This post will be useful for both prevention and troubleshooting in the context of the MacitNow adware infection. This add-on, which targets Safari, Chrome and Firefox on the compromised Mac box, triggers an unreasonable lot of ads on any web page the user visits. While providing up-to-date e-shopping information at times, the app in question affects the user’s web browsing experience in the worst way, making sites take longer to load and hindering the regular page contents viewing. The tutorial gives you an idea of how this adware routine works and what steps are to be taken to get rid of the problem.
Ads on websites are useful as long as the amount thereof is reasonable. Redundancy and intrusiveness are the things that turn e-commerce data into a problem and an irritation factor. This is what happens when apps like MacSpend operate in a Mac machine. In this case, tons of ads appear in places where they normally wouldn’t be displayed, which causes the affected Mac users a great deal of web browsing hurdles. This post contains an investigative report about the MacSpend application and provides instructions on removing it.
Out of all the versatile sorts of Internet advertising and promotion, the authors of MacGlobalDeals app for Mac OS X chose an unwelcome path based on highly intrusive techniques. The way it works involves trespassing of the malicious code on the user’s machine via obscure drive-by tricks, and then installing a browser extension which deploys a noxious ad placement activity regardless of the victim’s discretion. This post reflects in-depth dissection of this Mac adware and provides effective removal instructions.
The focus of this part of Sarah Edwards’ presentation is entirely on Mach-O binaries. In particular, the highlighted aspects include properties of these Mac OS X files, characteristics of universal/fat binaries, file signatures and code signed binaries. Furthermore, binary analysis using commands and such tools as MachOView and Hopper is graphically illustrated to give you a better idea of the capabilities and features provided by these apps.
This is the first part of a series of posts reflecting the Security B Sides presentation done by Sarah Edwards, experienced digital forensic analyst. The subject matter includes an overview of tools and methods which are applicable to reverse engineer the infections tailored for Mac. In particular, the presentation covers file types and instruments in the context of static analysis as well as such components of dynamic analysis as virtualization and application tracing, with some illustrations being provided along the way.
Mac Defender, also known as Mac Protector, is notorious scareware designed to specifically infect Mac boxes. It is one of the malicious applications that pioneered in the realm of Macs, and after years since the launch it appears to still be active. What Mac Defender does is it runs bogus scans of the system and states that malware has been detected, thus forcing users to register its paid version. So learn the background of this infection and get advised on Mac Defender removal.