Posted on October 2, 2020![For For](/uploads/1/2/6/4/126459489/862354730.png)
Filed under Computer Security News, Advisories, Blog and Reviews for Everything Apple & Mac Security OS X, Malware Apple T2 chip.
Keep your Mac safe.
Researchers at Amnesty International have just announced the discovery of FinSpy spyware variants that target macOS and Linux users. In this article, we’ll tell you what they found, share some technical details uncovered by Amnesty’s malware analysts, and explain what it means for security and privacy.
What is FinSpy?
FinSpy is commercial spyware, produced by a private company and sold to law enforcement and intelligence agencies around the world. There are (arguably) legitimate uses of such monitoring software, for example in criminal and anti-terrorism investigations; however, FinSpy’s manufacturers have come under fire for selling their product to repressive and anti-democratic regimes that use the software to surveil human rights activists, journalists, dissidents, and even opposition political parties. FinSpy has been used in this manner in Bahrain, Ethiopia, Uganda, and Egypt.
In his current position as a PC Magazine Lead Analyst he evaluates and reports on security solutions such as firewalls, anti-virus, anti-spyware, ransomware protection, and full security suites. Protect your Mac from malware. MacOS has many features that help protect your Mac and your personal information from malicious software, or malware.One common way malware is distributed is by embedding it in a harmless-looking app. Advanced cyber security for Mac. Protects you against all types of malware, including viruses, ransomware, worms and spyware. Secure your online identity. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security.
What can FinSpy do?
FinSpy is designed to provide full-spectrum surveillance on a compromised machine. According to the Amnesty International report, modern versions of FinSpy can monitor emails and communications, log keystrokes, record audio and video, gather information about network activity, and provide detailed access to system files. In addition, the spyware contains modules designed to allow attackers to control it remotely and execute commands on the infected system.
How does the macOS variant of FinSpy work?
Back in 2019, Amnesty International was investigating a coordinated phishing campaign that was targeting human rights advocates in Egypt. The attacks were attributed to the NilePhish attacker group and were believed to be state sponsored. In the course of their subsequent research, they also discovered macOS and Linux FinSpy variants — although these appeared to be the work of a different attacker altogether. A few days ago, Amnesty International publicly disclosed these new variants in an effort to help the security community as well as human rights advocates.
The macOS version of FinSpy comes in the form of a Trojanized app installer containing encrypted files. If launched, the spyware will first check to see if it is running inside a virtual machine (VM). If it isn’t, FinSpy will decrypt and unpack a Zip archive containing an installer and several tools designed to obtain elevated (administrative) system privileges. Elevated privileges are required in order for FinSpy to install its actual spyware modules and achieve persistence on the target Mac. The privilege escalation tools rely on old and long-patched (2013 and 2015) public exploits, so if the malware is unable to gain elevated privileges by using the exploits, it will default to a common trick employed by many different Mac malware variants and simply ask the user for admin permissions! Unfortunately, this tactic succeeds far more often than it should.
Once the spyware modules are installed, FinSpy will contact a command and control (C&C) server using an encrypted communications protocol. This allows the spyware to receive commands from its administrators — and give them access to the data that it steals.
What can we do about FinSpy?
![For For](/uploads/1/2/6/4/126459489/862354730.png)
FinSpy is powerful commercial spyware that has been used maliciously by multiple state actors around the world. The “good news” for most everyday Mac users is that they are far less likely to encounter FinSpy than, for example, human rights activists or political dissidents. In addition, recent versions of macOS (Catalina and Big Sur) make it harder for users to open unsigned or unvetted apps, which makes it more difficult for bad actors to trick their victims into running malicious software.
However, even with the more modern operating systems, “difficult” is not the same as “impossible”, and users of older macOS versions may still be at substantial risk from FinSpy and other forms of spyware. In addition, although “average” Mac users may not be personally at risk, they may nonetheless feel concerned about the threat that FinSpy poses to others, and especially to vulnerable groups and individuals living in oppressive regimes.
Here are four things you can do to keep yourself and others safe, both from FinSpy and from other spyware threats:
1Update, Update, Update
As Amnesty International’s analysis demonstrates, spyware may rely on exploits that already have security patches. Users of older operating systems should always update their software to the fullest extent possible. Because many forms of malware (not just FinSpy) attempt to use unpatched vulnerabilities to compromise their targets, all users should enable automatic updates. To do this on more recent versions of macOS, go to System Preferences > Software Update and select Automatically keep my Mac up to date. Under the Advanced settings, you will find an option to automatically update all App Store apps on your system, which is also recommended.
2Don’t Open Suspicious Apps
If you’re using a newer version of macOS, pay attention to all of those warnings and pop-ups! If macOS tells you that an app is unsigned, or can’t be checked for malicious content, don’t open it — and don’t go searching for some workaround that will allow you to circumvent your Mac’s built-in protections. You should only run apps from the Mac App Store, or signed apps that have been downloaded directly from developers who you know and trust.
