Another Infection Blocked from downloading onto Mac

[SoCalReviews]

Here is information regarding an incoming infection (a type of infection but apparently not a MacOS infection) blocked today from downloading by Avast for Mac Free Antivirus while using Mojave 10.14.2.

AVAST has blocked a Threat!
Infection: Malware-gen [Trj]
Attached File type PDF
MS Office/Microsoft Outlook

This type of infection doesn't require MS Office or Outlook to spread. Any downloaded file attachment from online email services could spread it.

There has been a lot of misinformation posted here regarding Mac vulnerabilities and whether Mac users need broad spectrum antivirus software protection.

I cannot emphasize enough the importance of utilizing as much security protection that is available along with common sense. Some adjustments can be made to the MacOS settings including enabling the firewall under System Preferences>Security and Privacy.

A major weak point in computer system security is the browser. Safari security has improved in recent years and it's probably better than it ever has been security wise but any software tied to the OS has been a target for malicious exploits in the past. This is why third party browsers can be an excellent option to enhance security and privacy.

Regarding the use of cross platform software such as MS Office... It is often the target of malicious exploits. Email software such as Outlook can also be a route of infection especially with file attachments. Users on a MS Windows platform often transfer infections via file attachments to unsuspecting associates using Macs who in turn can harbor and transfer those same infected attachments to other Windows users.

I highly recommend that Mac users seriously consider using a general broad spectrum antivirus software which includes email and browser protection and anyone who hasn't in the past should seriously consider utilizing the importance of antivirus security. There are many antivirus software options including free, paid subscription and corporate versions. Any recommendations from current Mac AV users to other Mac users who currently don't have Mac AV software are welcome in this thread.

This is not a thread debating whether Mac users do or don't need antivirus software. That has been debated in other threads and ultimately that is obviously up to every Mac user for themselves. This thread is regarding the benefits users have already had from utilizing AV software for their Macs... What AV software they are using or have used and what infections they have seen that have been blocked... or what infections have been found and removed by their Mac antivirus software.

 

[0009827]

False positive or windows malware. Avast likes false positives.
I don't think anybody here ever said it is impossible for a mac to download windows malware. It just suffers no ill effects.

 

[SoCalReviews]

False positive or windows malware. Avast likes false positives.
I don't think anybody here ever said it is impossible for a mac to download windows malware. It just suffers no ill effects.

I am quite certain it was not a false positive. It was a PDF attachment in spam email. It was made to look like it was a legitimate email from a credit card company but it was in fact fake. I took a snapshot of the pop up block information but I didn't post the image of it because the AVAST pop up block information contains an email address. I suppose that part could be edited out but I just posted the relevant information.

The question is what about the PDF attachment was malicious or what was it's mode of attack. It wasn't downloaded and even if it had evaded detection I wouldn't have opened the attachment up anyway. However it is possible that this type of PDF file could exploit a vulnerability in MS Office software which technically could be a threat to a Mac Office user and/or a Windows Office user. If that is the case this would make the infection a cross platform threat.

Most computer users use Windows and MS Office is one of the most the popular business applications in the world. Since MS Office is also the most popular business application for Mac and many Mac users also use Windows in VMs and on dedicated machines it's definitely a threat that is better to be blocked than spread.

 

[revmacian]

I am quite certain it was not a false positive.

According to this thread at Malwarebytes, this may be a false positive.

It wasn't downloaded and even if it had evaded detection I wouldn't have opened the attachment up anyway.

I believe this coincides with safe computing practices. I would recommend taking this further by disabling Mail.app from automatically downloading attachments.

 

[SoCalReviews]

According to this thread at Malwarebytes, this may be a false positive.


I believe this coincides with safe computing practices.

AVAST detected the attached PDF file as a Trojan virus. I doubt it is a Mac Trojan but according to this thread from Computer World (from a long while back) there have been Mac Trojans found in the past.

