New Tarmac malware for macOS systems spreading through malicious ads
Security researchers just found one fresh strain of Mac malicious program although no one yet knows its full purpose as well as detail functions. The malware dubbed Tarmac (OSX/Tarmac) was spread onto devices running macOS, through rogue ad campaigns called malvertising.
The said ads executed destructive code within the web browser of Mac machines for diverting potential victims onto websites displaying pop-ups selling upgraded software often of Adobe Flash Player. End-users that believed the scheme and took down the upgraded Flash Player were left with loading twin malware programs onto their PCs, these being OSX/Shlayer and subsequently OSX/Tarmac, the former installing the latter.
As per Security Researcher Taha Karim from Confiant, the malvertising scheme spreading the twin malware, Shlayer+Tarmac began during January 2019. At the time Confiant found Shlayer, there was no knowledge of Shlayer's second phase. But, now it is known viz. the Tarmac malware that examines the hardware setup of the contaminated PC as well as communicates the configuration details to one of its C&C infrastructures.
Unfortunately, the Shlayer+Tarmac combo is still getting spread via malvertising campaigns. But fortunately, Tarmac's C&C infrastructures no longer are active; as a result the malicious program does not do anything other than reconnaissance.
Confiant researchers are therefore puzzled, not knowing Tarmac's next move. Most likely either or both of Tarmac and Shlayer will receive fresh commands customized for the contaminated PC's hardware, which they might execute incase the C&C infrastructures return online. www.tomsguide.com posted this dated October 12, 2019.
The Shlayer attack sheds its second-phase payload as Tarmac. Specialists outlined that when they were examining the malware programs, the C&C infrastructures had been withdrawn from the Net, so the samples examined happened to be more-or-less old. The specialists analyzing the malware duo observed that usually its main components were safeguarded via encryption followed with compression so their analysis would be thwarted. However, they're certain of the campaign's continuity while threat actors possibly reset the campaign's infrastructure.
According to a report by ZDNet, the malicious ad scheme, which spread Shlayer along with Tarmac, aimed attack on end-users residing inside Japan, Italy and USA.
» SPAMfighter News - 10/18/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!