The latest discovery, announced in a blog post Friday by Intego (opens in new tab) and called OSX/CrescentCore, has been found on several websites, including a sketchy comic-book-download site. Intego warned users of “seemingly innocuous” Google search results that could lead to the malware. CrescentCore is a Trojan horse: It looks like an Adobe Flash Player installer or updater. But it can evade both your antivirus software and Apple’s built-in protections, and also can make it difficult for malware analysts to spot it running on a virtual machine. To avoid infection by CrescentCore, don’t install software from dubious sources, especially those that want you to install Flash Player or another piece of software to view content. You should also be running Mac antivirus software and update the OS, browsers and browser extensions as soon as security patches are released. MORE: Apple Macs Have a Huge Security Flaw and There’s No Fix OSX/CrescentCore is just one of several Mac security threats uncovered in the past month. Intego, which recently revealed two other Mac malware strains, OSX/Linker and OSX/New Tab, calls CrescentCore “the next generation of fake Flash Player malware.” The versions Intego found were signed with Apple-trusted developer certificates, which let CrescentCore slide right past the macOS Gatekeeper program. The abused certificates have been reported to Apple. According to Intego’s blog post, the CrescentCore malware scans Macs for several popular antivirus tools, and if it detects them, will simply stop running. It will also shut down if it thinks it’s running on a virtual machine – a computer OS running inside another computer OS – rather than on an actual Mac. But if neither of these conditions are true and there’s nothing blocking CrescentCore, then one version of the malware installs “LaunchAgent,” described as a “persistent infection,” while another installs either “Advanced Mac Cleaner” or a Safari extension. “As a general rule, nobody should be installing Flash Player in 2019 — not even the real, legitimate one,” Intego said in the post. Adobe is ending all development and distribution of Flash Player by the end of 2020. The Flash Player plugin has been disabled by default on Macs since 2016’s macOS 10.12 Sierra. In other words, don’t download anything that even resembles Flash Player, especially if you’re not running an antivirus program on your computer. The OSX/CrescentCore announcement comes just after Intego unmasked OSX/Linker, a piece of malicious software that attempts to hijack control of your system, turn it into a cryptocurrency miner, draft it into a botnet, and leverage it for personal information. The malware, which was disclosed by researcher Filippo Cavallarin last month, works by loading installers from a network-shared disk, which is outside Gatekeeper’s domain. Earlier this month, another zero-day vulnerability was discovered (and subsequently patched) by Mozilla. It was a Firefox flaw on all platforms, but was exploited to attack cryptocurrency traders using Macs. The recent discoveries are a warning that more and more malware creators are taking the time to develop malware for macOS, a platform once assumed to have too small a market share to be worth attacking. And again, Flash = bad. Image credit: Flying Object/Shutterstock
macOS Guide
Previous TipNext Tip
How to Password Protect a Folder in a MacHow to Force Quit or Close Frozen ApplicationsMove Your Mac files to a Windows PCHow to Dual-Boot Windows and macOSIncrease the Text Size on Your MacInstall or Uninstall Mac AppsHow to Eject USB Devices and Memory Cards in macOSSwitch Between Open Apps in macOSHow to Unlock a MacBook with Your Apple WatchClean Out Your macOS LaunchPadHow to Use Trackpad Gestures to Navigate macOSHow to Use Right-Click in macOSUse Siri on Your MacHow to Customize the Notification CenterAdd a Signature to PDFs with Mac PreviewUse Memories in the Photos App on MacHow to Use Night Shift in macOSHow to Change Your Mac’s PasswordHow to Edit Siri’s Activation Keyboard Shortcuts on macOSChange Views in FinderUse macOS Dark ModeTransfer Files with AirDropHow to Use Mission Control on a MacUse Optimized StorageHow to Enable Parental Controls on a MacHow to Mark Up PDFs in macOSBack Up Mac with Time MachineHow to Use Dictation on a MacHow to Use the macOS FeatureUse Apple Pay in macOSHow to Block Websites on Your Mac