The possibility that a fake email with a wrong email return address that was made to look like it is from a credit card company... and containing a PDF attachment what was detected by AV software to be a Trojan.... the possibility that it is a "false positive" IMO is remote but I suppose anything is possible. Would that simply make it "scareware"?

Disabling mail app attachments downloading is actually not a bad suggestion. The problem is that a lot of users and particularly business users use file attachments for documents.... Office documents, PDF files, etc.. and to have to go through the hassle of logging into online email every time they need to look at an email document... that could be very inconvenient.

The other issue is that not everyone is as keen at detecting fake or malicious emails. If a user is in a hurry and mistakes a fake email with a malicious attachment as a real one or if a real email from a known person is infected then this would be a problem.

 

[revmacian]

AVAST detected the attached PDF file as a Trojan virus. I doubt it is a Mac Trojan but according to this thread from Computer World from a while back there have been Mac Trojans found in the past.

The possibility that a fake email with a wrong email return address that was made to look like it is from a credit card company... and containing a PDF attachment what was detected by AV software to be a Trojan.... the possibility that it is a "false positive" IMO is remote but I suppose anything is possible. Would that simply make it "scareware"?

I'm not sure it could be classified as scareware until I've done much more research. From what I've seen, after a cursory check, Win32:Malware.Gen is Malware designed to run on a Windows machine. Being that I don't use anything related to Microsoft or a Windows operating system (Mac, Linux and BSD here), further research on my end would not prove beneficial.

 

[SoCalReviews]

I'm not sure it could be classified as scareware until I've done much more research. From what I've seen, after a cursory check, Win32:Malware.Gen is Malware designed to run on a Windows machine. Being that I don't use anything related to Microsoft or a Windows operating system (Mac, Linux and BSD here), further research on my end would not prove beneficial.

If you don't send or receive documents, files, emails to and from Windows users or if you don't use MS Office or exchange MS Office compatible documents with anyone. If you don't have any Windows computers or computers with Windows VMs on your network or in your house. If you don't have anyone in your household or anyone who uses your network with a Windows computer.... then you might be ok. It still doesn't eliminate the threats since infections can come from infected flash data drives (even when new), software application downloads, bad web links, etc..

Of course one of the reasons I use Macs and Windows VMs on Macs is specifically for the enhanced security. However even for the Mac only user I would think that browser security with malicious web site protection would be helpful.

 

[revmacian]

Disabling mail app attachments downloading is actually not a bad suggestion. The problem is that a lot of users and particularly business users use file attachments for documents.... Office documents, PDF files, etc.. and to have to go through the hassle of logging into online email every time they need to look at an email document... that could be very inconvenient.

True, that could be seen as inconvenient by some. I don't see it as convenient, I'm one of those kinds of people that strive for security over convenience, so I don't mind the extra work. I would, however, recommend disabling attachments altogether and then download attachments only from known and trusted sources. This won't completely remove the threat, but it does reduce the chances.

The other issue is that not everyone is as keen at detecting fake or malicious emails. If a user is in a hurry and mistakes a fake email with a malicious attachment as a real one or if a real email from a known person is infected then this would be a problem.

Very good point. This is why I have conditioned myself to value security over convenience. If I saw an email from my credit card company, my first thought would be to investigate for fraud.. I would hop on the phone and talk to my credit card company. If the email turned out to be legitimate, then no harm done. If it turned out to be fraud, then.. again, no harm done because I was ready for it.

Security and convenience are almost always two opposite ends of the same line. Getting closer to one leads you further away from the other and I feel people need to be aware of that more often.

 

[0009827]

Like i already said, it is not news that mac users can spread malware to windows machines through malicious attachments. Of course they can. But unless you actively open this on an unpatched, unprotected windows machine- you have nothing to fear.
Unsolicited emails from "credit card company" is probably the lowest level intelligence attack- which nobody in 2019 should be tricked by. Name the last time your credit card company sent you an email? They make a point of never doing so exactly for this reason.

