.EXE files infect macOS

Trend Micro experts warn that a malicious .exe file can infect users of the macOS operating system, bypassing all protection systems. The statement seems absurd, given that the .exe extension is used in Windows systems, but the experts explained in detail the design of this attack.

Researchers stumbled upon several samples of malicious .dmg files that are used in the macOS system. They were disguised as installation files of various popular programs and were distributed on torrent sites.

What is most interesting is that these samples included an EXE application compiled using the Mono framework, which makes files of this format compatible with macOS. Mono is an open source implementation of the Microsoft .NET Framework that allows developers to create cross-platform programs.

Usually EXE files when trying to run on macOS give an error. Another important fact is that security features like Gatekeeper do not scan .exe files for malicious code. Fake installer, discovered by experts, is disguised as an installation file from the Little Snitch firewall:

During the installation process, the malware prompts the user to install an advanced set, some of which are disguised as Adobe Flash Media Player and Little Snitch. Experts could not identify any specific pattern of these attacks.

… We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks since it is an unsupported binary executable in Mac systems by design. We think that the cybercriminals are still studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cybercriminals can use this information and routine. Users should avoid or refrain from downloading files, programs, and software from unverified sources and websites, and install a multi-layered protection for their individual and enterprise systems.

Trend Micro Solutions

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button