Adware installer gives itself permission to access Mac users' keychain

sinu · Sep 2, 2015

Malwarebytes researcher Adam Thomas has made an interesting discovery: an adware installer created by Genieo, a well-known distributor of unwanted software, is taking advantage of an OS X feature to access information stored in the "Safari Extension List" in the users' keychain.

The problem is the installer doesn't allow the user to make the choice of whether they will allow it access to the keychain. Instead, it "hijacks" the users' mouse cursor and clicks on the "Allow" button - and it does it so quickly (in mere seconds) that the users might not even notice it:

Enju · Sep 2, 2015

Seems like OS X finally cracked the magic number of users/installations to be interesting. The most fitting quote here would be: Whilst Windows users are wearing armor on the internet, Apple users are wearing hawaii shirts or something like that.

Chromatinfish 123 · Sep 2, 2015

Enju said:
Seems like OS X finally cracked the magic number of users/installations to be interesting. The most fitting quote here would be: Whilst Windows users are wearing armor on the internet, Apple users are wearing hawaii shirts or something like that.

Not very similar to Win Malware.

There is actually no reason to download extensive software on Mac as there is an App Store.

I use Andy Android Emulator to do stuff I can't download from the App Store.

GateKeeper rejects all applications that haven't been signed which is almost like UAC but you cannot use it period unlike UAC where you still can click Yes.

Most things like Pages (Word for Mac), Keynote (PP for mac), iPhoto/Photos (Photoshop for Mac), iMovie (Video Editing Program), GarageBand (Music Synthesizer), Numbers (Excel for Mac), and more are already included for free. The App Store includes many games such as SimCity and name brand titles.

Enju · Sep 2, 2015

Chromatinfish 123 said:
Not very similar to Win Malware.

There is actually no reason to download extensive software on Mac as there is an App Store.

I use Andy Android Emulator to do stuff I can't download from the App Store.

GateKeeper rejects all applications that haven't been signed which is almost like UAC but you cannot use it period unlike UAC where you still can click Yes.

Most things like Pages (Word for Mac), Keynote (PP for mac), iPhoto/Photos (Photoshop for Mac), iMovie (Video Editing Program), GarageBand (Music Synthesizer), Numbers (Excel for Mac), and more are already included for free. The App Store includes many games such as SimCity and name brand titles.

Gatekeeper is as crappy as UAC if you rely on it you really are in trouble... Amplia Security - Blog - Bypassing OS X Gatekeeper (there are more if you need them).
Also the so called App Store "security" is almost as bad as Android, in the last few years researchers have pushed malware into the Appstore without any problems even though Apple checks them... (is it working? Okay publish it

).
So yeah the golden cage most OS X users are living in seems inviting at first but after a few weeks/months/years have passed you notice that it's just galvanized with brass and only has copper underneath.

Chromatinfish 123 · Sep 2, 2015

Enju said:
Gatekeeper is as crappy as UAC if you rely on it you really are in trouble... Amplia Security - Blog - Bypassing OS X Gatekeeper (there are more if you need them).
Also the so called App Store "security" is almost as bad as Android, in the last few years researchers have pushed malware into the Appstore without any problems even though Apple checks them... (is it working? Okay publish it ).
So yeah the golden cage most OS X users are living in seems inviting at first but after a few weeks/months/years have passed you notice that it's just galvanized with brass and only has copper underneath.

Don't worry I have Bitdefender Virus Scanner on my mac

Enju · Sep 2, 2015

Chromatinfish 123 said:
Don't worry I have Bitdefender Virus Scanner on my mac

Doesn't really improve anything...

Chromatinfish 123 · Sep 2, 2015

Enju said:
Doesn't really improve anything...

wait what? I paid $129.99 for it come on darn it!

Secondmineboy · Sep 2, 2015

Ive seen alot of users running Avast Mac Security with infections........

Also the Built-In Security features on a Mac are useless and can be gone around too easily as well.

Its the same story on Windows: One Issue patched and they find/use the next one, it just keeps going on.

Deleted member 178 · Sep 2, 2015

you can't stop evil , but you can fight it !

it is why Windows users are experienced fighters while OSX users were nuns that got their coven's door brutally crushed by crafty malwares writers and now scream in panic !

Chromatinfish 123 · Sep 2, 2015

Umbra said:
it is why Windows users are experienced fighters while OSX users were nuns that got their coven's door brutally crushed by crafty malwares writers and now scream in panic !

