A surge in “… will damage your computer” pop-ups is driving Mac users nuts

Posted by admin on March 1, 2021 under Tech News | Be the First to Comment

macOS Big Sur and Catalina are massively alerting users to malware on their computers by recurrently displaying “… will damage your computer” pop-up dialogs.

In cybersecurity, the line between a real heads-up and a false positive is blurred. Sometimes the latter is an upshot of over-protection on a service provider’s end, and it can as well be a shortcoming of malware detection algorithms. One way or another, the user is on the receiving end of incessant warnings that make the computing experience go down the drain.

In recent havoc that broke out in the Mac territory, numerous users found themselves in a situation where their machines keep displaying alerts that say, “[App Name] will damage your computer. You should move it to the Trash”. The fact that these pop-ups come in insanely large numbers makes some users think that this is a macOS bug. However, that’s a misconception – and here is why.

The incredibly annoying “… will damage your computer” alerts are triggered because macOS has started ringing the alarm bells in response to real malware activity on specific computers in late February 2021. Notice the vanilla-looking application name in quotes (StandardBoostd) on the screenshot above. This is one of the multiple strains of malicious code invoking an abnormally aggressive reaction of the operating system. Some of the other common samples mentioned in these pop-ups warnings at this point are as follows:

• ConfigTyped
• DominantPartitiond
• ElementaryTyped
• ManagerAnalogd
• OperativeMachined
• ProtocolStatus
• TrustedAnalogd

This is far from being a complete list of unwanted apps that have ended up in the spotlight of macOS Gatekeeper, a feature that checks code for notarization issues and known signs of malicious behavior. What most of them have in common is the affiliation with an adware family called AdLoad, which cashes in on freeware bundles to infect Macs on a large scale.

The most rational theory about what’s happening is that Apple’s protection mechanisms have been recently improved, and AdLoad spin-offs along with a few other adware lineages are now easily detectable. These enhancements may have arrived with macOS Big Sur and macOS Catalina feature updates, or the Cupertino company could have quietly rolled out a series of tweaks to Gatekeeper logic beyond the regular update schedule.

That’s good news for the Mac user community, but with the caveat that the “… will damage your computer” alerts are splashing up non-stop without providing any effective methods to apply a permanent fix. Although most of these dialogs include a “Move to Trash” button, it doesn’t do what it says. As a result, users are stuck between a rock and a hard place. On the one hand, they are bombarded by nuisance pop-ups from macOS. On the other, they are faced with stubborn adware that resists commonplace removal.

It appears that the only workaround is to go the extra mile checking a handful of folders for sketchy files and deleting them, or outsourcing this tedious work to a trusted Mac antimalware tool. Hopefully, Apple will be combining its threat detection refinements with hands-on cleaning methods further down to minimize users’ frustration when outbreaks like this occur.

North Korean state-sponsored hackers resume massive bank heists

Posted by admin on September 18, 2020 under Tech News | Be the First to Comment

North Korean government-backed adversaries have executed a series of attacks against high-profile international banks, pilfering millions via fraud schemes.

A cybercriminal syndicate from North Korea codenamed BeagleBoyz is busy leveraging offensive remote access tools (RATs) and social engineering to steal funds from major financial institutions around the world. In light of this discovery, a number of U.S. Government agencies are alerting banks to the menace.

In a joint advisory issued on August 26, 2020, officials state that the hacking crew is pulling off bank heists over the Internet to fund the totalitarian regime. The threat actors are zeroing in on banks based in well over 30 countries. These shenanigans are reportedly aimed at draining victims’ accounts of a whopping $2 billion.

The startling details were exposed in the aftermath of an ongoing investigation conducted by the FBI, the U.S. Cyber Command, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury.

According to these findings, North Korean state-funded actors have been initiating illegal international money transfers and ATM cash-outs in multiple countries. For instance, just one of these schemes resulted in fraudulent cash withdrawals from ATMs owned by financial entities in dozens of countries, including the U.S.

As if these swindles weren’t enough, BeagleBoyz has been carrying out SWIFT frauds on a large scale, as was the case with the notorious Bangladesh bank heist of 2016 that entailed roughly $80 million in losses. By the way, the attempted amount was about $1 billion. The silver lining in this incident was that the Federal Reserve Bank of New York halted the remaining transfers due to suspicious payment instructions that came from the Bank of Bangladesh.

The BeagleBoyz hacking group is believed to be a branch of the Reconnaissance General Bureau of the North Korean government. Its operations are tracked back to 2014, resulting in hundreds of millions in losses. It is closely tied with the infamous Lazarus Group and APT38, to name a few. This organized cybercrime entity was behind several heists targeting cryptocurrency trading firms and the 2018 fraudulent ATM cash-outs exploiting the FASTCash platform.