New Security Flaw in macOS Allows Silent Installation of Malicious Apps
Discover the latest macOS vulnerability enabling stealth installation of harmful software, risking your personal data and passwords.
As macOS continues to grow in popularity, an increasing number of developers are creating harmful applications targeting this platform. Recently, a new type of malware was discovered online that silently installs Safari extensions or third-party apps without the user's awareness, potentially gaining access to sensitive password data.
Investigations revealed that the threat originates from an Israeli company named Genieo Innovation, which has a notorious reputation for producing unwanted 'junk' applications for Mac devices. However, this time, the company has taken their tactics even further.
The attack works as follows: a Safari extension or external application is delivered to the Mac. Normally, the system prompts the user for permission before installation. But here’s the catch — the “OK” button is pressed automatically by the malware. This happens so rapidly, within just a few seconds, that most users won’t even realize an installation took place. A quick video demonstration shows how the prompt appears, the confirmation is triggered, and the window closes almost instantly.
Interestingly, automatic confirmation buttons are typically designed to assist users with visual impairments or other accessibility challenges. Unfortunately, this feature is being exploited maliciously to bypass user consent and introduce new security risks. Thomas Reed from Malwarebytes expressed surprise that this technique had not been utilized sooner.
As a result, Genieo can gain access to passwords stored in the Mac Keychain, opening the door to iCloud and Gmail accounts. Users are unlikely to notice the fleeting pop-up windows, which disappear within seconds. The only way to resolve this issue is by manually removing the malicious applications from the system.
Stay vigilant and regularly check your installed extensions and apps to protect your data from such covert threats.
(via)
Discover engaging topics and analytical content in Browser Technologies as of 07-07-2016. The article titled " New Security Flaw in macOS Allows Silent Installation of Malicious Apps " provides new insights and practical guidance in the Browser Technologies field. Each topic is meticulously analyzed to deliver actionable information to readers.
The topic " New Security Flaw in macOS Allows Silent Installation of Malicious Apps " helps you make smarter decisions within the Browser Technologies category. All topics on our website are unique and offer valuable content for our audience.