{"id":133700,"date":"2019-02-13T15:55:22","date_gmt":"2019-02-13T14:55:22","guid":{"rendered":"https:\/\/www.ifun.de\/?p=133700"},"modified":"2019-02-13T15:57:54","modified_gmt":"2019-02-13T14:57:54","slug":"getarnt-als-exe-mac-schadsoftware-hebelt-systemschutz-aus","status":"publish","type":"post","link":"https:\/\/www.ifun.de\/getarnt-als-exe-mac-schadsoftware-hebelt-systemschutz-aus-133700\/","title":{"rendered":"Getarnt als .exe: Mac-Schadsoftware hebelt Systemschutz aus"},"content":{"rendered":"<p>Das Sicherheits-Team von Trend Micro, Anbieter der Security-Applikation &#8222;<a href=\"https:\/\/www.trendmicro.com\/en_us\/forHome\/products\/antivirus-for-mac.html\">Antivirus for Mac<\/a>&#8222;, berichtet in seinem <a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/windows-app-runs-on-mac-downloads-info-stealer-and-adware\/\">Hausblog<\/a> \u00fcber einen neuen Typ von Schadsoftware, der auf dem Mac als Windows-Anwendung auftritt und so in der Lage zu sein scheint, sich an Apples Systemschutz &#8222;Gatekeeper&#8220; vorbeizuschleichen. <\/p>\n<p><a href=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/little-snitch-exe.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/little-snitch-exe-500x288.jpg\" alt=\"Little Snitch Exe\" width=\"500\" height=\"288\" class=\"aligncenter size-medium wp-image-133701\" srcset=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/little-snitch-exe-500x288.jpg 500w, https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/little-snitch-exe.jpg 622w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>Die fragliche App, die \u00fcber Tauschb\u00f6rsen und Piracy-Foren verteilt wird, setzt auf <a href=\"https:\/\/www.mono-project.com\/\">das Mono-Framework<\/a>, das unter macOS \u00fcblicherweise daf\u00fcr genutzt wird .NET-Windows-Programme zu starten. Entsprechend tritt die Schadsoftware nicht mit dem K\u00fcrzel .app, sondern als .exe-Datei auf. <\/p>\n<p>Der Nebeneffekt: Apples <a href=\"https:\/\/en.wikipedia.org\/wiki\/Gatekeeper_(macOS)\">Gatekeeper<\/a>-Sicherheitsma\u00dfnahmen greifen nicht, die Systemroutine ausschlie\u00dflich Mac-Applikationen und keine Windows-Programm pr\u00fcft. <\/p>\n<p>Die Schadsoftware, die sich als Raubkopie bekannter Mac-Anwendungen wie &#8222;Little Snitch&#8220; oder &#8222;Paragon NTFS&#8220; tarnt, \u00fcbertr\u00e4gt nach der Installation zahlreiche Kenndaten (wie Seriennummer, Verzeichnis-Struktur, UUID etc.) des infizierten Macs nach Hause und wartet weitere Befehle der Kommando-Server ab.<\/p>\n<blockquote><p>Currently, running EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a mono framework installed in the system is required to compile or load executables and libraries. In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS\u2019 security features. As for the native library differences between Windows and MacOS, mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts.<\/p><\/blockquote>\n<p><a href=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac-700x477.png\" alt=\"Mono Mac\" width=\"700\" height=\"477\" class=\"aligncenter size-large wp-image-133705\" srcset=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac-700x477.png 700w, https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac-500x340.png 500w, https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac-768x523.png 768w, https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/mono-mac.png 1924w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/a><\/p>\n<h6>Mit Mono m\u00f6glich: Windows-Programme auf dem Mac<\/h6>\n","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/www.ifun.de\/getarnt-als-exe-mac-schadsoftware-hebelt-systemschutz-aus-133700\/\"><img width=\"150\" height=\"150\" src=\"https:\/\/images.ifun.de\/wp-content\/uploads\/2019\/02\/little-snitch-exe-150x150.jpg\" class=\"alignright tfe wp-post-image\" alt=\"Little Snitch Exe\" decoding=\"async\" loading=\"lazy\" \/><\/a><p>Das Sicherheits-Team von Trend Micro, Anbieter der Security-Applikation &#8222;Antivirus for Mac&#8222;, berichtet in seinem Hausblog \u00fcber einen neuen Typ von Schadsoftware, der auf dem Mac als Windows-Anwendung auftritt und so in der Lage zu sein scheint, sich an Apples Systemschutz &#8222;Gatekeeper&#8220; vorbeizuschleichen. Die fragliche App, die \u00fcber Tauschb\u00f6rsen und Piracy-Foren verteilt wird, setzt auf das [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":133701,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[6321,6324],"class_list":["post-133700","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-mac","tag-windows"],"acf":[],"aioseo_notices":[],"featured_image":["https:\/\/images.ifun.de\/wp-content\/uploads\/2016\/08\/windows-10.jpg"],"subheadline":["Gatekeeper ausgetrickst"],"rest_api_enabler":{"featured_image":"https:\/\/images.ifun.de\/wp-content\/uploads\/2016\/08\/windows-10.jpg","subheadline":"Gatekeeper ausgetrickst"},"_links":{"self":[{"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/posts\/133700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/comments?post=133700"}],"version-history":[{"count":5,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/posts\/133700\/revisions"}],"predecessor-version":[{"id":133707,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/posts\/133700\/revisions\/133707"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/media\/133701"}],"wp:attachment":[{"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/media?parent=133700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/categories?post=133700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ifun.de\/apiv2\/wp\/v2\/tags?post=133700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}