Malware for macOS Uses Windows EXE Files to Evade Detection, Install Adware

Advertisement
By Jamshed Avari | Updated: 13 February 2019 17:23 IST
Highlights
  • macOS does not check Windows EXE files which usually cannot be executed
  • The malware uses the Mono cross-platform framework to run EXE files
  • Adware is downloaded and installed automatically when the EXE is run

Trend Micro Security has discovered a new form of malware that targets macOS but masquerades as a Windows executable file. This allows it to evade detection by Apple's own Gatekeeper security tool, since Windows EXE files are typically disregarded because of their inability to run. The malware, however, does execute these files using a software framework called Mono which is designed to enable cross-platform app development. The malware has been found in pirated versions of popular Mac apps that are being distributed as Torrents. Once installed, it contacts a remote server, reports your system information, and downloads whatever additional malware the author wants to send.

The threat, which does not have a specific name, has been confirmed by Trend Micro to have struck Macs in the US, UK, Australia, South Africa, and Europe. It is not believed to have been specifically targeted at any region or type of user.

Advertisement

Researchers have found this malware being distributed as several commonly pirated macOS apps including Little Snitch, a firewall; the Traktor Pro 2 DJ software; Paragon NTFS, which is widely used to access hard drives formatted for Windows; and Wondershare's Filmora video editing suite.

The malware cleverly includes the Mono framework within the downloaded package. Users would otherwise have to have Mono installed already, which would significantly reduce this malware's ability to infect Macs. Interestingly, the malicious EXE files will not run on Windows because they are specifically designed to infect Macs.

After being installed successfully, the malware sends identifying system information including the serial number of the infected Mac and its hardware and software configuration to a remote server. It is not clear what this information is used for. Trend Micro analysed a sample and found that it also downloaded and automatically executed three files including what appeared to be an installer for Adobe Flash but was actually adware. Thus, the malicious EXE file can be used to infiltrate other potentially more serious types of malware onto an infected PC including adware or ransomware.

The Mono framework is an implementation of Microsoft's .NET software development environment, and is developed and maintained by Microsoft subsidiary Xamarin. It allows Windows developers to map DLL file dependencies to alternatives in other host OS environments including macOS, Android, iOS, multiple Linux distributions, and even some embedded operating systems such as the ones used by popular game consoles.

Advertisement

Gatekeeper is Apple's attempt to prevent users from harming their machines by screening executable files for potential threats. It can also be set to prevent users from installing apps from anywhere other than its own App Store, commonly referred to as a “walled garden” approach to security. Gatekeeper typically checks an app publisher's code signatures and verify the integrity of downloaded files.

In 2015, security researchers discovered that the macOS Gatekeeper could be bypassed simply by using an already trusted file to load other files from arbitrary folders. Mac users (and all PC users) are advised to be very careful about where they download software from.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Everything We Know About the Nothing Phone 4b
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  3. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  4. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  1. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  2. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  3. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  4. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  5. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  6. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  7. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  8. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  9. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  10. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.