Category Archives: Macintosh Security

How to Check For Malware on the Mac

Macintosh Malware and Antivirus Support

Stay safe from virus and malware activity on your Macintosh with these simple tips.

Do you think your Mac has been infected by malware or a virus? It’s always possible, and here’s some ways to check.

Is it a virus? Is it malware?

First of all, don’t blame every single problem on malware or a virus. Many problems on the Mac appear to be virus related, but, actually are system related. If you’re not surfing underground sites or downloading software from places you shouldn’t, you shouldn’t have any virus or malware activity. In the off chance that you do get a virus or malware, here are some basic things you should do to get rid of the malware or virus on your Mac.

Let’s start with the browser.

Google Chrome for the MacOn the Macintosh, you have a few choices for web browsers. The big three browsers that most people use are Google Chrome, Safari, and Firefox. Of these particular browsers, we prefer Google Chrome as our day-to-day browser. Google chrome for Mac is a fairly lightweight browser, has great security controls, and doesn’t seem to have the issues that the other browsers tend to have. Another great feature of Google Chrome is that it has Adobe Flash built right into it. This means you’re not hounded by the constant warnings to upgrade Adobe Flash. This is not to say Safari and Firefox are not safe, we just have a better track record with Google Chrome across-the-board. It’s wise to be careful what extensions you do load into Google Chrome. Only stick to known good browser extensions that are featured on the Google app store. if you do need to stick to using Safari as your daily web browser, you should turn off the extensions. Extensions and toolbars are a common way for malware and viruses to get into your Mac.

Use free Malware and Virus checking software

The best free software we have found to detect malware on your Mac is Malwarebytes. This software is remarkably easy-to-use, and can be run once or twice a week to check for any malware on your Macintosh based computer. We’ve been surprised a few times to find that we actually did have malware and the software has found it and deleted it every single time. This software doesn’t run automatically; you will have to run it by yourself once in a while. Another great piece of software we have found the check for viruses and malware on a Mac is from the company Sophos. This free software does run continually on the Macintosh and is also a good, lightweight piece of software for checking viruses and malware on a Mac. Apple can also detect and defeat certain malware from their end which is built into the Macintosh operating system. This is obviously not the best option because you have no control over what it finds and what it gets rid of.

Did MalwareBytes find malware on your Macintosh?

View Results

Loading ... Loading ...

Backing up your data is a wise move

With good data backups, a good portion of malware and viruses shouldn’t affect your data. Even better, have multiple backup options so your main data backup doesn’t get infected. We prefer multiple hard drives, and Google Drive as our backup options. Apple provides the Time Machine software that can back up every single Mac for free. All you have to do is provide an external hard drive for this option to work.

Be incognito whenever possible

Most browsers today offer an incognito mode, Or stealth mode, which hides your browsing activities. If there are sensitive sites you travel to, using one of the stealth modes may help limit the malware and virus activity on your Mac. The stealth mode can stop tracking and automatically turn off cookies on these sites as you visit them, which aids in your protection.

Stay away from filesharing and torrent sites

A lot of virus and malware activity on a Mac comes from filesharing and torrent sites. You should limit access to the sites if at all possible, especially if other family members are using the Mac. A good option in this case is to use a DNS filtering service such as OpenDNS to stop people in your household from accessing these and other dangerous sites.

Everyone should not be an administrator on the Mac

If your Mac has multiple users, and all them are set up as a administrators, this is not a good situation. This simply means that anybody using the Macintosh has full privileges on the Mac. They would actually be able to install any piece of software, including malware, that they deemed fit. Changing these users to standard users is a great way to bypass this problem. By making them standard users, they don’t have the privileges that an administrator would have. Therefore, they would not be able to make any changes on the system at all. By teaching these users good browsing habits, you should be able to limit the amount of malware and virus activity on your Mac.

Please consider a small and secure donation if this post helped you with your issue!




