The Hacker News

 

 

The Hacker News

The Hacker News has been internationally recognized as a leading news source dedicated to promoting awareness for security experts and hackers // via fulltextrssfeed.com

Apple's own Encryption Mechanism allows hacker to create an Undetectable Mac OS X Malware
10/7/2013 7:17:00 PM

In the past, there was a general belief that Macs were much more secure than Windows PCs, but now Mac malware is a serious threat to the security of users' computers and information.

One of the reasons behind the increase in Mac related Malware attacks is the fact that Apple products are popular with many prominent businessmen and influential politicians.

Daniel Pistelli, Reverse Engineer and lead developer of Cerbero Profiler, former developer of IDA Pro comes up with another interesting research, and explained The Hacker News, the basic details behind the technique he used to create an undetectable malware for Mac OS X.

Apple implements internally an encryption mechanism to protect some of their own executable like "Dock.app" or "Finder.app". This encryption can be applied to malware as well. If one does, anti-malware solutions can no longer detect the malware because of the encryption, but OS X has no problem loading such malware.

These are two protection mechanism, first one is implemented through the LC_ENCRYPTION_INFO loader command and second encryption mechanism which is actually being used internally by Apple doesn't require a loader command, which is not documented.

This same protection mechanism can be used on existing malwares that are already detected by Anti-malware products, to make them completely undetectable. Those same anti-malware products can no longer detect the malware because they don't understand it's encrypted.

Currently, it's true that there are fewer malware programs that are targeting Mac OS X  versus Windows. However, that doesn't mean that Macs are totally secure.

To mitigate this problem Daniel suggests Anti-Malware product makers to check the presence of encrypted segments and trust only executable with a valid code signature issued by Apple.

The events of recent years have led many users to question just how secure Mac really is.

Author

Mohit Kumar aka 'Unix Root' is Founder and Editor-in-chief of 'The Hacker News'. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks.
Follow him @ Twitter | LinkedIn | Google | Email | Facebook Profile

Popular Stories

 

You are receiving this email because you subscribed to this feed at feedmyinbox.com

If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions