Connect with us

Technology

Two new stealthy malware threats are targeting those of you who use Macs

Published

on

Two new stealthy malware threats are targeting those of you who use Macs

Join Fox News for access to this content

Plus special access to select articles and other premium content with your account – free of charge.

Please enter a valid email address.

By entering your email and pushing continue, you are agreeing to Fox News’ Terms of Use and Privacy Policy, which includes our Notice of Financial Incentive. To access the content, check your email and follow the instructions provided.

Having trouble? Click here.

If you use a Mac, it could be at risk of two new threats. While Apple has a reputation for having ironclad security, these two pieces of malware are designed to trick you and steal your data.

Jamf Threat Labs, an organization that focuses on the safety of Apple products, says the malware threats are part of a year-long attack on Mac systems.  

Advertisement

The group says hackers are using them to harvest data.  Attacks like these are constantly happening, according to the lab. That makes it all the more important for those who use a Mac to ensure your data is locked down.

It’s important to note that, according to the lab, these hackers largely target the crypto industry, putting those individuals, particularly, at risk. That said, all Mac users should still exercise caution.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

MacBook Pro  (Kurt “CyberGuy” Knutsson)

Malware posing as ads

Before we get into the malware, let’s talk about Arc Browser. For those unfamiliar with it, Arc Browser is a Mac web browser that looks to give users a unique experience. First and foremost, the main focus is on the webpage. Any buttons you might find in a traditional browser are relegated to a sidebar. It uses a bookmark system that gives you multiple workspaces. It also has automated tab management.

Advertisement

In other words, many Mac users would consider Arc Browser an upgrade over the already-included Safari. And its ever-growing popularity makes it a huge target for hackers.

Legitimate Arc Browser website  (Kurt “CyberGuy” Knutsson)

MORE: HOW CRYPTO IMPOSTERS ARE USING CALENDY TO INFECT MACS WITH MALWARE

How fake Arc Web Browser ads conceal dangerous malware

In this attack, hackers are hiding malware in advertisements posing as ads for Arc Browser, as seen below.

Malicious site aricl[.]net that imitates the legitimate arc.net  (Jamf Threat Labs)

Advertisement

The ad redirects to a malicious lookalike site: arc.net vs. aricl.net

Instead of taking you to the legitimate download page for the Arc web browser, the ad takes you to a lookalike malicious site, aricl[.]net, that imitates the legitimate arc.net and hosts malware.

Image of the malicious aricl[.]net site  (Jamf Threat Labs)

Malware disguised as Arc Browser unleashes Atomic Stealer

Once you download malware posing as Arc Browser, the malware unleashes an Atomic stealer. It’s a fake prompt that looks like a normal System Preferences prompt asking you for your password. Once the hackers get access to your system password, they can steal other data.

Fake system preferences prompt  (Jamf Threat Labs)

Even worse, these so-called “ads” can appear as sponsored advertisements in a Google search. Jamf Threat Labs says these links can only be accessed through a generated sponsored link and not accessed directly. Attempts to access the malicious website directly returned an error message. This is presumably done to evade detection.

Advertisement

Fake meeting software

The researchers at Jamf Threat Labs have also discovered a fake website that offers malware hidden as free group meeting scheduling software. Meethub[.]gg appears to be legitimate. The company posts articles on Medium and has more than 8,000 followers on X, at the time of publishing. It, however, hosts malware that’s related to Realst, another piece of malware designed to drain crypto wallets.

Some of the attacks involving Meethub use social engineering. A hacker might approach their victim looking to interview them for a job or a podcast. In order to meet, they ask the victim to download Meethub’s software. According to Jamf, these attacks can sometimes lead to big paydays for hackers.

Meethub website  (Jamf Threat Labs)

How to protect yourself

1. Don’t download bootleg software: It’s not worth the risk to download bootleg software. It exposes your device to potential security threats like viruses and spyware.  If someone emails you a link for a download, make sure it’s from a reputable source and scan it.

2. Don’t click on suspicious links or files: If you encounter a link that looks suspicious, misspelled or unfamiliar, avoid clicking on it. Instead, consider going directly to the company’s website by manually typing in the web address or searching for it in a trusted search engine. Most often, the first or second result that comes up is legitimate. If you see the word “Sponsored “above the search result, take a beat before clicking it and consider clicking on the result below it.

