New Mac Malware Can Pass Through Gatekeeper Software Undetected

Mughthesec is a new version of the OperatorMac family of malware that has long targeted Mac users. However, Mughthesec has a rare and dangerous feature—a MAC-address-based anti-VM detection system combined with a valid Apple developer certificate. That means the malware can pass through Apple's Gatekeeper system undetected.

Mughthesec is adware that spreads by installing a legit version of the Adobe Flash Player for Mac accompanied by unwanted adware—an app named Advanced Mac Cleaner and two Safari extensions named Safe Finder and Booking.com. Cybersecurity experts believe users become infected by clicking on malicious ads or "pop-ups on shady websites."

The only way infected users can definitively remove both Mughthesec and all its secondary payloads is to completely reinstall their operating system. Catalin Cimpanu "New Mac Adware Mughthesec Will Cause Serious Headaches," www.bleepingcomputer.com (Aug. 10, 2017).


Commentary and Checklist

Mughthesec is a difficult to get rid of if your Mac becomes infected. You will need the assistance of an IT professional.

Fortunately, there are steps you can take to help prevent malware infection in the first place. Install security software, including anti-virus and anti-spyware software, and a firewall on all computers and devices. Set your security software, internet browser, and operating system to update automatically.

Do not click on any links or open any attachments sent in emails unless you are certain what it is—even if the email is sent from someone you know, a hacker could have accessed the person’s email account.

Only download and install software from trusted websites, and avoid downloading free online software. Set your browser’s security setting to detect unauthorized downloads.

Never click on any links in a pop-up window, and always close pop-ups by clicking the “X” in the title bar. Install a pop-up blocker on your computer. Never download software in response to an unexpected pop-up, especially if it claims to have detected malware on your computer.

Tell others using your devices, including your children, about how to avoid malware. Back-up your data regularly to prevent lost data if your computer is infected with malware and crashes.

Finally, use passphrases or strong passwords on all devices and accounts, and avoiding sharing files or access to your devices with people you do not know.

Here are some signs your device may be infected with malware:

  • Slowing down or crashing more than normal
  • Displaying frequent error messages
  • Failing to shut down or restart
  • Displaying numerous pop-up messages
  • Opening web pages you did not visit or sending emails you did not write
  • New toolbars or icons showing up unexpectedly
  • Your Internet home page changing suddenly and repeatedly
  • Your laptop battery draining more quickly than normal
  • Windows opening, claiming to scan your computer for viruses and finding an unrealistically large number
  • Black screens opening and closing when you start the computer
  • Emails being returned with virus warnings
  • Icons moving when you try to click on them
Finally, your opinion is important to us. Please complete the opinion survey: