▷A new attack vector in macOS would be based on Windows executables 【【2022 】】◁

The battle between hackers and security researchers continues, and in a new episode of this endless race, security researchers have found a torrent that promises to install Little Snitch, a firewall for macOS, but instead installs malware in a fairly creative way to Computers infect systems Apple without arousing suspicion. Nothing strange so far, this is how all malware tries to work.

In this case, the download contains a DMG file that after mounting (remember that DMG files in macOS They correspond to the ISO files that we normally process in Windows) shows an installer for Little Snitch. Parse the installer, a folder called MonoBundle with a number of dll files and an executable called “installer.exe”, Which They are Windows files and will not work on macOS.

Mono is a framework that enables executable files for Windows on macOS or Android, but oddly enough, this executable only works on macOS while could not be run on Windows although in this format and depending on a number of windows libraries.

quiet It is not clear how this malware works, but researchers suspect that it is one Intention to bypass a gatekeeper, the security system built into macOS that analyzes installation packages for malware and prevents system infections, although MalwareBytes, on the other hand, believes that this cannot be the case because Malware is deployed using a mach0 binary that the gatekeeper can analyze and block.

Without a doubt, it will be interesting to see where this threat ends, because Attack macOS with executables and Windows libraries it’s a less creative way of infecting an operating system.

End of article. Tell us something in the comments or come to our forum!