Mac malware slips through Apple notarization process

By

Mac malware is real. Watch out.
Even Macs can get hit with malware. Especially when Apple notarizes it!
Graphic: Ed Hardy/Cult of Mac

Apple reportedly slipped up and notarized some malware. This allows the ill-behaved software to be installed on Macs.

Preventing the spread of malware is exactly why Apple insists Mac apps to be notarized, so it’s not clear how this malicious software got Apple’s approval.

By

Mac Premium Bundle X9 protects your computer from online threats with five apps.
Mac Premium Bundle X9 safeguards your precious computer.
Image: Intego

Trojan using fake Flash updates infects 1 in 10 Macs

By

shlayer
The Shlayer Trojan hides in fake Flash update pages like this.
Photo: Kaspersky

A dangerous piece of Mac malware that hides as a fake Flash warning is a growing security threat to Mac users with one in 10 Macs infected, according to the security firm, Kaspersky.

The Shlayer Trojan has been active since early 2018 and so far it shows no signs of going away quietly. Shlayer has had an enormous amount of success attacking Macs, even though it’s a rather normal piece of malware.

By

Apple pays $467k for doing business with blacklisted app developer
Apple has given malware apps the boot.
Photo: Apple

Apple patches iCloud, iTunes for Windows to plug malware hole

By

Apple iCloud for Windows app
Update today!
Photo: Microsoft/Cult ofMac

Apple’s latest patches for iTunes and iCloud for Windows are out to block potential ransomware attacks.

The software previously contained a vulnerability that allowed malware to piggyback on Apple’s digital signatures and go undetected by antivirus software.

And don’t assume you’re safe if you’ve already uninstalled Apple’s apps.

New malware steals data from your device and cloud accounts

By

Proposed bill could hold tech giants more accountable for child exploitation
Pegasus could be used by governments to spy on individuals.
Photo: Ste Smith/Cult of Mac

A new spyware tool reportedly can harvest data from iOS devices and their connected cloud accounts.

The tool, called Pegasus, also works with Android devices. The data it is able to gather even reportedly includes encrypted messages from third-party apps. It does this by fraudulently posing as the user to download their private content.

’CrescentCore’ malware attacks your Mac, evades antivirus tools

By

CrescentCore-Flash-update
Don’t install Flash Player. Not even the real one.
Photo: Intego

Security researches have discovered new malware that targets macOS users and evades popular antivirus tools.

“CrescentCore” is distributed as a DMG package that’s disguised as Adobe Flash Player. It can now be found on multiple websites — one of which is “a high-ranking Google search result,” according to Intego.

How to block ads and malware on iOS

By

This is the web without content blockers.
This is the web without content blockers.
Photo: Charlie Sorrel/Cult of Mac

Way back in iOS 9 days, Apple added “content blocking” to the iPhone and iPad. More commonly known as “ad-blockers,” this tech lets you use third-party apps to block ads, malware, trackers, comments, and more, in Mobile Safari. Apple itself doesn’t do any more than make blocking possible. To actual decide what to block, you need a third-party app.

Enabling ad-blocking is easy, once you know how, and you can set-and-forget it once done. Or you can keep on top of things, adding custom rules, and white-listing trusted websites. Here’s how.

Hacked iPhones star in Middle East cyberwar

By

UAE iPhone hacks
The hack took advantage of a flaw in iMessage.
Photo: Ste Smith/Cult of Mac

Intelligence operatives from the United Arab Emirates used a powerful cyber weapon that allowed them to monitor the iPhones of hundreds of targets.

The iPhone spy tool, dubbed Karma, gave the UAE remote access to phone numbers, photos, emails and text messages in 2016 and 2017.

An iOS security update rendered it “far less effective,” according to U.S. intelligence contractors who worked with the UAE to breach the iPhones of diplomats, activists, and rival foreign leaders.

Beware: Shortcuts could steal your data

By

Shortcuts app from iOS 12
Siri Shortcuts could be doing more than you think, like invading your privacy.
Photo: Ed Hardy/Cult of Mac

Malicious Siri Shortcuts are a real possibility warns one developer, so users need to start treating all of them as potential threats. He calls on Apple to fix their problems.

Shortcuts debuted last fall in iOS 12. They are small apps that can be used to automate iOS features. That apparently makes them well suited for creating malware.