Xiaopan first observed the malicious advertising link on Sept.
#Malwarebytes breach remediation for mac install#
The use of Chinese language likely means that the malware targets China and other Southeast Asian countries, says Reed, adding that it was tough to confirm as "Malwarebytes has a relatively small install base" in the region. ITerm2's popularity, which has grown over the years - especially among developers and security researchers - makes it "an ideal app to Trojanize and infect people who may have access to development system, research intelligence, etc," according to a blog post by Thomas Reed, a Mac expert at cybersecurity firm Malwarebytes. The sponsored link has now been taken down by Baidu's security team, while Apple has revoked the code signing certificate used by the malware, says Patrick Wardle, who creates security tools for macOS.īaidu and Apple did not immediately respond to Information Security Media Group's request for comment. The user would then be prompted to download the iTerm2 app, which in reality was the malware disguised as the macOS terminal emulator, he says.
The sponsored link, which appeared on the Chinese search engine when a user query included the keyword 'iTerm2', led users to a phishing website, Xiaopan says. Sponsored links in search engine spread fake iTerm2 malware (in Chinese) /WPU8YSURgZ- Zhi September 15, 2021 See Also: Live Webinar | A Buyers' Guide: What to Consider When Assessing a CASB The advertisement has now been taken down. A photo of the Baidu search result, showing the ad leading to the phishing website (Source: )Ĭhinese security researcher Pan Xiaopan has discovered a malware targeting Mac users, which was spread via a paid advertisement on search engine Baidu, to harvest user credentials.
0 kommentar(er)
