Hackers Find Ways To Run Malware EXE Files On MacOS

By Published On: April 29, 2022

In 2015, macOS Security Expert Patrick Wardle reported almost shockingly simple method hackers could employ to get around the Mac Gatekeeper system, which is the first line of defense against malware. He simply bundled two executable files: One signed and one not signed. Apple promptly fixed this weakness when Wardle reported it, but the hackers did not stop looking for new ways to infect Mac systems.

Recently, researchers at Trend Micro discovered an app on a popular Torrent site that was promised to install a macOS program called Little Snitch, which is a firewall app.  Lurking inside the package, however, was an EXE file that could deliver a hidden payload.

A spokesman at Trend had the following to say about the discovery:

“We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks since it is an unsupported binary executable in Mac systems by design. We think that the cyber-criminals are studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cyber-criminals can use this information and routine.”

Normally, a Windows executable file can’t and won’t run on a Mac. The hackers have worked around this by bundling the EXE with a free framework called Mono.  Trend’s research team went on to say:

“Currently, running an EXE on other platforms may have a bigger impact on non-Windows systems such as macOS.  Normally, a Mono framework installed in the system is required to compile or load executables and libraries.  In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS’ security features.  As for the native library differences between Windows and macOS, Mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts.”

Long story short, Mac users have a new potential threat to worry about.  Stay vigilant.

Used with permission from Article Aggregator

Bill Hogan - Partners Plus, Managed IT Services and IT Support

Bill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology industry, specifically IT support services. Bill has spoken at seminars all over the country about network management. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.

Safe and Secure Information Technology will cover topics like ransomware prevention, solid-state drives, and chip shortage impacts.

Safe and Secure Information Technology

Subscribe to our Weekly Cybersecurity Tips