A mysterious piece of malware has infected over 30,000 Mac computers worldwide, including in China and the United States. The malware, known as XcodeGhost, infected versions of Apple’s Xcode software development kit, which developers use to create apps for iOS and Mac devices. After downloading infected Xcode files, developers unknowingly added malicious code to their apps and uploaded them to the Apple Store – creating infected versions of popular apps like WeChat and CamCard.
What is the malware?
The malware in question is a new variant of the already-infamous MACDefender Trojan horse. This nasty piece of software pretends to be a legitimate security program, but is actually just a scam designed to trick users into giving up their personal information. Once installed, the MACDefender will start displaying fake security warnings and prompts on your screen, in an attempt to get you to enter your credit card number or other sensitive data.
Even if you don’t fall for the scam, the MACDefender can still do serious damage to your computer by slowing it down and making it difficult to use. So if you ever see this kind of warning pop up on your screen, it’s important that you shut down your computer immediately.
Why was it released?
The malware, which has been dubbed Fruitfly by security researchers, is a type of backdoor that allows attackers to gain remote access and control over the infected computers. It’s not clear why the malware was
released or who is behind it, but it’s possible that the attackers are using it for espionage or other malicious purposes. A variant of the malware began circulating in 2008, and all versions contain the capability to take screenshots and collect files on the infected computer.
Why should I care?: The good news is that Apple computers are much less vulnerable than Windows machines because they’re typically not connected to public networks like Wi-Fi hotspots or shared USB drives (where this type of malware can be transmitted). If your machine does become infected with this virus, don’t panic: There’s still hope. We’ve compiled a list of best practices to keep your computer safe from future attacks. For starters, make sure that your operating system is always up-to-date with the latest patches and updates.
Download software only from legitimate sources – never click on an attachment sent via email without verifying its legitimacy first. Change your passwords often and use a password manager if necessary. And when browsing the web, make sure you’re always running an antivirus program such as Malwarebytes or AVG AntiVirus Free – both of which offer free versions for home users.
How do I prevent infection?
- Keep your software up to date.
- Avoid downloading files from untrustworthy sources.
- Be cautious when clicking on links or opening email attachments.
- Don’t give out personal information online unless you know the website is secure.
- Install a reputable antivirus program and run regular scans.
- Use a firewall to help block malicious traffic.
- Back up your data regularly in case you need to restore your system.
- Learn how to use Terminal if you want to create scripts that scan for threats automatically or modify your network settings (ex: enable MAC address spoofing).
- Consider installing Little Snitch if you want more control over incoming connections and outgoing connections on your computer.
- Consider using a virtual machine such as VirtualBox for sensitive tasks like online banking where malware might be present.
There are many steps that can be taken to protect against infection from this type of malware but it can still happen so we recommend following all these tips diligently until this issue is resolved. The problem appears to stem from an adware called DNS Unlocker which downloads without users’ knowledge after they visit certain websites infected with the code through ads and pop-ups.
Is my device infected?
If you’re a Mac user, you may be wondering if your computer is one of the 30,000 that’s been infected with mysterious malware. Here’s what you need to know. The malware was discovered by Patrick Wardle and reported on May 14th. It uses inconspicuous means to install and execute without consent from users. In addition, the hacker or hackers responsible for this are very skilled in hiding their tracks—in order to catch them, we’ll have to see some uncharacteristic errors or logs on our own devices which would point us in the right direction.
For now, all we can do is wait until Apple releases an update to fix the problem. But if you want to avoid being infected in the first place, take precautions: download software only from trusted sources; always back up your data; and refrain from using public Wi-Fi networks.
How can I clean my machine?
If your Mac has been infected with the new malware, there are a few things you can do to clean your machine. First, run a virus scan with your antivirus software. If you don’t have antivirus software installed, you can download and install it from the App Store. Next, run a spyware scan with Malwarebytes. Finally, use CleanMyMac X to remove any residual files that may be left behind. To do this, click on Deep Scan and then Run Deep Scan.
Click on Fix All Issues when the scan is complete. Restart your computer and then proceed to delete old caches, logs, downloads and other temporary files by clicking on Settings > System > Storage > Caches & Logs > Files. After deleting these files, restart your computer one more time. Once you’re back up again, run a check disk (Disk Utility) by going to Applications > Utilities > Disk Utility. Then select your startup disk in the left pane and click First Aid.
Lastly, backup all of your data by copying it onto an external hard drive or other storage device – if not already done so already – because if anything happens like another infection or hardware failure, re-installing macOS will erase everything from your hard drive!
What should I do if I’m infected?
If you think your Mac has been infected with malware, the first thing you should do is disconnect it from the internet. This will prevent the malware from spreading and will give you time to figure out how to remove it. You’ll also want to run a virus scan on your computer. Be sure to make a backup of any files that have been corrupted so that you can restore them if necessary.
A ransomware virus locks up personal data until a payment is made for its release, but this doesn’t seem like the case here—even though we don’t know exactly what type of malware this is yet. In addition, Apple has
already released software updates for these machines, which would hopefully be able to protect them against such an attack in the future.