Advertisement

3. Have good antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Mac, Windows, Android & iOS devices.

MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES 

What to do if you’ve been hacked

If it has already happened, and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:

Change your passwords

If hackers have recorded your passwords, they could access your online accounts and steal your data or money. On another device (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.

Enable two-factor authentication

You’ll want to activate two-factor authentication for an extra layer of security.

Advertisement

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or authorities immediately. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Use identity theft protection

Identity theft protection companies can monitor personal information like your home title, Social Security number, phone number and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should inform your bank and credit card companies of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

Advertisement

MORE: HOW A FLEW IN iPHONE’S SECURITY COULD LEAVE YOU LOCKED OUT

Kurt’s key takeaways

While Macs are generally secure devices, that hasn’t stopped hackers from stealing data. In fact, these two new attacks show how creative they can be while trying to break into your device. That’s why it’s so important to have good antivirus software and safety practices.

Good safety practices are even more essential for people who trade and use cryptocurrencies in these particular situations. As mentioned before, these attacks focus largely on draining crypto wallets. And while anyone can be hacked, crypto users have a higher risk. So take the time to assess a link before clicking on it. Don’t just download software because someone tells you to. Do your research. At the end of the day, it will help keep your data and your wallet safe.

Are you worried about hackers finding more creative ways to break into your computer? If you use crypto, how are you keeping your crypto wallet safe? Let us know by writing us at Cyberguy.com/Contact

Advertisement

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com.  All rights reserved.

Advertisement

Technology

Meta’s glasses will turn off the camera if you tamper with the privacy light

Published

on

Meta’s glasses will turn off the camera if you tamper with the privacy light

Amid public backlash over its smart glasses, Meta announced that it will be updating its glasses with a new feature that will disable the camera when it detects that someone has tampered with or destroyed the glasses’ privacy LED light. The update is meant to address modders who have taken actions such as physically drilling into the LED light.

Meta has previously tried to discourage tampering with the LED light. For example, starting with its second generation glasses, blocking the light with tape or other objects will trigger a prompt asking users to uncover the recording light. However, many modders have found various workarounds for that particular measure.

Meta’s VP of wearables Alex Himel told The Verge that the privacy-focused update was on the way a few weeks ago after launching cheaper Meta Glasses without Ray-Ban branding. At the time, Himel acknowledged that the company was aware of increasing misuse alongside wider adoption of the devices.

Continue Reading

Technology

Discord accidentally banned over 8,000 people for posting grids and other ‘benign’ images

Published

on

Discord accidentally banned over 8,000 people for posting grids and other ‘benign’ images

Stanislav Vishnevskiy, Discord co-founder and chief technology officer, writes that the bug impacted around 200 users who posted “grid-like” pictures, in addition to about 8,000 people who posted “other benign images” since May 2026. “Everyone affected has now been unbanned,” Vishnevskiy says.

In a thread on X, Discord writes that its safety system is designed to flag content by “matching it against known harmful material.” This system can produce “false positives,” Discord explains, which is when an employee would step in to review the flagged content. But instead of just temporarily preventing the account from uploading content during the review, a glitch led its system to ban users entirely.

“When our staff reviewed and cleared those accounts, the same bug prevented the ban from being lifted automatically, so it just stayed in place,” Discord says.

Continue Reading

Technology

Hoto’s PixelDrive screwdriver is down to $60, matching its best price

Published

on

Hoto’s PixelDrive screwdriver is down to , matching its best price

If your Prime Day purchases included a new desk, TV stand, bookshelf, or other furniture you still haven’t assembled, Hoto’s PixelDrive cordless screwdriver can help speed up the process. It’s currently on sale for $59.99 ($20 off) at Amazon, matching its best price to date.

From tightening loose screws on furniture to repairing electronics, the PixelDrive is designed to handle a wide range of household projects. Hoto includes 30 screwdriver bits that cover many of the most common screw types, all neatly organized in a small cylindrical case. It also offers six adjustable torque settings, allowing you to use less power when working with fragile electronics or increase it when putting together a desk, bookshelf, TV stand, or other furniture. You can also switch between a slower 80RPM mode for more precise work and a faster 200RPM mode with the press of a button.

Hoto also added several features that make assembling projects a little easier. A built-in display lets you quickly check your current torque setting and remaining battery life, while an integrated LED light helps illuminate dim spaces, whether you’re working under a desk or inside a cabinet. The rechargeable 2,000mAh battery also charges over USB-C, so you won’t need to keep buying disposable batteries.

Continue Reading
Advertisement

Trending