 

[SoCalReviews]

True, that could be seen as inconvenient by some. I don't see it as convenient, I'm one of those kinds of people that strive for security over convenience, so I don't mind the extra work. I would, however, recommend disabling attachments altogether and then download attachments only from known and trusted sources. This won't completely remove the threat, but it does reduce the chances.


Very good point. This is why I have conditioned myself to value security over convenience. If I saw an email from my credit card company, my first thought would be to investigate for fraud.. I would hop on the phone and talk to my credit card company. If the email turned out to be legitimate, then no harm done. If it turned out to be fraud, then.. again, no harm done because I was ready for it.

Security and convenience are almost always two opposite ends of the same line. Getting closer to one leads you further away from the other and I feel people need to be aware of that more often.

You made some good points as well. I just haven't found using a Mac AV as being much of an inconvenience... at least it hasn't been that way for me at all. I suppose paying for AV or having to disable AV nag screens can be a hassle... but some of these controls can be managed through the AV's preferences and settings. I would also recommend disabling sharing information about your system or applications you use if you are concerned about privacy. IMO this is also important for browser settings and for OS settings whether it's MacOS, iOS or Windows.

I forgot to mention... Hopefully you don't log in to public networks like airports, coffee shops, restaurants, etc... That was how two people I know got infections on their Macs. I realize you are steadfast at not wanting a broad spectrum Mac AV on your Macs but since you are comfortable modifying built in settings then if you haven't already done so I would recommend enabling the MacOS built in firewall which is disabled in MacOS by default.

 

[0009827]

Practicing sensible, careful computing habits is far more important than trusting your safety to a single magic bullet AV software- which in many cases increases attack vector, decreases performance and can also cause issues with o.s or other installed applications.
Most people here use extra firewalls like little snitch, lulu, vallum and murus (front end for PF) as well as on demand scanners like malwarebytes, block ads and suspicious domains with a pihole and ublock origin and encrypt internet traffic with VPN.

 

[SoCalReviews]

Like i already said, it is not news that mac users can spread malware to windows machines through malicious attachments. Of course they can. But unless you actively open this on an unpatched, unprotected windows machine- you have nothing to fear.
Unsolicited emails from "credit card company" is probably the lowest level intelligence attack- which nobody in 2019 should be tricked by. Name the last time your credit card company sent you an email? They make a point of never doing so exactly for this reason.

What about if a friend or family member uses your Mac or logs onto your home network with another computer? Hopefully you also restrict your network access to your own secure home network and don't log onto untrusted public networks. It's amazing how many different pathways infections can utilize these days.

 

[revmacian]

You made some good points as well. I just haven't found using a Mac AV as being much of an inconvenience... at least it hasn't been that way for me at all. I suppose paying for AV or having to disable AV nag screens can be a hassle... but some of these controls can be managed through the AV's preferences and settings. I would also recommend disabling sharing information about your system or applications you use if you are concerned about privacy. IMO this is important also for browser settings and for OS settings whether it's MacOS, iOS or Windows.

I forgot to mention... Hopefully you don't log in to public networks like air ports, coffee shops, restaurants, etc... That was how two people I know got infections on their Macs. I realize you are steadfast at not wanting a broad spectrum Mac AV on your Macs but I would still recommend you enable the MacOS built in firewall which is disabled on most Macs by default.

Another good point - users never know the trust level of the computer that is hosting a public wifi access point. No, I never allow public wifi access points to be used on any of my devices - one of the reasons I insist on cellular versions of iOS devices.

Enabling the firewall and FileVault are at the top of my list when setting up a Mac.
Additionally, I have personal rules:

• never download any file or attachment unless I know who it's from and what it's supposed to provide
• never blindly click on any link anywhere
• don't visit any website out of simple curiosity - I must have a reason for being there
• never let any device out of my sight when in public
• any device that has been accessed by a stranger (ex. repair person) is to be considered compromised and requires a full wipe+reinstall
• software will only be installed after thorough research - including the developer(s)

Have I been accused of overkill? Many times. Do I care? Nope.