Come on how about someone who uses windows and mac both like me? I rip off my police suit and put on the swimsuit?

@Enju and @Umbra come on I was just joking about the Bitdefender Virus Scan...

Deleted member 178 · Sep 2, 2015

i hate Macs & Iphone , in fact any Apple stuff (unless someone give me for free of course

)

Malware Man · Sep 2, 2015

I have nothing against Apple. I used to hate them and was all team Android. That changed once I got my iPad at Christmas time. I love it. I have no issues with it.

I think it's funny when Mac users think they are so safe from viruses. I have seen comments on Windows virus removal videos of users going "Now, this is why I bought a Mac, so I don't have to deal with viruses". Cracks me up.

I have a Mac friend who got so infected and OS X crashed. I convinced here they are junk so she sold off her Mac and bought a Windows machine and couldn't be happier. So much more software and better to use for a fraction of a price.

The majority of AVs don't are about adware and will just let it on right through, unfortunately.

I am a Windows, iOS, Linux, and Android user. I refuse to touch OS X. It is garbage IMO.

I would use a iPhone or Android. I would take Windows over OS X all day everyday.

UAC isn't that good at blocking adware since even if you select the only digitally signed applications can run, most adware installers are singed. However, applocker does manage to block those

. I tested with uTorrent which has tons of adware, only allowed uTorrent publisher and the rest of the nonsense got denied. I of course deleted uTorrent after since it has gone down the drain.

People may think OS X is safer, but I honestly feel safer on Windows, even if we can get tons of viruses.

In the end, you can be hacked no matter what device or platform you are using.

Oh and I am typing this on a iPad, a Apple product.

Deleted member 178 · Sep 2, 2015

Malware Man said:
UAC isn't that good at blocking adware since even if you select the only digitally signed applications can run, most adware installers are singed. .

standard account and you are good.

Malware Man · Sep 2, 2015

@Umbra

UAC on max + Standard Account + Applocker = Fortress

I do use a Standard account, or else Applocker wouldn't work properly.

I removed the admin rule, so even if I put in my password without paying attention to the prompt, it will still get access denied.

Chromatinfish 123 · Sep 2, 2015

Umbra said:
i hate Macs & Iphone , in fact any Apple stuff (unless someone give me for free of course )

OK then just send me your address and I'll give you my MacBook Pro worth $1299 with a 1 year Adguard license key worth $19.95.

But wait, there's more!

Contact via PM within 5 minutes and you can get a bonus iPad Air 2 FREE! Worth $499!

PM Chromatinfish123 in MalwareTips.

Repeat,

PM Chromatinfish123 in MalwareTips.

(Joke Mode Off)

What's extremely frustrating about OS X is that software usually doesn't make it here, and those who do are an earlier, lite version of the Windows versions. Maybe I can get VirtualBox set up with an Ubuntu version b/c I really miss that!

Malware Man · Sep 2, 2015

@Chromatinfish 123

Cool joke!

I can say the same thing about Android. I have so many apps on my iPad that are iOS only (Some will never come to Android and if they do, it's usually months and months later). It's frustrating. But I get to enjoy the many Android apps that are exclusive to Android as well. Most of my game apps are pretty much iOS only.

One that frustrates me is how I need to jailbreak just to use Kodi on my iPad when it's available on the Google Play Store with no root, no nothing needed.

Since Windows is the most used OS, you are almost guaranteed that a software will be made for it. You are probably 99.9% sure that a game is going to be made for it.

jamescv7 · Sep 3, 2015

These days those viruses on Mac's are more to be below the belt on what we should expect. A simple reason where very unusual behavior occur that can be really alarming.

You may rely on built in features of Mac like Gatekeeper but rest assurance its not totally the same expectations like the UAC. A realtime AV should be sufficient on those attacks.

Search

Adware installer gives itself permission to access Mac users' keychain

sinu

Enju

Level 9

Chromatinfish 123

Level 21

Enju

Level 9

Chromatinfish 123

Level 21

Enju

Level 9

Chromatinfish 123

Level 21

Secondmineboy

Level 26

Deleted member 178

Chromatinfish 123

Level 21

Deleted member 178

Malware Man

Level 9

Deleted member 178

Malware Man

Level 9

Chromatinfish 123

Level 21

Malware Man

Level 9

jamescv7

Level 85

Similar threads