The Moysle security company warns Mac users of a new malicious software attack that can operate not detected. The malicious software, nicknamed Jscorerunner, spreads through what seems to be a free PDF converter application distributed on a website with the Filepple.com domain which offers an application called Ripple Effect.
The attack begins after a user has downloaded the Filepple.pkg file from the website. According to Moysle via a 9to5mac report, when the user unpacks the file, “a false viewview” displays a PDF tool which seems legitimate, but “the malicious activity runs silently in the background”. Integrated MAC security, however, has a recording of the package signature as a revoked, so the package is blocked. But a second step is involved, where an unsigned package called Safari14.1.2mojaveauto.pkg runs and installs malware.
Once installed, the jscarerunner malware targets Google Chrome profiles on MacOS. It changes the browser search engine parameters so that users are redirected to a fraudulent search engine to collect user information. Moysle reports that users may not even know that they are infected due to the “sophisticated” efforts of malicious software to hide crash newspapers and contextual windows.
How to protect yourself from malware
The easiest way to avoid malware is to use only applications that are legitimately acquired from trust sources, such as the App Store (which performs security checks on its software) or directly with the developer.
Macworld has several guides to help, including a guide on the question of knowing if you need antivirus software, a list of Mac virus, malware and Trojan horses, and a comparison of Mac security software.
Apple has protections in place in MacOS and the company publishes security fixes via updates to the operating system, so it is important to install them when available. If Apple takes up an update, the company will reissue it as soon as it is correctly revised with corrections.
