Malware for macOS comes in torrent downloads and can steal data

At this point in the championship, I think the image that the Mac is a totally malware-free computer has been totally deconstructed of course, overall it's more secure than Windows (no known viruses, for example), but that doesn't make it indestructible . And you see, this is good: users are not totally relaxed and they are taking measures to prevent infections in their machines, which in turn discourages the community of crackers.

Also, it is always good that any threats to macOS that are documented come to the public as soon as possible. Not the case with our subject today: malware OS X / SearchPageInjector It was discovered by Intego people in January, but only released this week because another security researcher published similar but less conclusive findings.

What does malware do anyway? Simple: It silently applies remotely hosted JavaScript code to the web pages you visit. As a result, a number of possibilities open up for the bad guys: they can add improper advertisements on websites, use their machine's processing power to mine virtual currencies (like Bitcoin) or steal data (like usernames and passwords) .

The attack even works on HTTPS sites and uses a software of proxy like man-in-the-middle to inject the JavaScript code into the pages. According to Intego, malware is embedded in a series of supposedly “cracked” software that users torrent download Adobe's suite applications are a very popular example.

How to protect yourself from the attack, then? According to Intego, its VirusBarrier protection software has been able to detect and terminate OS X / SearchPageInjector since January 2018 now that the problem has been publicly reported, however, Apple is expected to act on it in a future software update. . The company also recommends that you do not download files (especially fake apps) via torrent.

Deleting the mitmproxy certificate, which allows the application of malicious JavaScript codes

Finally, you can go to macOS Keys Access (it is located at Utility Applications) and look for the mitmproxy certificate. If it is installed and you make sure that you do not use it for any operation on your computer, delete it: through it malware can inject JavaScript codes into web pages.