‘Bundlore’ Adware Targets Macs With Updated Safari Extensions

A report from Sophos today reveals a wave of adware belonging to the Bundlore family that targets macOS. Bundlore is one of the most common bundlware installers for macOS, accounting for almost 7% of attacks detected by Sophos.

This installer carried a total of seven “potentially unwanted applications” (PUAs)—including three that targeted the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income. The injected content in at least one case was used for malvertising—popping up a malicious ad that prompted the download of a fake Adobe Flash update.

Lazarus Group’s Dacls RAT Affects Macs for the First Time

Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

The conclusion I’m drawing is that it’s unlikely to affect most Mac users.

How Worried Should You Be About Public USB Charging Stations?

Today DuckDuckGo published a post about the risks of using public charging stations. Technology exists that lets hackers install malware via these chargers. While I personally think the risk is a bit overblown, this is an argument I think can be added in favor of a portless iPhone.

Although it has become synonymous with charging, USB technology was initially developed with the aim of transmitting data. Thus, hackers can use these public charging stations to install malware on your smartphone or tablet through a compromised USB cable. This process, called “juice jacking”, allows hackers to read and export your data, including your passwords. They can even lock your device this way, rendering it unusable.

Apple Leverages iOS for Advertising You Can’t Block

Tumblr software engineer Steve Streza makes the case that iOS is adware for all of Apple’s services.

iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.

This particularly annoys me with Apple News, where roughly half the space is dedicated to showing me News+ content, even though I don’t subscribe. On iOS you can swipe to “See Less Often” but you can’t do this on iPad.

French Police Defeat Retadup Botnet Infecting 850,000 Computers

French police have defeated a botnet that infected over 850,000 computers. It was created with the Retadup malware. With the help of a web host, they cloned the command & control server and used it to disinfect the zombie computers.

“The malware authors were mostly distributing cryptocurrency miners, making for a very good passive income,” the security company said. “But if they realized that we were about to take down Retadup in its entirety, they might’ve pushed ransomware to hundreds of thousands of computers while trying to milk their malware for some last profits.”

Last Month Google Play Had 205 Malicious Apps With Over 32M Installs

In July alone, Google Play had 205 malicious apps with over 32 million installations, most of them containing hidden ads.

The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.

WIN an iPhone 16 Pro Max!