Airo Security uncovered Man-in-Middle Software proxy spyware being distributed to macOS. It came via Comscore subsidiary firm VoiceFive. In a paper released this week, researchers explained the issue, which put sensitive data at risk.
This Comscore spyware installs a proxy on ports 8888, 8443 and 8254, where it captures all machine’s SSL/TLS traffic of the user. The spyware is being installed as a bundled application that is offered along with the installation flow of other software products. It installs a local system certificate which any application then automatically trusts. If that’s not enough, it imposes a severe security breach by not generating a unique certificate for each machine on which it is installed but rather installs the exact same root certificate for all machines. This is a known bad practice, to say the least, and was in the heart of the infamous “Lenovo Superfish” case of 2015 issued at the time by the US Department of Homeland Security.
Check It Out: Comscore Firm Distributes Man-In-The-Middle Proxy Spyware to MacOS
Wait, wait. Is Comscore a legitimate software company, complete with a valid corporate registration in the US? Why is it not getting any attention from law enforcement for this? Surely distributing and installing this type of software is not legal, or is it?
“PremierOpinion is being distributed by various distribution players and download sites. When being installed, it is usually bundled with an additional software offer.
For this analysis, we will be showcasing one example, in which PremierOpinion is being offered to end users as an additional offer to a product software called “BitLord”, by BitTorrent. ”
Get your software from the Apple App Store or a highly trustworthy publisher.