Tarmac

Malware targeting OSX devices is not as common as malware that goes after computers running Windows. However, that does not mean that threats that are designed to target Apple computers specifically do not exist. A significant number of Mac owners believe that their devices are impenetrable falsely because it is a misconception that has brought headaches to many Apple users. Cybersecurity researchers spotted a brand new threat that targets Mac computers earlier this year. The harmful campaigns linked to this threat were concentrated in the United States, Italy and Japan. The name of this new threat is Shlayer Trojan, and it serves as a first-stage payload. For a while, malware experts were not able to determine what is the secondary payload, which the Shlayer Trojan malware delivers. However, in a more recent operation, it was uncovered that the Shalyer Trojan is being used in unison with a threat called Tarmac. Despite managing to spot and identify the Tarmac malware, experts state that it is not clear what is the exact purpose of this threat.

The Command & Control Server is Offline

The reason that the Tarmac threat’s goal is yet to be determined is because the infrastructure behind the campaign is offline. Normally, when malware experts come across a new threat, they waste no time and begin studying and dissecting it, but in the case of the Tarmac malware, this is not an option as the attacker’s C&C (Command & Control) servers are offline and thus not reachable. Because of this, the Tarmac threat cannot communicate with the C&C server, and therefore, it cannot receive commands from its operators. Furthermore, it has been determined that one of the functionalities of the Tarmac malware is to gather data regarding the host’s software and hardware, but this also has been rendered impossible by the fact that the collected information cannot be transferred to the C&C server of the attackers.

Propagation Method

The distribution method involved in the spreading of the Shlayer Trojan and the Tarmac malware is malvertising. The con artists responsible for these campaigns attempt to trick users into clicking on a fake Adobe updates or download buttons, which are hosted on dodgy websites. Users who fall for this trickery will give the Shlayer Trojan downloader access to their system, and the threat will try to plant the Tarmac malware on the infected computer.

The fact that the infrastructure behind this campaign is offline should not trick you into thinking that it is a harmless operation. The Tarmac threat is likely rather potent as malware, which is deployed as a second-stage threat, and tends to be highly weaponized. Make sure that you download and install a legitimate anti-virus tool that will keep your Mac safe in the future.