OSX/Linker

OSX/Linker Description

Apple users often believe in the misconception that Apple devices are impenetrable by malware. This false sense of security has made many Apple users very vulnerable to cyber attacks. This tendency also has encouraged cybercriminals to create all sorts of various malware that would target machines running OSX exclusively. A vulnerability in the Gatekeeper security feature has garnered attention recently. This vulnerability would allow cybercriminals to use a specially crafted file to bypass the Gatekeeper's check, which is meant to determine whether a file is safe or it has harmful intentions, and get access to the targeted system. As of yet, a patch has not been released, which would fix the Gatekeeper tool's vulnerability.

The hacking group that is responsible for another piece of malware targeting Apple devices, namely the OSX/SurfBuyer adware campaign, has noticed the opportunities that this unpatched vulnerability presents. The group has produced a new threat, called the OSX/Linker, which is created to exploit the Gatekeeper feature's vulnerability specifically. It appears that the OSX/Linker is in early stages of development because it does not have any unsafe features added to it yet.

A common propagation method is to offer fake software installers to users. This may happen when they attempt to view particular content so that the offer to install something would seem legitimate. For example, criminals often ask users to install a bogus 'Adobe Flash Player' update when they are attempting to view some sort of media content. This is the exact strategy adopted by OSX/Linker's authors since the discovered samples were posing as an Adobe Flash Player installer/updater.

The Apple developers are in a tight race with the cybercriminals – we will see if the cyber crooks manage to weaponize the OSX/Linker before the Apple staff gets to release the security patch for the Gatekeeper tool. We recommend you to obtain a reputable anti-malware application and make sure to check for the security patch's release on a regular basis.