New Mac backdoor using antiquated code

[Cox Orange]

Would this affect us PowerPC-Users as well?
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/

PS: and since some of us are using Intel Macs and the app Handbrake, too. Handbrake has spread malware from May 2nd to 6th. Google for it in english, I read it on a german mac-website.
Ah, found it https://forums.macrumors.com/thread...load-server-hack.2044676/page-2#post-24559546

 

[amagichnich]

I'd say yes, it does affect us 'ancient' system calls, pearl and java...

 

[Riku7]

Is that a threat to every computer that has Handbrake installed, or only those who downloaded the app during the mentioned time range?

Edit:// Actually going back to page 1 of the linked thread...

The affected server has been shut down for investigation, but developers are warning that users who downloaded the software from the server between 14:30 UTC May 2 and 11:00 UTC May 6 have a 50/50 chance of their system being infected by a trojan. "If you see a process called 'Activity_agent' in the OS X Activity Monitor application, you are infected," read the alert.

 

[bobesch]

Malwarebytes offers a anti-malware-software for free (https://www.malwarebytes.com/mac/?utm_source=blog&utm_medium=social).
Unfortunately support starts with OS X 10.9
I wonder, if malware-detection could also work with scanning a PPC in target-mode from an intel-mac with that Malwarebytes-software?

 

[eyoungren]

Malwarebytes offers a anti-malware-software for free (https://www.malwarebytes.com/mac/?utm_source=blog&utm_medium=social).
Unfortunately support starts with OS X 10.9
I wonder, if malware-detection could also work with scanning a PPC in target-mode from an intel-mac with that Malwarebytes-software?

If we're talking Anti-Virus: ClamXV for PowerPC

2.2.1 for Tiger and 2.5.1 for Leopard can be found here: https://web.archive.org/web/20131008200550/http://www.clamxav.com/download.php

Note that I make assumptions that virus definitions would be updated.

 

[thomasareed]

Would this affect us PowerPC-Users as well?
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/

I didn't see this before, but in short: no, not fully.

Quimitchin, aka Fruitfly, did include things like perl and Java that would work on PowerPC Macs (although I haven't verified that the particular scripts it uses will function properly on PowerPC). However, one component of the malware was a binary executable file compiled for Intel chips only, and no PowerPC code.

For that matter, other than some of the malware written entirely in python, I don't think any of the malware that has appeared this year so far would function on a PowerPC Mac. Even the ones written in python would probably not function fully - if at all - on such an old system, as they're written with certain assumptions about the environment they're running in.

If you're still running a PowerPC Mac, you're pretty safe simply because of the antiquity and rarity of such Macs. There will be no future malware designed to target such Macs, any more than there will be new malware to target the Apple II or the Commodore 64.