Last week, Malwarebytes researcher Adam Thomas found an interesting new piece of Mac malware that exhibits some troubling behaviors, including intercepting encrypted web traffic to inject ads. Let’s take a closer look at this adware, which Malwarebytes for Mac detects as OSX.SearchAwesome, to see how it’s installed, its behavior, and the implications of this kind of attack.
Installation
The malware is found on a rather bland disk image file, without any of the usual decorations that could make it look like a legitimate installer.
...
....
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Malware bypassed macOS Gatekeeper by abusing Apple's notarization proccess
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide
Open the wrong “PDF” and attackers gain remote access to your PC
Wireshark: Your Essential Guide to Unraveling Network Traffic