Windows .exe file intrudes on macOS by blocking the Gatekeeper and cause data theft and other macOS malware intrusion
CyberSecurity Team from Trend Micro detected a new malware. According to them, the newly detected malware targets MacOS with the help of an executable file.
It is surprisingly to know that the .exe file is designed to run on Windows. So the Mac’s security measures like Gatekeeper doesn’t check the code signature check. They simply allow the malware the .exe file, here the malware to infect the system.
The malicious payload intrudes when a user download an application from the torrent site. The windows executable file is hidden under the app that pretends it to be well known firewall app Little Snitch. Once executed, the malware associated with it get install on the targeted computer.
The malware creates an opportunities for other macOS threat intrusion inside the PC. It bypasses the security measures install on the system. It gathers confidential data and other sensitive details. Recently, it has been spotted in the United Kingdom, United States, Australia, South Africa, Luxembourg and some other countries.
The .exe file is hidden under .DMG file
According to researchers, Little Snitch including Paragon_NTFS_for_Mac_OS_Sierra_Fully_Activated.zip,” “TORRENTINSTANT.COM+-+Traktor_Pro_2_for_MAC_v321.zip,” “Little_Snitch_583_MAC_OS_X.zip,” “Wondershare_Filmora_924_Patched_Mac_OSX_X.zip,” and a few others are equally responsible for the malware installer.
A .DMG file will show up when the .zip file is extracted. The .DMG file collects crucial information including technical information such as Model Name, processor, Number of Cores, SMC version, Serial Number as well as the personal data stored on the system. It connects the PC to command and control server. The server is controlled by hackers that make them able to access to gathered information.
What makes possible for the .exe file to use in MacOS
As you know, the macOS would never be able to run Windows OS’s executable file. According to the researchers, the hackers bundled an open source implementation of Microsoft’s .NET Framework called Mono that make them able to execute the .exe file of OS on MacOS:
“Currently, running EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a mono framework installed in the system is required to compile or load executables and libraries. In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS’ security features. As for the native library differences between Windows and MacOS, mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts.”
The Trend Micro’s researchers recommend the macOS users that they should take extra precaution to avoid the intrusion of this newly malware to get inside their device.
“Users should avoid or refrain from downloading files, programs, and software from unverified sources and websites, and install a multi-layered protection for their individual and enterprise systems.”