-22 at 19:15)DWomack wrote:  So how do you squash this thing?
1. Only download 3rd party apps from the App Store or the developer's site, never from clicking on an e-mail or browser popup link or going to a software consolidator like Softonic. But be aware that a very few developers have chosen to monetize their product by including similar adware in their installers (e.g. MPlayerX)

2. If you are already infected, run one of the following products that are known to remove all currently known variants.
- ClamXAV 30-day trial.
- DetectX Shareware.
- Malwarebytes for Mac Free download with a 30-day trial of Premium features.


2017-12-23 at 07:23 #30636   (178)
GFS
(2017-12-22 at 12:31)Christopher Moss wrote:  That's fascinating, especially the mechanism by which the software installs itself with a randomly chosen name in each instance of infection, making it hard or impossible for anti-malware software to look for a common denominator to recognise and purge the infection.
You still have to enter your admin password to install it in the first place though? As I understand it, the initial installation is by things like MacKeeper, or are there other ways it can be installed?


2017-12-23 at 08:11 #30638   (179)
(2017-12-23 at 07:23)GFS wrote:  As I understand it, the initial installation is by things like MacKeeper, or are there other ways it can be installed?
MacKeeper is guilty of many sins, but I don't think this is one of them. The article mentions installers that installs software like a video player or a PDF reader that’s downloaded from a site. These installers will install the downloaded software and the additional malware at the same time.


2017-12-23 at 09:59 #30641   (180)
GFS
(2017-12-23 at 08:11)alvarnell wrote:  MacKeeper is guilty of many sins, but I don't think this is one of them.
I had seen these these comments:
   https://discussions.apple.com/thread/7582129
   http://macware.com/adware/how-to-remove-osx-pirrit/

Either way, you have to enter your admin password for this malware to be installed, even with the AppleScript version. Correct?


2018-02-03 at 06:40 #32851   (181)
Malwarebytes Blog wrote:New Mac cryptominer distributed via a MacUpdate hack
Early this morning, security researcher Arnaud Abbati of SentinelOne tweeted about new Mac malware being distributed via MacUpdate. This malware, which Abbati has named OSX.CreativeUpdate, is a new cryptocurrency miner, designed to sit in the background and use your computer’s CPU to mine the Monero currency.

The malware was spread via hack of the MacUpdate site, which was distributing maliciously-modified copies of the Firefox, OnyX, and Deeper applications.
Jess-MacUpdate wrote:If you have installed-and-run Firefox 58.0.2, OnyX, or Deeper since 1 February 2018, please accept our apologies, but you will need to follow these steps to remove a bitcoin miner which hacked versions of those apps have installed. This [is] not the fault of the respective developers, so please do not blame them. The fault is entirely mine for having been fooled by the hackers.
• Delete any copies of the above titles you might have installed.
• Download and install fresh copies of the titles.
• In Finder, open a window for your home directory (Cmd-Shift-H).
• If the Library folder is not displayed, hold down the Option/Alt key, click on the "Go" menu, and select "Library (Cmd-Shift-L)".
• Scroll down to find the "mdworker" folder (~/Library/mdworker/).
• Delete the entire folder.
• Scroll down to find the "LaunchAgents" folder (~/Library/LaunchAgents/).
• From that folder, delete "MacOS.plist" and "MacOSupdate.plist" (~/Library/LaunchAgents/MacOS.plist and ~/Library/LaunchAgents/MacOSupdate.plist).
• Empty the Trash.
• Restart your system.


2018-02-03 at 14:16 #32861   (182)
Guest
(2018-02-03 at 06:40)Malwarebytes Blog wrote:  New Mac cryptominer distributed via a MacUpdate hack
Had a somewhat similar experience with MacUpdate a while back but managed to catch the problem due to length of download and "strange" actions attempted at the start of install process. Quit install and deleted download and have not gone back to MacUpdate since.


2018-02-03 at 17:16 #32869   (183)
(2018-02-03 at 14:16) wrote:  
(2018-02-03 at 06:40)Malwarebytes Blog wrote:  New Mac cryptominer distributed via a MacUpdate hack
Had a somewhat similar experience with MacUpdate a while back but managed to catch the problem due to length of download and "strange" actions attempted at the start of install process. Quit install and deleted download and have not gone back to MacUpdate since.
I do not trust MacUpdate for downloads, but I still use MacUpdate for being notified of updates and for finding new software. I then always download the software from the original developers' websites and never through MacUpdate. When last week MacUpdate notified me of a Firefox 58.0.2 update while on the mozilla.org site the latest version was still 58.0.1, I knew something was wrong.

Again, it was not the first incident of that sort that I encountered there.


