![]() If you use MacUpdate or any other download aggregation service to obtain software or updates, you will want to review that practice.īy an odd coincidence, a reader here had recently suggested that I provide my free software through MacUpdate. It demonstrates that MacUpdate’s processes for verifying the integrity of the products which it distributes are broken, and that it fails to draw customers’ attention to such a major security failure. What is most shocking in this case is MacUpdate’s almost secretive approach to its error. However, downloading updates direct from developers’ sites is also far from risk-free. Both Thomas Reed and Patrick Wardle point out that this is not the first time that MacUpdate has inadvertently provided its users with malware. It should also show up in Objective-See’s detection tools.Īlthough it is thought to be confined to Firefox 58.0.2, OnyX, and Deeper downloaded from MacUpdate on 1st and 2nd February 2018, on further investigation it may be that it affects other apps downloaded from MacUpdate, possibly even from other download aggregation services. #Detectx app fullHowever, you should still treat this as a full malware infection.Īmong the protective products which detect and remove this malware are Malwarebytes and Sqwarq’s DetectX. Reed explains that the malicious app was developed with some major flaws which rendered it ineffective on many Macs. If you have installed and run any of the affected apps, then they will have downloaded additional malicious software, which may in turn have started to use your Mac to mine for Monero crypto-currency. This issue does not affect copies of these products downloaded direct from their own websites, and probably doesn’t affect copies downloaded from sites others than MacUpdate, although the latter has yet to be confirmed. Jess, one of MacUpdate’s editors, admits being duped into providing the malicious software as if it were genuine product downloads. The only mention you will see at MacUpdate is in comments added to the three downloads which are known to have been affected. Shockingly, there is no warning on the MacUpdate front page, nor in its Support pages. #Detectx app installDid you download and install any Mac software from the MacUpdate site on the first or second of February? If so – and particularly if the app was Firefox 58.0.2, OnyX, or Deeper – you may well have installed a malicious cryptocurrency miner, which has been dubbed OSX.CreativeUpdate.Ī full account of this, and of the malicious software, has been provided by Thomas Reed of Malwarebytes. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |