()
trackingXML
AllInstal
offer_parameter
offer_id
These strings are linked to many ad packages containing modified Windows executable files to run on Mac using Mono C # framework.
In February, a number of major technology news sites around the world reported cases of malware detected using the Mac installer to launch Windows executable files using Mono. C # framework.
Mono is basically a cross-platform framework, allowing C # programs to run on many popular operating systems today, including Windows, Mac and Linux.
Some of the detected malware samples will extract a Windows executable file named Installer.exe. This file will then use the included Mono Mac libraries to be able to run on this operating system.
After successfully launching, the ad package will silently contact the crook's remote servers to download the 'offers' and install them into the victim's system. These 'offers' can be browser extensions, adware, exploit tools and unwanted password theft.
Although these ad software packages are essentially executable files of Windows, they are actually not able to run on Windows. This is because they are programmed to try to download the Mac Mono framework libraries, while those are completely unavailable in Windows. If you try to run these executable files in Windows, the system will report an error as shown in the illustration below:
When programming languages like C # become cross-platform languages, being able to discover Windows PE files will play a very important role in protecting users from malware, which can be easy. spread to Mac using frameworks like Mono.