Incoming search terms:

  • how do i check for malware on my macbook pro
  • how to check mac for virus
  • mac malware el capitan

New Mac OS X ‘Keranger’ Ransomware: What You Need To Know

Transmission Mac Ransomware

Transmission Mac Ransomware

On March 4th 2016, virus researchers discovered a nasty new form of ‘ransomware,’ or software that can take over a Macintosh computer and encrypt and lock the files for monetary payment. This particular strain of ransomware is unique because A.) It’s one of the first public instances of ransomware on the Macintosh platform and B.) It was snuck onto the Mac platform by a popular piece of software commonly used to download torrents, such as movies and television shows called “Transmission.” Security researchers are calling this ransomware “OSX.KeRanger.A”

The delivery mechanism for this ransomware was also unique in that it appeared to sneak in with a very common update to the Transmission software. Most users simply perform these updates without thought, and that’s where the ransomware was hidden–in a seemingly normal text RTF document. Once the malware executes, it silently begins to encrypt the user files in the background–as well as any Time Machine backups–and then alerts the user to pay 1 bitcoin (which is equal to about $400) to unlock the files. By using Bitcoin to pay the ransom, the transactions become virtually untraceable.

Here’s what you need to know about this ransomware if you are using Transmission on a Macintosh:

  1. Immediately perform an upgrade to the Transmission software if you are currently running version 2.90. The currently unaffected version is now 2.92 and can be found at the Transmission website located here.
  2. The malware can take up to 3 days to begin work when installed.
  3. Apple has revoked the security certificate for the malicious software, which should stop it from being installed in the future.
  4. The Transmission authors have removed the malicious installers from their website, however, the malicious software still seems to be under development.
  5. The infected Transmission installers include an extra file (which looks like a text file) named General.rtf in the Transmission.app/Contents/Resources directory.
  6. Upon execution, the ransomware will create 3 files called “.kernel_pid”, “.kernel_time” and “.kernel_complete” in the ~/Library directory. It will then attempt to sleep for about 3 days before continuing.
  7. The user will then receive a text file explaining how to decrypt the files by purchasing a bitcoin and paying it to a particular address.
  8. The malware will encrypt many types of files, including documents, photos, audio and video, archive files, email and database files.
  9. Users should check /Applications/Transmission.app/Contents/Resources/ to see if a file called General.rtf exists. If so, delete your copy of Transmission immediately.
  10. Users can check Activity Monitor for a process called “kernel_service” in the list. If you see this process, select the process and choose “Open Files and Ports” and see if it contains a filename such as “/Users/<user_name>/Library/kernel_service,” which is most probably the main process of this ransomware. You can force quit this process by choosing “Quit –> Force Quit”
  11. Users should check for files with the names “.kernel_pid”, “.kernel_time”, “.kernel_complete” and “kernel_service” located in the ~/Library directory on the Mac. These files can be safely deleted.
  12. Apple will now present a message telling the user that they can no longer install an infected version of Transmission. All that they can do is to eject the disk image.

Please consider a small donation if this post helped you with your issues!


Changing the date to January 1, 1970 will brick your iPhone

iPhone January 1970 Date BugIf you see this image (originally posted on the 4chan website), do NOT follow it’s advice, under any circumstances–it’s a trap!

Apparently there is a nasty bug on any 64-bit iOS device (such as an iPhone or iPad) that will cause the device not to no longer boot if the user sets the time and date to January 1, 1970. Even scarier, you cannot simply restore the iPhone at this point–you have to physically bring the bricked iPhone to your local Apple Store to have a hardware repair done on the device. This sinister date, 1/1/70, is basically an internal value of zero on a Unix operating system, which causes the software to crash, taking your iOS device along with it.

What should I do about this problem?

You would be wise to A.) not perform this trick yourself and B.) don’t allow anyone to perform this trick on your device unless you feel like traveling to the nearest Apple Store. This image circulating around the internet seen above is a terrible hoax and will brick your iOS device.

What does an “Error 53” mean on an iPhone?

iPhone 6 Error 53Does your iPhone show the dreaded “Error 53” since updating to iOS 9? We attempt to get to the bottom of this iPhone controversy.

