|
Keydnap
OSX.Keydnap is a MacOS X based Trojan horse that steals passwords from the iCloud Keychain of the infected machine. It uses a dropper to establish a permanent backdoor while exploiting MacOS vulnerabilities and security features like Gatekeeper, iCloud Keychain and the file naming system. It was first detected in early July 2016 by ESET researchers, who also found it being distributed through a compromised version of Transmission Bit Torrent Client. Technical details Download and installation OSX.Keydnap is initially downloaded as a Zip archive. This archive contains a single Mach-O Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the M ... file and a Resource fork containing an icon for the executable file, which is typically a JPEG or text file image. Additionally, the dropper ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
MacOS Malware
macOS malware includes viruses, trojan horses, worms and other types of malware that affect macOS, Apple's current operating system for Macintosh computers. macOS (previously Mac OS X and OS X) is said to rarely suffer malware or virus attacks, and has been considered less vulnerable than Windows. There is a frequent release of system software updates to resolve vulnerabilities. Utilities are also available to find and remove malware. History Early examples of macOS malware include MP3Concept (discovered 2004, a benign proof of concept for a trojan horse), Leap (discovered in 2006, also known as Oompa-Loompa) and RSPlug (discovered in 2007). An application called MacSweeper (2009) misled users about malware threats in order to take their credit card details. The trojan MacDefender (2011) used a similar tactic, combined with displaying popups. In 2012, a worm known as Flashback appeared. Initially, it infected computers through fake Adobe Flash Player install prompts, but i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
MacOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and laptop computers it is the second most widely used desktop OS, after Microsoft Windows and ahead of ChromeOS. macOS succeeded the classic Mac OS, a Mac operating system with nine releases from 1984 to 1999. During this time, Apple cofounder Steve Jobs had left Apple and started another company, NeXT, developing the NeXTSTEP platform that would later be acquired by Apple to form the basis of macOS. The first desktop version, Mac OS X 10.0, was released in March 2001, with its first update, 10.1, arriving later that year. All releases from Mac OS X 10.5 Leopard and after are UNIX 03 certified, with an exception for OS X 10.7 Lion. Apple's other operating systems (iOS, iPadOS, watchOS, tvOS, audioOS) are derivatives of macOS. A promi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Trojan Horse (computing)
In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some form of social engineering; for example, where a user is duped into executing an email attachment disguised to appear innocuous (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller who can then have unauthorized access to the affected computer. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves. Use of the term It's not clear where or when the concept, and this term for it, was first used, but by 1971 the first Unix manual assumed its r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Dropper (malware)
A dropper is a kind of Trojan that has been designed to "install" malware (virus, backdoor, etc.) to a computer. The malware code can be contained within the dropper in such a way as to avoid detection by virus scanners; or the dropper may download the malware to the targeted computer once activated. There are two types of droppers. The first is known as a persistent dropper. It is very dangerous because upon running the malware it hides itself on the device. It then modifies the system registry keys. Even if the malware is removed the hidden file will execute upon rebooting the system. This allows it to reinstall the malware even if it was previously removed. The second type is known as a non-persistent dropper. It is less dangerous because upon executing its payload it removes itself from the system. This way, when the malware is removed it will not be able to reinstall itself. A Trojan works by disguising itself into another program. It then requires the user to click on it ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Gatekeeper (macOS)
Gatekeeper is a security feature of the macOS operating system by Apple. It enforces code signing and verifies downloaded applications before allowing them to run, thereby reducing the likelihood of inadvertently executing malware. Gatekeeper builds upon File Quarantine, which was introduced in Mac OS X Leopard and expanded in Mac OS X Snow Leopard. The feature originated in version 10.7.3 of Mac OS X Lion as the command-line utility . A graphical user interface was originally added in OS X Mountain Lion (10.8) but was backported to Lion with the 10.7.5 update. Functions Configuration In the security & privacy panel of System Preferences, the user has three options, allowing apps downloaded from: The command-line utility provides granular controls, such as custom rules and individual or blanket permissions, as well as an option to turn Gatekeeper off. Quarantine Upon download of an application, a particular extended file attribute ("quarantine flag") can be a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zip (file Format)
ZIP is an archive file format that supports lossless data compression. A ZIP file may contain one or more files or directories that may have been compressed. The ZIP file format permits a number of compression algorithms, though DEFLATE is the most common. This format was originally created in 1989 and was first implemented in PKWARE, Inc.'s PKZIP utility, as a replacement for the previous ARC compression format by Thom Henderson. The ZIP format was then quickly supported by many software utilities other than PKZIP. Microsoft has included built-in ZIP support (under the name "compressed folders") in versions of Microsoft Windows since 1998 via the "Windows Plus!" addon for Windows 98. Native support was added as of the year 2000 in Windows ME. Apple has included built-in ZIP support in Mac OS X 10.3 (via BOMArchiveHelper, now Archive Utility) and later. Most free operating systems have built in support for ZIP in similar manners to Windows and Mac OS X. ZIP files ge ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mach-O
Mach-O, short for Mach object file format, is a file format for executables, object code, shared libraries, dynamically-loaded code, and core dumps. It was developed to replace the a.out format. Mach-O is used by some systems based on the Mach kernel. NeXTSTEP, macOS, and iOS are examples of systems that use this format for native executables, libraries and object code. Mach-O file layout Each Mach-O file is made up of one Mach-O header, followed by a series of load commands, followed by one or more segments, each of which contains between 0 and 255 sections. Mach-O uses the REL relocation format to handle references to symbols. When looking up symbols Mach-O uses a two-level namespace that encodes each symbol into an 'object/symbol name' pair that is then linearly searched for, first by the object and then the symbol name. The basic structure—a list of variable-length "load commands" that reference pages of data elsewhere in the file—was also used in the executable ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Resource Fork
The resource fork is a fork (file system), fork or section of a computer file, file on Apple Inc., Apple's classic Mac OS operating system, which was also carried over to the modern macOS for compatibility, used to store structured data along with the unstructured data stored within the data fork. A resource fork stores information in a specific form, containing details such as icon bitmaps, the shapes of windows, definitions of menus and their contents, and application code (machine code). For example, a word processing file might store its text in the data fork, while storing any embedded images in the same file's resource fork. The resource fork is used mostly by executables, but every file is able to have a resource fork. The Macintosh file system Originally conceived and implemented by programmer Bruce Horn, the resource fork was used for three purposes with Hierarchical File System, Macintosh file system: * It was used to store all graphical data on disk until it was neede ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
