Apple Updates macOS to Detect Malware Disguised in Windows EXE Files

Advertisement
By Jamshed Avari | Updated: 25 April 2019 14:46 IST
Highlights
  • MacOS malware was detected spreading through Windows files in February
  • Cross-platform frameworks such as Mono made this possible
  • Apple has made the updates without a big announcement

Apple has reportedly updated the macOS XProtect anti-malware framework to protect Macs against an innovative type of attack carried out using cross-platform Windows executable files. Usually considered harmless because they can't run on macOS, Windows EXE files have recently been used because of the emergence of cross-platform software frameworks, particularly one called Mono, which can be used to run EXE files created specifically for it. The unnamed malware, first reported in February this year, bundled such seemingly innocuous files with pirated copies of popular Mac apps, and included the Mono framework to ensure that they would be able to run on Macs. Infected Macs then sent personally identifying information to a remote server and had even more malware sent to them including advertising spam.

The threat was first reported by Trend Micro, after the security firm detected such infections in the US, UK, Europe, Australia, and South Africa. Now, Apple appears to have updated XProtect, which works in conjunction with the Gatekeeper and File Quarantine tools, to detect and such executables and prevent them from causing harm. 

Advertisement

Bleeping Computer reports that macOS security expert Patrick Wardle has tweeted a screenshot and information about two new rules added to XProtect on April 19, which specifically protect against Windows executables. Wardle explained his findings in a Twitch live stream on Tuesday and has said that he will soon make the video available on his YouTube channel.

The Mono framework is an implementation of Microsoft's .NET software development environment, and is developed and maintained by Microsoft subsidiary Xamarin. It allows Windows developers to map DLL file dependencies to alternatives in other host OS environments including macOS, Android, iOS, multiple Linux distributions, and even some embedded operating systems such as the ones used by popular game consoles.

Apple appears to have taken this threat very seriously. Many users might have been taken in assuming that Windows files cannot cause any trouble on Macs, but this is no longer true thanks to tools like the Mono Framework, which are going to become more popular over time.  Users should now see familiar macOS Gatekeeper warnings when suspicious EXE files are detected or when a user tries to run them. The rules include the names of known adware.

The XProtect updates were released without any announcement from Apple. It does not have any visible interface in macOS, but it ties into File Quarantine, which confirms whether a user wants to run files downloaded from the Internet and shows the user when they were downloaded and through which application. If the file contains known malware, File Quarantine will warn users that it will harm their computers. Recent versions of macOS include Gatekeeper, which allows digitally signed files from trusted developers to be allowed to run without throwing up such alerts.  

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Best Gaming Laptops Under Rs. 80,000 in India
  2. Amazon Prime Day 2026: Best Deals on iQOO Smartphones
  3. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  4. Everything We Know About the Nothing Phone 4b
  5. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  6. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.