14 DAY TRIAL // If you’re a tech-savvy user, the title probably doesn’t make much sense to you because executable files can’t run on Mac, as they are specifically designed for Windows.
And yet, hackers have found a clever way to employ the existing tech to add support for EXE files on a Mac in order to actually infect these devices.
Security vendor Trend Micro has discovered a new tactic that comes down to a DMG file that packs such an executable file, which is then used to deploy additional malicious payloads on the target system.
The DMG file is supposed to install a firewall application for macOS called Little Snitch, so when trying to deploy the security software, users also launch the EXE file.
Because executable files can’t run on macOS by default, the malware authors also included a copy of Mono, a free framework that makes this thing possible. So basically, when opening the DMG file to install Little Snitch, the executable file is also launched using the said framework.
The reason why hackers turned to such tactics is that executable files aren’t verified by Gatekeeper, the built-in macOS security feature that scans DMG files to make sure they are signed and thus secure.
Deploying adware
Trend Micro says that once the malware is launched, the EXE file deploys adware apps and collects information about the compromised system, such as installed apps and model name. The adware is disguised as Adobe Flash Player and Little Snitch.
Somewhat odd is that the executable file couldn’t run on a Windows computer, and the security vendor warns that with such tactics, EXEs become more dangerous on Macs than on Microsoft’s native OS.
“Currently, running EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a mono framework installed in the system is required to compile or load executables and libraries,” they say in an analysis of the malware.
“In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS’ security features. As for the native library differences between Windows and MacOS, mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts.”
The best way to stay secure is to avoid downloading files from unverified sources and to install security software that can protect your device.