A malicious Windows EXE file can even infect your Mac computer as well.Yes, you heard me right — a .exe malware on macOS.Security researchers at antivirus firm Trend Micro have discovered a novel way hackers are using in the wild to bypass Apple’s macOS security protection and infect Mac computers by deploying malicious EXE files that normally run only on Windows computers.Researchers found several samples of malicious macOS application (.dmg) masquerading as installers for popular software on a torrent site that includes an EXE application compiled with Mono framework to make it compatible with macOS.
Mono is an open source implementation of Microsoft’s .NET Framework that allows developers to create cross-platform .NET applications, which work across all supported platforms, including Linux, Windows and Mac OS X.Usually, running any Windows executable results in error on macOS systems, and its built-in protection mechanisms such as Gatekeeper also skips scanning .exe files for any malicious code.
“This routine evades Gatekeeper because EXE is not checked by this software, bypassing the code signature check and verification since the technology only checks native Mac files,” Trend Micro said in a blog post published Monday.
The fake installer analyzed by the researchers promised to install the Little Snitch firewall application, but also comes bundled with mono-compiled hidden payload, designed to collect and send system information about the targeted Mac computer to a remote command-and-control server controlled by the attackers.
Once installed, the exe malware then also downloads and prompts users to install various adware apps, some of which disguise as legitimate versions of Adobe Flash Media Player and Little Snitch.During their analysis, the researchers found “no specific attack pattern” associated with the malware, but their telemetry showed that the highest numbers for infections existed in the in the United Kingdom, Australia, Armenia, …