You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- This nasty Windows executable file targets Mac systems

This nasty Windows executable file targets Mac systems
This nasty Windows executable file targets Mac systems- February 12, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_285058184.jpg)
- The EXE file bypasses built-in security mechanisms in MacOS as well as evades signature checks and file verification to execute an installation.
- It is also capable of downloading malicious applications such as adware and info-stealer trojans.
A new Windows executable file is making rounds in the Mac ecosystem. Malicious EXE files targeting Windows systems is a routine occurrence however, in this case, the target is MacOS systems.
This file, discovered by the security firm Trend Micro, overrides built-in security mechanisms to creep into Apple computers and install malicious applications such as adware, info-stealers, and other malware.
Hides inside the DMG file
Trend Micro reported that the file was available on various torrent websites and packaged in an installer of the iOS firewall app Little Snitch.
“When the downloaded.ZIP file is extracted, it contains a DMG file hosting the installer for Little Snitch. Inspecting the installer contents, we found the unusual presence of the EXE file bundled inside the app, verified to be a Windows executable responsible for the malicious payload,” the researchers explained in their blog.
Therefore, when the installer is run, the EXE file also gets executed in parallel, using the Mono framework which allows .NET applications to run on MacOS systems.
Snooping on system information and downloading malware
The malware then collects system information along with scanning various other applications installed on the system. All of this information is passed on to a C&C server managed by attackers.
Consequently, additional files are downloaded from the Internet which are adware and info-stealer malware. Installation is done through a virtual drive process by mounting the DMG files onto the system.
Interestingly, this EXE file does not run on Windows computers, meaning the file was specifically designed to target Mac systems. Trying to execute the file on Windows would display an error message.
Get such articles in your inbox
News
-
Previous News Almost 620 million accounts gathered from 16 different websites are available for sale on the dark web
- February 12, 2019
- |
- Breaches and Incidents
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Almost 620 million accounts gathered from 16 different websites are available for sale on the dark web
- February 12, 2019
- |
- Breaches and Incidents
Popular News
Related News
Categories
