Editorials and informational articles Security solutions and antivirus software

Chrome helps macOS users protect their computers against malware

As you may know, Chrome is the most popular internet browser on the internet, but a lot of macOS users prefer to use Safari on their computers, because it comes pre-installed on the system.

Those who use Chrome will benefit from an extra security layer, since Google has decided to expand its Safe Browsing protections to Apple devices. Google has been restricting applications to edit the Chrome Settings on Windows, and now is planning to introduce the same feature on macOS, in order to keep the users free ok malware and ad-infectors.

Google’s announcement:

“From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings,”

Starting with the end of this month, Chrome and Safe Browsing will warn users about software that tries to modify Chrome settings without using the Settings Overrides API. So, from now on, Safe Browsing will stop the injection of ads into webpages and will not permit malicious files to change the homepage or default search engine.

Mac users, get ready to see this message more often!

Chrome helps macOS users protect their computer against malware

While macOS is not among the operating systems targeted by hackers, more and more mac malware (like OSX Filecoder.E) gets written every day.

As a reminder, Google removed the possibility to install extensions outside of the Google Chrome Store about two years ago.

Hackers and hacks

OSX Filecoder.E – the latest ransomware for MacOS systems

The new ransomware for MacOS systems was called OSX Filecoder.E by the ESET researchers. The virus is spreading through bittorrent websites and the users that fall into the trap of this ransomware are not able to recover their data or files back even if they pay the ransom. ESET researchers have noticed that the ransomware is very poorly designed.

OSX Filecoder .E ransomware

OSX Filedecoder.E is disguised as a cracking tool for commercial software like Adobe Premiere Pro CC or Microsoft Office for Mac operating systems. The programming language the virus is written into is Apple Swift and judging by the multiple mistakes made into its implementation, it seems that the developer was an inexperienced one. The installer is not signed with a development certificate issued by Apple, that’s the reason why it’s very difficult to install the malware on the new OS X and MacOS operating systems.

Yet another problem seems to be the one that it generates only one encryption key for all the files and then it stocks the files into encrypted ZIP archives and the malware does not have the ability to communicate with an external server. That way the encryption key will not reach the attacker before being destroyed. This means that even if the user pays the ransom by following the hackers instruction (usually located into a README!.txt file), the user will not get his data or files back.

The encryption seems to be strong, and it can’t be broken through alternative ways. „The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator. The key is also too long to brute force in a reasonable amount of time.“, researchers from ESET wrote in a blog post on Wednesday.

Even if OSX Filecoder.E seems to be the art of an inexperienced attacker, it still show us that MacOS is still a target for ransomware developers. Better safe than sorry we say! Stay safe!


An Xagent malware for macOS steals browser passwords, takes screenshots and grabs iPhone backups

The guys from Bitdefender have recently discovered an Xagent malware for macOS users, capable of stealing passwords, taking screenshots and stealing iPhone backups from the Apple computers.

Most likely, the malware is developed by the APT28 cybercrime group, but Bitdefender can’t be sure. The Malware contains some modules that can scan the computer for hardware and software configurations, find all the running processes and run malicious files. Also, it steals the passwords saved in the browser and takes desktop screenshots.

APT28 is the group that hacked the computers from the U.S. Democratic National Committee last year during the presidential election. For now, we don’t know how the malware spreads, but the best way to avoid it is to download software only from the Mac App Store or trusted sources.

Despite the fact that macOS is Unix-based and so, the user permissions are more restrictive, compared to Windows, hackers managed to create viruses and malware for Apple’s platform as well.