Proton malware spreading through supply-chain attack, victims should wipe their Macs

cyber

Bad news for Mac users, a new malware is threatening them of a complete system wipe and reinstall.

Crooks are distributing the malware in legitimate applications, the popular Elmedia Player and download manager Folx developed by the Elmedia Player who confirmed the threat. The latest versions of both apps came with the OSX.Proton malware.

The Proton malware is a remote access tool (RAT) available for sale on some cybercrime forums, it first appeared in the threat landscape last year. The malicious code includes many features such as the ability to execute console commands, access the user’s webcam, log keystrokes, capture screenshots and open SSH/VNC remote connections. The malicious code is also able to inject malicious code in the user’s browser to display popups asking victims’ information such as credit card numbers, login credentials, and others.

The Proton malware can hack into a victim’s iCloud account, even if two-factor authentication is used, and in March it was offered for sale at $50,000.

Experts at security firm ESET discovered that the Proton malware is spreading through supply chain attacks, hackers injected the malicious code into downloads of the applications.

“During the last hours, ESET researchers noticed that Eltima, the makers of the Elmedia Player software, havebeen distributing a version of their application trojanized with the OSX/Proton malware on their official website. ESET contacted Eltima as soon as the situation was confirmed. Eltima was very responsive and maintained an excellent communication with us throughout the incident.” reported ESET.

ESET promptly alerted Elmedia, hackers compromised the developer’s servers and implanted the Proton malware into the download files.

To read the original  article:

http://securityaffairs.co/wordpress/64590/malware/mac-proton-malware-supplychain-attack.html

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Next Post

Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. […]