Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Apple updates XProtect to block 'Windows' malware on a Mac
Apple's XProtect security software has recently been quietly updated to add some signature to help detect Windows PE files as well as Windows executable files that can be run on Mac using Mono .NET framework.
If you don't know, XProtect is Apple's built-in antivirus software that acts as a real-time protection shield on a Mac. To protect users from viruses and malicious code, XProtect uses signatures built from many Yara rules aimed at known security threats for Mac users.
- India's largest IT services company is hit by a hacker '
According to security expert Patrick Wardle, the two new signatures released on April 19, 2019 when used together can help detect ad packages containing Windows executable files running on macOS. .
The two new signatures are called "PE", which helps detect Windows PE files and "MACOS.d1e06b8", and is also used to identify a specially built Windows executable file that can run on Mac, as illustrated below:
- Malicious ad campaigns abuse Chrome to steal 500 million iOS user sessions
Basically, XProtect will use the above rule to detect Windows executable files that contain the following strings. Note, the strings below are built based on the rules shown above, so they can also be 'torn' small.
// * ErborC
()
trackingXML
AllInstal
offer_parameter
offer_id
These strings are linked to many ad packages containing modified Windows executable files to run on Mac using Mono C # framework.
Malicious code targeted Mac adware package.
In February, a number of major technology news sites around the world reported cases of malware detected using the Mac installer to launch Windows executable files using Mono. C # framework.
Mono is basically a cross-platform framework, allowing C # programs to run on many popular operating systems today, including Windows, Mac and Linux.
Some of the detected malware samples will extract a Windows executable file named Installer.exe. This file will then use the included Mono Mac libraries to be able to run on this operating system.
- 25% of "out-of-the-box" phishing emails are the default security of Office 365
After successfully launching, the ad package will silently contact the crook's remote servers to download the 'offers' and install them into the victim's system. These 'offers' can be browser extensions, adware, exploit tools and unwanted password theft.
Although these ad software packages are essentially executable files of Windows, they are actually not able to run on Windows. This is because they are programmed to try to download the Mac Mono framework libraries, while those are completely unavailable in Windows. If you try to run these executable files in Windows, the system will report an error as shown in the illustration below:
- Detect spyware targeting iOS users
When programming languages like C # become cross-platform languages, being able to discover Windows PE files will play a very important role in protecting users from malware, which can be easy. spread to Mac using frameworks like Mono.
Samuel DanielYou should read it
- Apple introduced an update page of the error recovery process
- Fileless malware - Achilles heel of traditional antivirus software
- Users need to update their iOS and Mac devices right away to avoid security vulnerabilities
- Add 2 malicious samples to attack the Mac
- Malware sneaks into iOS through Apple's official distribution channels
- Apple has released an update to patch a series of vulnerabilities in iOS, macOS, Safari and many other platforms, update now!
- Detection of a new ransomware strain targeting the Windows search engine
- List of some types of files that are potentially dangerous on Windows
May be interested
- How to turn off automatic app updates in Microsoft Store
the microsoft store only lets you pause app updates for 1–5 weeks. if you want to block mandatory app updates, you can try some of the settings below. - The number of malware on Macs is nearly double that of Windowsmacs are safer and less likely to be infected with malware than windows, which many users still trust. however, this is no longer true when a recent report showed that in 2019, the number of threats targeting the mac surpassed the pc by 2: 1.
- Apple updates Safari on iOS and Mac to block third-party cookiesgoogle said in a blog post of its own earlier this year that it hopes to add similar functionality to chrome 'within two years.'
- Three ways to protect Mac from malware threatsapple has now introduced an entirely new model that is extremely impressive and no doubt its market share will be expanded. it was good news for apple but raised concerns about security. the more people switch to using apple products, the more likely it is that the malware will be pulled.
- How to remove viruses, malware on Macmacos is one of the least virus-infected operating systems, but this does not mean it does not. this article will show you how to check and remove viruses on mac.
- The first malware detection on Mac M1until now, many people still believe that macos is more secure than windows. while this is largely true, in recent years, the number of mac computers infected with viruses and malware has started to increase.
- Apple instructs how to defeat Mac Defenderapple is about to unveil the 'special remedy' for malware mac defender. until the official patch reached the user, 'apple' did not forget to post the instructions ...
- How to see which Windows Defender has found malware on a PCif you use windows defender antivirus to detect and remove malware on windows 10, you can easily monitor the performance of defender with an integrated list of all threats that the utility has detected on your pc. .
- How to turn off Update Win 11 permanently, block the latest update 2024hello everyone, in this guide taimienphi will show you how to permanently turn off windows 10 updates. with simple and safe steps, you can keep your computer stable without worrying about windows 11 automatic updates anymore. let's explore and control your system the way you want
- Windows 10 updates will be divided into C, B, and D levelsaccording to microsoft, updates to windows 10 will be divided into three categories, b, c, and d (without a), and each version will be released once a month.
Attack the network
- Malware stored in Google Sites sends data to the MySQL server
- Dell computers became victims of RCE attacks by vulnerabilities in SupportAssist
- More than 4,000 Office 365 accounts are affected by account hijacking attacks
- It was GitHub's turn to be ransomed
- A very large black web market has just been destroyed
- Young people are too confident when talking about online security!
Malware stored in Google Sites sends data to the MySQL server
Dell computers became victims of RCE attacks by vulnerabilities in SupportAssist
More than 4,000 Office 365 accounts are affected by account hijacking attacks
It was GitHub's turn to be ransomed
A very large black web market has just been destroyed
Young people are too confident when talking about online security!