CrescentCore Mac Malware Outsmarts Apple: What to Do
There's yet another piece of Mac malware able to outsmart Apple's security protections.
The latest discovery, announced in a blog post Friday by Intego and called OSX/CrescentCore, has been found on several websites, including a sketchy comic-book-download site. Intego warned users of "seemingly innocuous" Google search results that could lead to the malware.
CrescentCore is a Trojan horse: It looks like an Adobe Flash Player installer or updater. But it can evade both your antivirus software and Apple's built-in protections, and also can make it difficult for malware analysts to spot it running on a virtual machine.
To avoid infection by CrescentCore, don't install software from dubious sources, especially those that want you to install Flash Player or another piece of software to view content. You should also be running Mac antivirus software and update the OS, browsers and browser extensions as soon as security patches are released.
MORE: Apple Macs Have a Huge Security Flaw and There's No Fix
OSX/CrescentCore is just one of several Mac security threats uncovered in the past month. Intego, which recently revealed two other Mac malware strains, OSX/Linker and OSX/New Tab, calls CrescentCore "the next generation of fake Flash Player malware."
The versions Intego found were signed with Apple-trusted developer certificates, which let CrescentCore slide right past the macOS Gatekeeper program. The abused certificates have been reported to Apple.
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
According to Intego's blog post, the CrescentCore malware scans Macs for several popular antivirus tools, and if it detects them, will simply stop running. It will also shut down if it thinks it's running on a virtual machine -- a computer OS running inside another computer OS -- rather than on an actual Mac.
But if neither of these conditions are true and there's nothing blocking CrescentCore, then one version of the malware installs "LaunchAgent," described as a "persistent infection," while another installs either "Advanced Mac Cleaner" or a Safari extension.
"As a general rule, nobody should be installing Flash Player in 2019 — not even the real, legitimate one," Intego said in the post.
Adobe is ending all development and distribution of Flash Player by the end of 2020. The Flash Player plugin has been disabled by default on Macs since 2016's macOS 10.12 Sierra. In other words, don't download anything that even resembles Flash Player, especially if you're not running an antivirus program on your computer.
The OSX/CrescentCore announcement comes just after Intego unmasked OSX/Linker, a piece of malicious software that attempts to hijack control of your system, turn it into a cryptocurrency miner, draft it into a botnet, and leverage it for personal information.
The malware, which was disclosed by researcher Filippo Cavallarin last month, works by loading installers from a network-shared disk, which is outside Gatekeeper's domain.
Earlier this month, another zero-day vulnerability was discovered (and subsequently patched) by Mozilla. It was a Firefox flaw on all platforms, but was exploited to attack cryptocurrency traders using Macs.
The recent discoveries are a warning that more and more malware creators are taking the time to develop malware for macOS, a platform once assumed to have too small a market share to be worth attacking.
And again, Flash = bad.
Image credit: Flying Object/Shutterstock
macOS Guide
- How to Password Protect a Folder in a Mac
- How to Force Quit or Close Frozen Applications
- Move Your Mac files to a Windows PC
- How to Dual-Boot Windows and macOS
- Increase the Text Size on Your Mac
- Install or Uninstall Mac Apps
- How to Eject USB Devices and Memory Cards in macOS
- Switch Between Open Apps in macOS
- How to Unlock a MacBook with Your Apple Watch
- Clean Out Your macOS LaunchPad
- How to Use Trackpad Gestures to Navigate macOS
- How to Use Right-Click in macOS
- Use Siri on Your Mac
- How to Customize the Notification Center
- Add a Signature to PDFs with Mac Preview
- Use Memories in the Photos App on Mac
- How to Use Night Shift in macOS
- How to Change Your Mac's Password
- How to Edit Siri's Activation Keyboard Shortcuts on macOS
- Change Views in Finder
- Use macOS Dark Mode
- Transfer Files with AirDrop
- How to Use Mission Control on a Mac
- Use Optimized Storage
- How to Enable Parental Controls on a Mac
- How to Mark Up PDFs in macOS
- Back Up Mac with Time Machine
- How to Use Dictation on a Mac
- How to Use the macOS Feature
- Use Apple Pay in macOS
- How to Block Websites on Your Mac