Mac Malware Revisited

I am very careful what I install on my iMac in the way of Apps, Extensions, etc. However, even I get some malware from time to time. I know I have said this before, but periodically scanning your machine with an App like Malwarebytes is a super good idea! Here is the latest malware that was discovered on my iMac.

Mac Malware

I have used Malwarebytes for some time now. I do not use the paid version, just the free one which you have to run manually. I just ran it today and it found this malware:

When Malwarebytes finds malware all you have to do is click the “Confirm” button and allow Malwarebytes to remove this bad stuff. When it is finished it lets you know this item(s) has been deleted:

Now, this is very important. You should click on “Start Scan” again to re-scan your Mac. When Malwarebytes is finished it should give you the all clear sign:

Now you know your Mac is clear of malware.

Please note, my iMac is running all the latest macOS, 10.13.2 with the security update installed. Apple’s Xprotect and Malware Removal Tool did not find this piece of malware. I am glad Apple has those pieces of the OS in High Sierra, but they are not enough.

So, what is “systemd” malware? Check out this definition:

Trojan backdoor for macOS. Once launched, it sends the following string to the console:

“This file is corrupted and connot be opened”

It is executed as a daemon called systemd. In order to conceal its file, the Trojan marks it with flags uchg, schg and hidden.

The files is described as a “backdoor Trojan” which stores configuration information from your Mac in a file. Here is what the file ends up doing:

Depending on the Trojan configuration, it establishes a connection with the command and control server itself or waits for an incoming connection request. Once connected, the backdoor executes the commands it receives and periodically sends the following information to cybercriminals:

• Name and version of the operating system;

• User name;

• Availability of root privileges;

• MAC addresses of all available network interfaces;

• IP addresses of all available network interfaces;

• External IP address;

• CPU type;

• RAM amount;

• Data about the malware version and its configuration.

Malware is serious stuff folks!! Sometimes it is difficult to get Mac people, especially Mac old-timers like myself, to take this stuff seriously.

Conclusion

Apple includes some malware protection in the macOS, Xprotect and MRT (malware removal tool). That is good, but we need to take additional steps to keep our Macs clean and lean.