Jamf Threat Labs on Thursday announce that it hasdiscovered a unexampled malware threaton macOS . The malware is similar to theZuRu malwarethat was discovered in 2021 .
The malware is being distributed through pirated software host in China . When a user launches the pirated app , a malicious dynamic library attached to the app uses a backdoor built with the open - sourceKhepripost - exploitation puppet . This allows the malware to avoid detection by anti - virus software package . The malware then communicate with the assailant , who can load software on the butt Mac and control it .
Jamf key out the malware while investigating other threats . An executable called “ .fseventsd ” stand out because it ’s hidden and has the same name as a process in macOS . Jamf also note that the viable was n’t signed by Apple and was not flag as malicious onVirusTotal , a website that analyze suspicious single file .
The pirated apps where Jamf reveal the malware let in FinalShell , Microsoft Remote Desktop Client , Navicat Premium , SecureCRT , and UltraEdit . “ It ’s possible that this malware is a successor to the ZuRu malware given its point applications , modified load commands , and aggressor infrastructure , ” according to Jamf .
How to avoid malware attacks
Jamf believe that this new malware “ appear to primarily point victims in China . ” Since it diffuse through commandeer software package , the gentle way to debar it is to use only legitimately acquired apps from swear source , such as the App Store ( which makes security checks of its software ) or straight from the developer . Macworld has several guides to help , let in a pathfinder onwhether or not you need antivirus software , alist of Mac viruses , malware , and trojans , and acomparison of Mac surety software .
Apple has auspices in shoes within macOS and the troupe resign security measure patches through OS updates , so it ’s important to install them when they are available . If Apple pulls back an update , the society will reissue it as soon as it is properly revised with corrections .