What does the Error 53 actually mean?

Simply put, this error is a currently unfixable error that is displayed by Apple’s iTunes software after restoring an iPhone, usually an iPhone 6 and iPhone 6 Plus. In essence, the iPhone becomes “bricked,” or rendered completely unusable and traps the device into recovery mode. The data that was on the iPhone is also now locked on the device and cannot be rescued by the user or Apple. There is limited evidence that any of the other iPhone versions are susceptible to this error, such as the iPhone 5 versions. Even iPads with Apple’s Touch ID sensors can also throw this error 53 after restoring or updating.

What is the root cause of this mysterious Error 53?

According to statements released by Apple, the cause of the iOS Error 53 stems from the replacement of a user’s home button, Touch ID, display or any of the other components that make up the fingerprint sensor area by any outfit other than Apple themselves. In other words, if you were to have your home button (or even full display) replaced by a kiosk or other non-Apple repair shop, you will most certainly see the dreaded Error 53.

Apple Touch ID Sensor

Simply repairing your iPhone at a non-Apple store can render your device bricked forever.

The reason for this (according to Apple) is that iOS checks that your Touch ID sensor matches the other on-board components during a software update or iOS restore. This simple set of checks supposedly keeps the features related to Touch ID secure, just in case a malicious party tries to swap out this critical part in an attempt to steal your personal data and credentials. This fingerprint data is stored in an area on your IPhone known as the “Secure Enclave,” which was designed by Apple to store this data securely and safely. If a 3rd-party Touch ID module fails this onboard check, the secure data is forever encrypted and protected and no longer accessible.

When Apple themselves replace this critical part, they perform a procedure to recalibrate the iPhone parts back together again, which allows the onboard checks to pass. Users who have the iPhone fixed at an Apple Store will not see this dreaded Error 53 after restoring or updating.

 

Most of the iPhone community including many repair websites are claiming that this is a very bad move on Apple’s part. In essence, Apple seemingly is making sure that iPhones cannot be serviced anywhere but a genuine Apple Store.

What is the fallout of the Error 53 situation?

Error 53 Class Action Lawsuit

Law firms are already mounting class-action lawsuits over the error 53 situation

At this point, several news agencies are reporting that class-action lawsuits are being mounted against Apple for this move and the Apple discussion boards are being flooded by users with the Error 53 on their iPhones and iPads.

How do you fix an Error 53 on an iPhone?

At this time, there is no known solution to this error and Apple has not given any more direction since their last statement describing why the error 53 is happening on modified iPhones and iPads.

I haven’t gotten the Error 53 yet. Why?

If you have had any modifications or repairs to your IPhone or iPad that were not done by Apple themselves, we highly suggest that you do not do any further software updates to the device until a solution is found for the error 53 problem. If you need any further repairs done on the device, you would be best served by the Apple Store or AppleCare helpline. Apple has the proper equipment to fix your device and recalibrate it correctly so you don’t see the error 53. If you no longer have access to the old parts from your repair (not that they would work anyway), you would be forced to purchase a brand-new iPhone.

Contact Apple for resolution.

If you have the dreaded iPhone Error 53 issue, please contact Apple as soon as possible by clicking here.

Has Your Apple ID Account Been “Frozen?”

Phishing for Apple ID AccountsThere’s another new scam going around that appears to be from places such as “katzweb.net” and other sites telling you that your AppleID account has been “frozen,” and that you should “verify your account.” This is complete nonsense and a horrible “phishing” attempt. Phishing is when a person or company that is not the real person or company attempts to get private and sensitive information from you, such as credit card numbers or social security numbers. This is NOT real and you should NEVER give your personal data away in these instances. Unless you are directly talking to an Apple employee (via the Apple.com website or 1-800-APL-CARE support line), you will have serious issues when these sites get your personal data.

If you are contacted by anyone or any company requesting data that has anything to do with an AppleID, you should forward that suspicious (although very real looking) email to Apple support located at reportphishing@apple.com. They will be able to determine if this was a real or fake request and they will contact you directly.

Be safe out there!