Mac Patch Exposed: Newly Discovered Malware "OSX/Linker" Under Development

Cybersecurity researchers from Intego, a software designer specializing in security solutions for Mac systems, have issued a warning regarding an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which first announced in May of this year.

Last week, Intego's team discovered four samples of new macOS malware on VirusTotal that penetrated the GateKeeper bypass vulnerability and was able to execute malicious code on macOS without displaying any warning or asking for users for their permission prior to installation.

The newly discovered malware, dubbed OSX/Linker, has not yet resulted in a major outbreak and appears to still be under development at this point. The samples seem to leverage unpatched Gatekeeper bypass flaws, but isn't downloading malicious apps from the attacker's server at this juncture.

Gatekeeper is a mechanism developed by Apple and included in MacOS X since 2012. It's purpose is to enforce code signing and to verify the safety of downloaded applications before allowing them to run.

Just how exactly does this infect your MAC?

MacOS treats applications loaded from a network share differently than apps downloaded from the Internet. OSX/Linker creates a symbolic link or "symlink," which is tantamount to an an alias for the files from an app hosted on an attacker-controlled Network File System (NFS) server.  After creating a .zip archive containing that symlink and getting a victim to download it, the app would not trigger a default check by Apple's XProtect bad-download blocker.

In other words, this method makes it easier for malware to infect a Mac, despite Apple's built-in signature that's supposed to protect your Mac from that malware.

Show More

Julio Rivera

Julio Rivera is a small business consultant, political activist, writer and Editorial Director for Reactionary Times.  His writing, which is concentrated on politics and cybersecurity, has also been published by websites including Newsmax, The Hill, The Washington Times, LifeZette, The Washington Examiner, American Thinker, The Toronto Sun, PJ Media and many others.

Previous/Next Posts

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button