MacOS malware using executable Windows files to infiltrate Apple devices discovered

“Reported by Trend Micro, it is not yet clear how severely has the vulnerability already impacted Apple devices, but it can be a potentially heavy threat”

A new report has highlighted a macOS vulnerability, wherein the malware reported is steadily infiltrating devices in the guise of executable Windows files. The attack, which does not have a specific name, has been unearthed by Trend Micro, which has revealed the exact procedure and potential vulnerability. The malware is initially downloaded on to macOS as .exe files. Since macOS does not allow these files to run on the platform, these files are skipped by Gatekeeper, Apple’s proprietary security application, while scanning for threats.

It then downloads Mono, a manifestation of the Microsoft .NET framework to enable cross-platform development to execute the downloaded file. Once executed, it relays critical system information such as serial number, hardware and software configuration. As of now, it remains unclear exactly how critical the malware has been, but the implications are grave.


For one, once installed, it can send any system information to a remote server, which can then push any other form of adware and malware on to the infected macOS devices. This gives it the ability to install rogue adware or even ransomware. Furthermore, the vulnerability could have been used as a surveillance route into macOS devices and also be used to service targeted advertisements. The malware is being commonly found in pirated copies of popular macOS applications, which are distributed via torrent. For instance, pirated copies of popular disk partitioning application Paragon NTFS is one of the targeted torrent files that are being used to spread the malware.

Interestingly, the executable files have been specifically designed for macOS only and it does not work on Windows devices. The malware threat is not expected to be locked down to any specific region or a group of users. The Trend Micro report states that the vulnerability has been found in macOS devices across UK, USA, Europe, South Africa, and Australia and appears to be targeting a wide blanket of users.