2018-02-04 at 23:26 #32892   (184)
Scion
This didn't affect the iMacs at our facility (we have about 9), but this past Friday someone on a Windows machine allowed a ransomware malware into the building, and we were shut down for the rest of the day through Monday and possibly even this Tuesday, if they need more time to restore the servers, etc. Serious business, folks.


2018-02-05 at 20:32 #32935   (185)
(2018-02-03 at 17:16)RonaldPR wrote:  I do not trust MacUpdate for downloads, but I still use MacUpdate for being notified of updates and for finding new software. I then always download the software from the original developers' websites and never through MacUpdate. When last week MacUpdate notified me of a Firefox 58.0.2 update while on the mozilla.org site the latest version was still 58.0.1, I knew something was wrong.
I don't know which aspect worries me more, that it happened, or that Macupdate hasn't said anything about it (at least on their own site) that I can see. If I weren't also a MacInTouch reader, I'd still be unaware, not only that anything had happened, but also of their mea culpa.

I've been grateful to them in the past, just because it's my only way of knowing what's new in the world of Mac software updates. But this rubs me the wrong way. Are there any alternatives that are as comprehensive and updated on a daily basis? I only discovered them when Versiontracker jumped the shark.


2018-02-05 at 21:36 #32938   (186)
(2018-02-05 at 20:32)anon9678 wrote:  I don't know which aspect worries me more, that it happened, or that Macupdate hasn't said anything about it (at least on their own site) that I can see. If I weren't also a MacInTouch reader, I'd still be unaware, not only that anything had happened, but also of their mea culpa.
  I've been grateful to them in the past, just because it's my only way of knowing what's new in the world of Mac software updates. But this rubs me the wrong way. Are there any alternatives that are as comprehensive and updated on a daily basis? I only discovered them when Versiontracker jumped the shark.
VersionTracker was great before they sold out. The new owners made the site into a glut ware site and I couldn't trust the download links. I didn't know if I was going to the developer site or spam site. Before the sell out, VersionTracker had direct links to the developers for the updated applications files and I could trust them.


2018-02-05 at 23:40 #32944   (187)
Guest
(2018-02-05 at 20:32)anon9678 wrote:  I don't know which aspect worries me more, that it happened, or that Macupdate hasn't said anything about it (at least on their own site) that I can see.
The MacUpdate admins responded in the comments for the affected applications.
Scroll through those to find their statements on the matter.


2018-02-06 at 13:13 #32976   (188)
What value does macupdate offer over letting apps check for updates on their own, which pretty much all apps do these days?


2018-02-06 at 16:20 #32985   (189)
(2018-02-05 at 23:40) wrote:  The MacUpdate admins responded in the comments for the affected applications.
Scroll through those to find their statements on the matter.
And therein lies the problem—how many people who downloaded those apps would be likely to return to that exact page and happen to read the comments to learn there might be a problem? Not many, I think. What reason would they have to do so if they may not be aware of a problem in the first place?

It would be far more likely instead that they might return to the main site looking to see what else is new. If not the same day, the next day. All the more reason to post it there and not buried in the comments of the affected apps.


2018-02-06 at 19:58 #32995   (190)
(2018-02-06 at 13:13)dvhwgumby wrote:  What value does macupdate offer over letting apps check for updates on their own, which pretty much all apps do these days?
For me, at least, that's an easy answer. First and foremost, there are countless apps that I wouldn't otherwise even know about, having been notified of their very existence from their listing on Macupdate. App discovery, I guess, has been the biggest benefit. Yes, there is the App Store, but I try my best to avoid it, preferring to buy directly from developers whenever possible, with the benefit of full functionality not hampered by sandboxing. I also prefer that developers receive 100% of the price paid, rather than 70%.

Secondly, there are plenty of apps that I don't use on a regular basis. Much of the time, I visit Macupdate, see there's a new version out, and only then open it and let the app update itself.


Laurance Wieder Show this Post
2018-02-07 at 10:41 #33008   (191)
Laurance Wieder
Updating Firefox beta to 59.0 beta 7, ClamXav found a live infection: Trojan.OSX.Flashback in Firefox.app. This from Mozilla, not from an aggregator, and it happened twice—yesterday on my Mac, and today on my wife's.
Can't figure out how to alert Mozilla.


2018-02-07 at 15:55 #33028   (192)
Guest
(2018-02-07 at 10:41)Laurance Wieder wrote:  Updating Firefox beta to 59.0 beta 7, ClamXav found a live infection: Trojan.OSX.Flashback in Firefox.app. This from Mozilla, not from an aggregator, and it happened twice—yesterday on my Mac, and today on my wife's.
Can't figure out how to alert Mozilla.
[See:]

   https://wiki.mozilla.org/Security#Contacting_Us

FWIW, I just downloaded Firefox 59beta7, zipped up the app, and submitted it to VirusTotal. None of the A/V engines (including ClamAV) reported any infection.


