Core Computing Blog

The Russians are coming...for your Mac?

We've been recommending anti-virus and anti-malware software to our clients for a year or more now. But we still get pushback on it. For the longest time, we Mac users had been free from the worry of hacking and viruses and other assorted malware. But those days are gone (and have been for a while). Enter the Russians...

The Russian hacking group APT28 has created malware that targets Macs. The malware uses Xagent which, on the Mac, is a backdoor to the system. It can be used to execute file or to log passwords, amongst other things.

How does this actually happen? Well, not being a programmer I can't give you a detailed explanation. What I can tell you, though, is that one way it executes itself is by taking advantage of a vulnerability in MacKeeper. You know, that software that is advertised as a protection and cleanup suite for your Mac? It's sneaky too...sometimes you don't even realize you've downloaded it. It shows up on speedtest.net and looks just like the kind of button you should click to start your test. Yes, even I have gotten taken by the ploy. It's not a fun experience and it's, somehow, always surprising when it happens.

Our advice, as always, is to be very careful where you go on the internet. Pay attention to everything that's clickable. And if it doesn't come from the Apple Store and you didn't go looking for it specifically, don't download it.

And always always always, if you're not sure...call us.

Read more about the hack here: https://www.macrumors.com/2017/02/14/xagent-malware-targets-macs/