February 13, 2019 By David Bisson 2 min read

Security researchers discovered several Microsoft Windows EXE files using malicious payloads to infect macOS users with infostealers and adware.

Trend Micro found one adware-bearing sample hiding within an installer for the Windows and Mac firewall app Little Snitch, which is available for download from various torrent websites. The sample was able to bypass Mac’s Gatekeeper, since this built-in protection mechanism doesn’t conduct code signature checks for or otherwise verify EXE files on machines running macOS.

Contained within the ZIP file downloaded from the torrent websites is a DMG file that hosts the Little Snitch installer. This installer hides an EXE file that loads an infostealer. The malware then gathers basic system information, such as Memory, BootROMVersion and SMCVersion, and scans the /Application directory for installed apps, such as App Store, FaceTime and Mail. After completing these steps, the malware sends all its findings to its command-and-control (C&C) server.

Additionally, the executable is capable of downloading several files from the internet. These files, in turn, download adware and other potentially unwanted applications.

Bridging Windows and macOS With Malware

These files don’t constitute the only instance of a digital threat crossing between Windows and macOS. In May 2017, for instance, Fox-IT identified a Mac OS X version of Snake malware, which traditionally targets the Windows platform. Less than a year later, security researcher Patrick Wardle of Objective-See uncovered CrossRat, a versatile threat capable of targeting Windows, macOS and Linux machines.

In a few cases, researchers have even observed attack campaigns distributing separate threats that target Windows and Mac computers. Security researchers at Microsoft came across one such instance in 2011 containing both the Mac-based Olyx backdoor and other Windows malware.

How to Defend Against Malicious EXE Files

Security professionals can help protect against adware-laden EXE files by creating security policies that limit the types of websites from which employees can download applications. They can frame this policy within the context of a larger app approval framework through which security teams follow a logical sequence to upload/review apps and ensure vendor integration. At the same time, security professionals should apply user activity analytics to a long-term data repository to sufficiently protect corporate data against digital threats like infostealers.

More from

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Regulatory harmonization in OT-critical infrastructure faces hurdles

3 min read - In an effort to enhance cyber resilience across critical infrastructure, the Office of the National Cyber Director (ONCD) has recently released a summary of feedback from its 2023 Cybersecurity Regulatory Harmonization Request for Information (RFI). The responses reveal major concerns from critical infrastructure industries related to operational technology (OT), such as energy, transport and manufacturing. Their worries include the current fragmented regulatory landscape and difficulty adapting to new cyber regulations. The frustration appears to be unanimous. Meanwhile, the magnitude of…

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today