2018-02-07 at 18:00 #33038   (193)
(2018-02-07 at 10:41)Laurance Wieder wrote:  Updating Firefox beta to 59.0 beta 7, ClamXav found a live infection: Trojan.OSX.Flashback in Firefox.app. This from Mozilla, not from an aggregator, and it happened twice—yesterday on my Mac, and today on my wife's.
Can't figure out how to alert Mozilla.
I believe this is a false positive. I downloaded Firefox 59.0b7 and ran ClamXAV. Its log says this:
/Applications/Firefox.app/Contents/Info: Trojan.OSX.Flashback FOUND
Using ls -al in Terminal shows there is no directory named Info, just the file Info.plist. Examining Info.plist showed nothing suspicious. Neither DetectX nor Malwarebytes detected anything.


2018-02-07 at 21:35 #33047   (194)
(2018-02-07 at 10:41)Laurance Wieder wrote:  Updating Firefox beta to 59.0 beta 7, ClamXav found a live infection: Trojan.OSX.Flashback in Firefox.app.
Confirmed to be a false positive.

This was caused by the Firefox developers leaving a setting enabled in one of the files embedded within the Firefox.app itself. The only other time that setting has been seen on Firefox (or Safari) was when the app was infected with the Flashback malware. In this instance, that wasn't the case - just forgetful programmers!

The developer has pushed out a fix via virus defs. Just update your virus definitions which will prevent the detection from recurring.


2018-03-08 at 12:17 #34516   (195)
Thomas Reed wrote:The state of Mac malware
Mac users are often told that they don’t need antivirus software, because there are no Mac viruses. However, this is not true at all, as Macs actually are affected by malware, and have been for most of their existence. Even the first well-known virus—Elk Cloner—affected Apple computers rather than MS-DOS computers.
    In 2018, the state of Mac malware has evolved, with more and more threats targeting these so-called impervious machines. We have already seen four new Mac threats appear.
    The first of these, OSX.MaMi, was discovered on our forums by someone who had had his DNS settings changed and was unable to change them back.
    The malware that was discovered on his system acted to change these settings and ensure that they remained changed. Additionally, it installed a new trusted root certificate in the keychain.
    These two actions are highly dangerous.
... The second malware was discovered via research into nation-state malware, called Dark Caracal, by Lookout. The report mentioned a new cross-platform RAT (remote access tool, aka backdoor), which it called CrossRAT, which is capable of infecting Macs, among other systems. This malware, written in Java, provided some basic remote backdoor access to infected Mac systems.
... The next piece of malware was named OSX.CreativeUpdate, and was originally discovered through a supply chain attack involving the MacUpdate website. The MacUpdate website was hacked, and the download links for some popular Mac apps, including Firefox, were replaced with malicious links.
     These kinds of supply chain attacks are particularly dangerous, even capable of infecting savvy members of the development and security community, as was documented by Panic, Inc. in The Case of the Stolen Source Code.
... The most recent piece of malware, called OSX.Coldroot, was a generic backdoor that provided all the usual access to the system that a typical backdoor does. However, some aspects of its installation will fail on any modern system (macOS 10.11, aka El Capitan, or later), and due to bugs it will fail entirely on some systems. This malware didn’t seem like much of a threat, but could still be dangerous on the right system.
    These are simply some of the most recent examples. Mac malware saw an increase of over 270 percent between 2016 and 2017. Last year saw the appearance of many new backdoors, such as the now infamous Fruitfly malware, first documented by Malwarebytes, which was used by an Ohio man to capture personal data, and was even used to generate child pornography....


2018-03-09 at 11:42 #34583   (196)
Sophos wrote:Safer browsing coming soon to MacOS Chrome users
Google’s security team recently announced that Chrome is expanding its “Safe Browsing” capabilities to help protect macOS users from Mac-specific threats and malware.
    Any Mac user that stumbles upon a website that might host a compromised or malicious ad, attempt to download Mac-specific malicious software, or try to modify browser settings (like changing the default search engine or default home page) will see a message warning them about the website’s dangers...
... Just last year, SophosLabs included Mac malware in their yearly malware forecast after seeing numerous Mac ransomware samples in the wild. Mac malware is growing...


2018-03-11 at 19:53 #34668   (197)
(2018-03-09 at 11:42)Sophos wrote:  Safer browsing coming soon to MacOS Chrome users
Google’s security team recently announced that Chrome is expanding its “Safe Browsing” capabilities to help protect macOS users from Mac-specific threats and malware.
it looks like Google is also moving towards eliminating http in favor of https. The problem here is that a good number of legacy sites are - and likely will remain - http. See: <http://this.how/googleAndHttp/>