 

[SoCalReviews]

Another good point - users never know the trust level of the computer that is hosting a public wifi access point. No, I never allow public wifi access points to be used on any of my devices - one of the reasons I insist on cellular versions of iOS devices.

Enabling the firewall and FileVault are at the top of my list when setting up a Mac.
Additionally, I have personal rules:

• never download any file or attachment unless I know who it's from and what it's supposed to provide
• never blindly click on any link anywhere
• don't visit any website out of simple curiosity - I must have a reason for being there
• never let any device out of my sight when in public
• any device that has been accessed by a stranger (ex. repair person) is to be considered compromised and requires a full wipe+reinstall
• software will only be installed after thorough research - including the developer(s)

Have I been accused of overkill? Many times. Do I care? Nope.

Those are excellent suggestions that Mac users like you or I might want to follow but most computer users don't remember, don't understand or find it too much of an inconvenience to follow those suggestions. I did want to say that just because I advocate Mac AV for Mac users doesn't mean I don't have concerns about AV software as well. Mainly my concerns regard privacy. Many AVs including the free ones do analytics and some do partial data collection.

If you use the browser protection then unless you go into the settings and opt out of sending the information to the AV software company then the web sites you visit might be their information too. However the same is true for most modern OS's such as Windows 10 and for most of the handheld phone and tablet devices as well. There is a trade off to blocking malicious access to your devices vs. allowing some limited access by an AV software company who you have decided to trust.

I believe Safari has enhanced privacy protection in the more recent MacOS 10.14.x Mojave releases. It's good to read that this is a concern that Apple has been addressing for Mac users.

 

[revmacian]

Those are excellent suggestions that Mac users like you or I might want to follow but most computer users don't remember, don't understand or find it too much of an inconvenience to follow those suggestions. I did want to say that just because I advocate Mac AV for Mac users doesn't mean I don't have concerns about AV software as well. Mainly my concerns regard privacy. Many AVs including the free ones do analytics and some do partial data collection.

If you use the browser protection then unless you go into the settings and opt out of sending the information to the AV software company then the web sites you visit might be their information too. However the same is true for most modern OS's such as Windows 10 and for most of the handheld phone and tablet devices as well. There is a trade off to blocking malicious access to your devices vs. allowing some limited access by an AV software company who you have decided to trust.

I've no interest in AV software.

 

[SoCalReviews]

I've no interest in AV software.

Yes, we know this but you do like posting in threads about it.

 

[0009827]

Those are excellent suggestions that Mac users like you or I might want to follow but most computer users don't remember, don't understand or find it too much of an inconvenience to follow those suggestions. I did want to say that just because I advocate Mac AV for Mac users doesn't mean I don't have concerns about AV software as well. Mainly my concerns regard privacy. Many AVs including the free ones do analytics and some do partial data collection.

If you use the browser protection then unless you go into the settings and opt out of sending the information to the AV software company then the web sites you visit might be their information too. However the same is true for most modern OS's such as Windows 10 and for most of the handheld phone and tablet devices as well. There is a trade off to blocking malicious access to your devices vs. allowing some limited access by an AV software company who you have decided to trust.

I believe Safari has enhanced privacy protection in the more recent MacOS 10.14.x releases like Mojave. It's good to read that this is a concern that Apple has been addressing.

Please provide facts to back up your statements, else we disregard them as your OPINIONS. Because it seems to me that because you have a paid AV, you need to reassure yourself that you did not waste your money.
Which free AV for macOS are you accusing of harvesting user data? Links to credible articles please.
Which "browser protection" are you speaking about?
Please name 1 single virus in the wild which macOS is vulnerable to
Show me 1 windows virus which can spread itself with no deliberate user interaction onto macOS or linux via my home network.
Not meaning to cause arguments, but i want facts.

 

[jerwin]

Malware-gen [Trj]

which, if googled, leads to hundreds of less than helpful webpages, all written in MadLibs style.

