What is Trojan-Proxy malware?
Cybercriminals are intensifying their assault on Mac users with a sophisticated Trojan-Proxy malware campaign, as reported by cybersecurity firm Kaspersky. This cross-platform threat targets users seeking free versions of popular macOS software on unauthorized websites. The malware infiltrates computers through pirated tools, transforming them into traffic-forwarding terminals for anonymizing criminal activities such as hacking, phishing, and transactions for illicit goods.
The campaign strategically capitalizes on users’ willingness to compromise their computer’s security to obtain premium apps without payment. Kaspersky identified 35 trojanized tools, including image editing, video compression, data recovery, and network scanning software, offered on warez sites. Notable trojanized software includes 4K Video Downloader Pro, Aiseesoft Mac Data Recovery, Sketch, and more.
How does Trojan-Proxy malware work?
The Trojan-Proxy malware disguises itself within PKG files, unlike legitimate software distributed as disk images (.DMG). This malicious tactic allows the execution of scripts during the installation process, posing significant risks. With administrator rights granted during installation, the embedded scripts perform dangerous actions like file modification, autorun, and command execution.
Upon installation, the malware activates the Trojan-Proxy, masquerading as the WindowServer process to blend with routine system operations and evade user scrutiny. The WindowServer is a legitimate macOS system process responsible for managing the graphic user interface. The Trojan-Proxy connects to its command and control (C2) server via DNS-over-HTTPS (DoH) to receive operational commands. The C2 infrastructure supports proxy trojan payloads for Android and Windows, indicating a broader target range.
In a parallel discovery, Kaspersky found evidence of a related Trojan-Proxy malware affecting Apple macOS users through unauthorized websites distributing trojanized versions of cracked software. This sophisticated threat operates as a cross-platform menace, with artifacts suggesting a connection to Windows and Android.
The macOS variants of the malware present themselves as legitimate multimedia, image editing, data recovery, and productivity tools, mainly targeting users seeking pirated software. The rogue versions, delivered through .PKG installers, contain post-install scripts for malicious activation. To enhance its stealth, the malware mimics the WindowServer process and communicates with its C2 server through encrypted DNS-over-HTTPS.
How to protect your Mac against Trojan-Proxy malware?
Both Kaspersky’s warnings highlight the severity of the threat and advise users to refrain from downloading software from untrusted sources. By staying vigilant and avoiding pirated software, users can contribute to mitigating the risks associated with these Trojan-Proxy malware campaigns.
However, if you’re concerned that malicious malware has been installed on your device, you can download Antivirus One to check for free. Once your Mac gets infected, the malware will keep creating malicious files. The longer you wait, the more damage will be done to your computer. Antivirus One is a professional and reliable antivirus app, which performs superbly across the board in malware detection and threat protection. It offers live antivirus monitoring to protect your Mac from adware, ransomware, spyware, and all kinds of malware attacks.
Additionally, if your device has already been affected by the Trojan-Proxy malware, you can use Antivirus One to run a comprehensive scan and thoroughly eliminate the adware and any related items.
Here are some of Antivirus One’s awesome features:
- Real-time Detection — Protects your Mac against all threats 24/7.
- Virus Scanner — Scan files and locations to safeguard every part of your Mac.
- Virus Cleaner — Automatically remove viruses to secure your system and privacy.
- Adware Cleaner — Get rid of pop-ups, adware, and browser hijackers so you can browse safely.
- Privacy Cleaner — Hide your information to prevent others from identifying you.
More than ever, your mac needs further protection. So what are you waiting for? Download Antivirus One for free!