Skip to main content

Apple Keeps Malware Info from Antivirus Firms: Researcher

posted onJanuary 3, 2019
by l33tdawg
Laptop Mag
Credit: Laptop Mag

Patrick Wardle, about whose discoveries we've written many times on Tom's Guide, last month analyzed a new strain of Mac malware called Windshift. He noticed that Apple had revoked the digital certificate that let the malware install on Macs. That's good.

But when Wardle checked VirusTotal, an online repository of known malware, only two of some 60-odd antivirus malware-detection engines could spot Windshift. None of the malware engines spotted three other Windshift variants. To Wardle, this could only mean one thing: Apple found malware without telling antivirus companies about it. That's bad, because anyone who was already infected might never have found out. In the antivirus world, you're supposed to share such information ASAP to maintain herd immunity.

"Does this mean Apple isn't sharing valuable malware/threat-intel with AV-community, preventing the creation of widespread AV signatures that can protect end-users?!" Wardle asked in his blog posting. "Yes." Windshift seems to target specific individuals in the Middle East as part of a state-sponsored espionage campaign. It was first disclosed by DarkMatter researcher Taha Karim at the Hack in the Box GSEC conference in Singapore last August.

Source

Tags

Apple HITBGSEC

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th