Apple Updates macOS to Detect Malware Disguised in Windows EXE Files |
Apple has updated the MacOS XProtect anti-malware framework to protect Macs in order to protect Macs against a new type of attack by using cross-platform Windows executable files. Generally considered harmless because they can not run on MacOS, Windows EXE files have been used recently due to the emergence of a cross-platform software framework, especially Mono, which was specially used for it. The EXE files can be used to run. Anonymous malware, was first reported in February this year, it appears that innocent files were bundled with pirated copies of popular Mac apps, and included mono framework in order to ensure that That they will be able to walk on the Mac. Infected Mac then sent personally identifiable information to remote servers and sent more malware to them, including advertising spam.
The threat was first reported by Trend Micro when the security firm detected such infection in the United States, Britain, Europe, Australia and South Africa. Now, Apple appears to be updated XProtect, which works in conjunction with the gatekeeper and file quarantine tool, so that such executables can be detected and prevented from harming them.
Bliping Computer reports that MacOS security expert Patrick Wardley has tweeted a screenshot and information about two new rules added on XPprotect on April 19, which specifically protect against Windows executables. Wardley explained his findings in a twitch live stream on Tuesday and said that he will soon make the video available on his YouTube channel.
Mono Framework is an implementation of Microsoft's .NET software development environment, and is developed and maintained by Microsoft subsidiary Zamorin. It allows Windows developers to map DLL file dependencies to the options in MacOS, Android, iOS, many Linux distributions, among other host OS environments, and even using some embedded operating systems such as popular game consoles. To be done
It appears that Apple has taken this threat very seriously. Many users can be assumed that Windows files can not cause any problems on Mac, but for devices like Mono Framework it is no longer correct, which are becoming more popular over time. Users should now see familiar macOS gatekeeper warnings when suspected exe files are detected or when a user tries to run them. The rules include names of known adware in the rules.
XProtect updates were released without any announcement from Apple. Its macOS does not have any visible interface, but this file binds in quarantine, which confirms that a user wants to run downloaded files from the Internet or shows users when they were downloaded and Which app through If the file contains known malware, then the file quarantine will warn users that it will harm their computers. Recent editions of MacOS include gatekeepers, which allows reliable developers to run digitally signed files without throwing such alerts.