Doesn’t change the fact that GOVs are providing malicious actors a way of getting malware onto the devices of their citizens… a way that doesn’t currently exist. I don’t doubt that there’s a good number of people/entities in favor of drastically increasing the malware on iOS devices.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More
- Thread starter MacRumors
- Start date
- Sort by reaction score
This has always bugged me. Many apps don't require you to enter your precious password for installation or update, but many others do require your password. How would a user know when feeding their password into that the dialog box that it's one presented to the user via macOS or one constructed by the app itself that mimics the macOS dialog box (where you subsequently give your unencrypted password to the app itself as a result).
Outgoing firewall that will provide alerts can be helpful because it will tell you when a program tries to connect to a service online. Little Snitch and Lulu are the most used firewalls I think. https://objective-see.org/products/lulu.html
Note that this will not help in case of ransomware, of course. If your stuff gets encrypted, well it has been done. But for malware that connects to internet endpoints.
Tip: when installing any software and suddenly appears a system prompt asking your system password or AppleID, type an incorrect password and see what it happens. If it's really macOS asking for it, it will not accept an incorret password. But a fake prompt will accept any wrong password.
A .dmg file is used to get the malware on a victim's machine, and once installed, it immediately begins accessing sensitive information and sending it to a remote server. A fake system prompt is presented to get access to the system password, and it asks for access to files in the documents and desktop folders.
No problem, do whatever you want.
But I don't want my OS locked down because of anyone else's paranoia.
Well written apps don’t require one to enter their passwords. These days, I’d say anyone entering a password (for an app that’s not malware) is doing so because the app does a thing not supported by Apple’s API’s (which, while it’s a shrinking list, will never be zero). A person that’s never used a Mac before (don’t have legacy apps doing legacy things) that buys a Mac today won’t see a password entry screen very often.
Yes, but entering your password to install a new application is a normal step, right? So if you've downloaded an application, expecting it to show up as a .dmg, but it is actually the malware instead of what you thought it was, then you are pretty much headed down the path and unlikely to not enter your password.
There are still many many apps that require passwords, especially apps that need permissions to work ,or installing a helper
On top of my head , a few apps i installed and use :
Adguard,aldente,istats, onyx
Amen! Apple refuses to allow it because something something corporate greed something something something Tim Cook is mean something something control everyone and everything in the world.
also /s
i got your point, and it's a fair one. malware apps always target people, who don't have a sound understanding of their computer. sadly, there are many out there, they're the majority.
there are two things that might help in such situations:
- actually reading what's written there and understanding (read: not blindly trusting) why it happens
- use touchID if you have access to it (or whatever biometric authentication will be available in the future with macOS)
had to come back to thank you again for this wonderful wonderful trick . love
For good reasons. Opponents of the current leadership in Russia either end up in prison or have very short lives, even if they have moved overseas.
Does it somehow bypass Apple's default "Allow applications downloaded from:" setting?
Not foolproof (it's probably not hard to check a password before accepting it) but a really good idea none-the-less to catch less sophisticated attempts.
Those of you who do tech support for friends and family, need to warn them about blindly clicking and downloading software etc.
It's very weird that macOS allows an third-party app to try/check the system password.
Then, those apps are either
a. poorly written, or
b. intentionally not using Apple’s API’s
Keychain is on the list (look at the first list, not browsers list).
Browsers (excluding safari) store the data independent on their own secure database locally. But if you infect them, you can get those passwords. Safari store the data in the keychain, that is why infecting safari for the passwords is a bit pointless.
When the maleware is installed on the mac, and ask for the password, it can use that password to get access to the keychain. It doesn't need to do that through safari.
Access to the keychain though will not provide access to firefox or chrome passwords. That is why it is separately designed to take data from chrome passwords.
I haven't thought it through, but would it be possible to try and launch ssh in the background or something and check for success?
Me neither. Sideloading has been a blessing on the Mac. I never encountered one of those "also on the Mac" malware. It's more of a myth than triple-A gaming on Mac. My only worry is, if it's not already to late for iOS to develop a thriving third-party ecosystem?
Get a Magic Keyboard with TouchID. If it's a real prompt from macOS, you will be able to use your fingerprint to allow access to install. You only need to type in your actual unencrypted password once after boot up.
Sounds more like you should have a "user" account and an admin account for installation of apps. There is a LOT of people that don't do this - especially on Windows.
^ Good to know, thanks.Except Apple allows crapware onto their Mac App store too
PSA: Watch Out for Fake ChatGPT Apps and Other Scams in the Mac App Store
There have long been complaints from developers and App Store users about apps that offer limited functionality and charge high prices in an effort...www.macrumors.com
not to mention all the junk on their iOS App store
People say this until it is one of their own who becomes a victim of zero click attacks and malware.
The OS is closed source. It’s already locked down. It’s a commercial product. It’s also a big fat target for the worlds worst criminals and dictators who have been getting more and more confident in recent times thanks to crypto networks they have been using to steal billions from the masses and using some of that for bribes.