3Speak Up
The sale of commercial spyware to despotic regimes has become a political issue. One prominent U.N. expert has recommended a global moratorium on spyware sales until safeguards designed to curb abuses of the technology can be put in place. In addition, citizens in democratic countries have been pressuring their own lawmakers to stop local companies from selling to autocratic governments abroad. In the European Union, for example, politicians are currently discussing new rules to limit the export of surveillance technologies to nations that violate human rights. Electronic Frontier Foundation (EFF) and Amnesty International’s Amnesty Tech both provide reliable information — as well as opportunities for action — on these types of issues.
4Use Malware Detection
FinSpy and other types of spyware rely on stealth tactics in order to function, and thus do everything possible to conceal themselves from their targets. For this reason, it is extremely difficult for an everyday Mac user to detect a spyware infection on their own. You should always run a reputable, regularly updated malware detection and removal tool on your Mac. MacScan 3 detects and eliminates spyware infections, and has been updated to include definitions for the newly discovered macOS variants of FinSpy.
We design Mac hardware and software with advanced technologies that work together to run apps more securely, protect your data, and help keep you safe on the web. And with macOS Catalina available as a free upgrade, it’s easy to get the most secure version of macOS for your Mac.*
Apple T2 chip.
The next generation of security.
The Apple T2 Security Chip — included with many newer Mac models — keeps your Mac safer than ever. The Secure Enclave coprocessor in the Apple T2 chip provides the foundation for Touch ID, secure boot, and encrypted storage capabilities. Touch ID gives you a seamless way to use your fingerprint to unlock your Mac, fill passwords in Safari, and make purchases with Apple Pay. Secure boot helps ensure that you are running trusted operating system software from Apple, while the Apple T2 chip automatically encrypts the data on your Mac. So you can be confident knowing that security has been designed right into the architecture of your Mac, from the ground up.
Apple helps you keep your Mac secure with software updates.
The best way to keep your Mac secure is to run the latest software. When new updates are available, macOS sends you a notification — or you can opt in to have updates installed automatically when your Mac is not in use. macOS checks for new updates every day, so it’s easy to always have the latest and safest version.
Protection starts at the core.
Spyware Security For Mac Os
The technically sophisticated runtime protections in macOS work at the very core of your Mac to keep your system safe from malware. This starts with state-of-the-art antivirus software built in to block and remove malware. Technologies like XD (execute disable), ASLR (address space layout randomization), and SIP (system integrity protection) make it difficult for malware to do harm, and they ensure that processes with root permission cannot change critical system files.
Download apps safely from the Mac App Store. And the internet.
Now apps from both the App Store and the internet can be installed worry-free. App Review makes sure each app in the App Store is reviewed before it’s accepted. Gatekeeper on your Mac ensures that all apps from the internet have already been checked by Apple for known malicious code — before you run them the first time. If there’s ever a problem with an app, Apple can quickly stop new installations and even block the app from launching again.
Stay in control of what data apps can access.
Apps need your permission to access files in your Documents, Downloads, and Desktop folders as well as in iCloud Drive and external volumes. And you’ll be prompted before any app can access the camera or mic, capture keyboard activity, or take a photo or video of your screen.
FileVault 2 encrypts your data.
With FileVault 2, your data is safe and secure — even if your Mac falls into the wrong hands. FileVault 2 encrypts the entire drive on your Mac, protecting your data with XTS-AES 128 encryption. And on Mac systems with an Apple T2 Security Chip, FileVault 2 keys are created and protected by the Secure Enclave for even more security.
Security For Mac Free
Designed to protect your privacy.
The most secure browser for your Mac is the one that comes with your Mac. Built-in privacy features in Safari, like Intelligent Tracking Prevention, help keep your browsing your business. Automatic strong passwords make it easy to create and use unique passwords for all the sites you visit. And iCloud Keychain syncs those passwords securely across all your devices, so you don’t have to remember them. You can also easily find and upgrade any weak passwords you’ve previously used (and reused and reused and reused).
Automatic protections from harmful sites.
Spyware Security For Mac Catalina
Safari also helps safeguard you against fraudulent websites and those that harbor malware — before you visit them. If a website seems suspicious, Safari prevents it from loading and notifies you. And when connecting to unencrypted sites, Safari will warn you. So everything you need to browse without worry is right at your fingertips.
Find your missing Mac with Find My.
The Find My app combines Find My iPhone and Find My Friends into a single, easy-to-use app on Mac, iPad, and iPhone. Find My can help you locate a missing Mac — even if it’s offline or sleeping — by sending out Bluetooth signals that can be detected by nearby Apple devices. These devices then relay the detected location of your Mac to iCloud so you can locate it in the Find My app. It’s all anonymous and encrypted end-to-end so no one — including Apple — knows the identity of any reporting device or the location of your Mac. And it all happens silently using tiny bits of data that piggyback on existing network traffic. So there’s no need to worry about your battery life, your data usage, or your privacy being compromised.
Best Free Spyware For Mac
Keep your Mac safe.
Even if it’s in the wrong hands.
All Mac models with the Apple T2 Security Chip support Activation Lock — just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you.