A new Mac malware to watch out for
9to5Mac is reporting on a new strain of Mac malware called JSCoreRunner. It spread through a fake file conversion site, fileripple[.]com, which posed as one of those free utilities that everyone downloads to quickly convert HEIC and WebP images, PDFs, or Word docs. Instead of a handy utility, it delivered undetectable malware.
Mosyle, a leader in Apple device management and security, has exclusively revealed to 9to5Mac details on a new Mac malware strain, dubbed “JSCoreRunner”. The zero-day threat evaded all detections on VirusTotal at the time of discovery, spreading through a malicious PDF conversion site called fileripple[.]com to trick users into downloading what appears to be a harmless utility.
Free tools that promise quick file conversions for HEIC and WebP files, PDFs, and Word docs have become prolific online as popular go-tos for quickly getting around format compatibility issues. Cybercriminals are taking advantage of this trend by creating fake websites masquerading as legitimate utilities to infect unsuspecting users. It’s actually become so bad that earlier this year, the FBI’s Denver field office issued a warning about an increase in risk of malware and data theft from file conversion sites, like fileripple[.]com.
[…]
Once installed, the JSCoreRunner malware specifically targets and hijacks a user’s Chrome browser by altering its search engine settings to unknowingly default to a fraudulent search provider. This opens users up to keylogging, redirected searches to phishing sites, and promoted malicious search results, ultimately resulting in any sort of data and/or financial theft.