It's as if they were clueless students, raising their hands in hopes that a) the teacher might think them prepared for class and b) if called upon, they could ******** an answer in 30 seconds flat.

 

[0009827]

Yes, we know this but you do like posting in threads about it.

Seems relevant seeing as this is the entire subject of this thread.
You were sent a windows trojan- OR avast made a false positive (which is extremely common). No news.

 

[SoCalReviews]

Please provide facts to back up your statements, else we disregard them as your OPINIONS. Because it seems to me that because you have a paid AV, you need to reassure yourself that you did not waste your money.
Which free AV for macOS are you accusing of harvesting user data? Links to credible articles please.
Which "browser protection" are you speaking about?
Please name 1 single virus in the wild which macOS is vulnerable to
Show me 1 windows virus which can spread itself with no deliberate user interaction onto macOS or linux via my home network.
Not meaning to cause arguments, but i want facts.

I specifically don't want this thread to degenerate into a Mac AV vs. No Mac AV... and "show me the virus" thread. That topic has been been gone through enough already.

In reply to your viruses via network question... We are talking about general infections which include all malicious threats. There are many sites that discuss the topic of network related infections.

Note that there are examples where routers can become infected and redirect users to fake malicious web sites. Mac AV with browser security software could potentially help protect against malicious links.

 

[0009827]

I specifically don't want this thread to degenerate into a Mac AV vs. No Mac AV... and "show me the virus" thread. That topic has been been gone through enough already.

In reply to your viruses via network question... We are talking about general infections which include all malicious threats. There are many sites that discuss the topic of network infections.

The link you posted was first grade school level at best and in no way covers the question i just asked you. To note: It was you which started this AV vs no AV -show me the virus thread in the first place. The rest of us have posted USEFUL information.

 

[SoCalReviews]

Seems relevant seeing as this is the entire subject of this thread.
You were sent a windows trojan- OR avast made a false positive (which is extremely common). No news.

It's news if it had the potential to corrupt MS Office, a Windows computer or a Windows VM that I and millions of other Mac users use.
[doublepost=1548367629][/doublepost]

The link you posted was first grade school level at best and in no way covers the question i just asked you.

Relax...I just grabbed a random link discussing network security and antivirus software.

To note: It was you which started this AV vs no AV -show me the virus thread in the first place. The rest of us have posted USEFUL information.

Regarding Mac Antivirus software blocking an infected file attachment... We will let the forum readers decide what information is useful. That isn't something either one of us is going to decide for them.

 

[0009827]

It's news if it had the potential to corrupt MS Office, a Windows computer or a Windows VM that I and millions of other Mac users use.
[doublepost=1548367629][/doublepost]
Regarding Mac Antivirus software blocking an infected file attachment... We will let the forum readers decide what information is useful. That isn't something either one of us is going to decide for them.

You had better make a thread for every single piece of windows malware then. It's gonna be a long night!

 

[SoCalReviews]

You had better make a thread for every single piece of windows malware then. It's gonna be a long night!

That type of discussion has already been done. This thread is about the experiences of Mac users who use Mac broad spectrum antivirus software.

 

[Howard2k]

Another good point - users never know the trust level of the computer that is hosting a public wifi access point. No, I never allow public wifi access points to be used on any of my devices - one of the reasons I insist on cellular versions of iOS devices.

Enabling the firewall and FileVault are at the top of my list when setting up a Mac.
Additionally, I have personal rules:

• never download any file or attachment unless I know who it's from and what it's supposed to provide
• never blindly click on any link anywhere
• don't visit any website out of simple curiosity - I must have a reason for being there
• never let any device out of my sight when in public
• any device that has been accessed by a stranger (ex. repair person) is to be considered compromised and requires a full wipe+reinstall
• software will only be installed after thorough research - including the developer(s)

Have I been accused of overkill? Many times. Do I care? Nope.

Good list. Some overkill, agreed, but I would also add that it’s worth operating the computer from a non-admin account.