Mac Users, Heads up! Elmedia Player & Folx Infection

Late last week Eltima admitted that their servers had been hacked and their Folx and Elmedia Player DMG applications had been distributed with  the nasty OSX.Proton Malware.

Their advice? If you only performed an update you’re likely OK but if you downloaded the entire application Thursday the 19th, you may have a problem. We recommend anyone with these apps do a scan for the following files/directories:

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/

If any of those exist, your system is likely infected.

Unfortunately, since this malware affects the administrator account, a total system OS reinstall is the only guaranteed way to get rid of the malware.

Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command line access to commandeer the computer. It can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. It can gain access to a victim’s iCloud account, even if two-factor authentication is used. Bad stuff.

If you’re concerned about cybersecurity at your business give us a call today at 800-924-8167


 

Ransomware Comes to the Mac

Ransomware is nasty stuff. Covert software gets onto your computer, encrypts all your files (and network files) with what’s effectively an unbreakable code, then extorts the user into paying a ransom – usually in untraceable bitcoins – to get the data back.

The cybercriminals that develop ransomware have traditionally gone after the Windows market as it’s large and predominately used in business, but now they’ve specifically started targeting Mac users.

This past weekend Palo Alto Networks wrote that they had found the ‘KeRanger’ ransomware app wrapped inside Transmission, which is a free and reputable Mac BitTorrent client. To make it worse, the infected version of the app was signed with a legitimate Apple developer’s certificate.

It’s not know how the hackers were able to upload an infected version of Transmission to the app’s website, but it worked. BTW, if you use Transmission the bad version was 2.90 and you should immediately upgrade to 2.12. This particular variant of malware waits for 3 days after being installed then does its deed.

And to make matters worse, it appears that this ransomware will try to encrypt files on Apple’s consumer cloud backup service, Time Machine. So an infected user could be looking at losing all their local and backed up data.

The ransom? 1 bitcoin or currently about $404.

The lesson? It doesn’t matter what kind of computer or operating system you have. Cybercriminals will target any group that seems profitable to them and they have the expertise and resources to be successful.

Everyone stay safe out there!