Files Shared: New Trojan OSX CoinThief A New Anti Malware Effectiveness Test Results

Wednesday, March 29, 2017

New Trojan OSX CoinThief A New Anti Malware Effectiveness Test Results

Thomas Reed has tested and described a new Mac Trojan horse named Trojan.OSX.CoinThief.A. You can read his analysis here:

New CoinThief malware

CoinThief.A was first reported by SecureMac here:

New Apple Mac Trojan Called OSX/CoinThief Discovered

+ + +

The Safe Macs Anti-Malware Tests

Also of interest at Thomass The Safe Mac site is his recent article:

Mac anti-virus testing 2014

Thomas tested 20 anti-malware programs, from free to paid, against 188 Mac malware samples and compared the results. If youre looking for the best options in Mac anti-malware, his article is an excellent place to start.

I was pleased to see that Integos Virus Barrier topped this list. It remains my favorite of the paid anti-malware applications for both usability and the dedication of their staff to Mac security. But I must point out that Sophos free single-user anti-malware application did very well. Sophos also remains dedicated to Mac security.

I continue to be disappointed that the ClamAV project doesnt take Mac security entirely seriously. Everyone involved with ClamXav has done and still does their utmost to get every possible Mac malware signature into ClamAV, several times over. That includes Mark Allan and friends, such as Thomas Reed and myself. *sigh*

Security Spreads Anti-Malware Tests:

For further details, here is a whopping huge chart of various anti-malware applications versus specific malware samples, both inert and active:

http://securityspread.com/detection-rate-results/

If youre going to pour over their most recent testing chart, I suggest downloading its PDF first as it can be very annoying to read via web browsers.

I find some of the samples in Security Spreads testing to be unusual if not silly. For example, the Opener script was never anything but a concept. It never qualified as actual malware. The list also offers no malware strain delineation. Then theres the inexplicable inclusion of anti-malware application MacKeeper, which I would never recommend as an option due to their predatory, deceitful marketing strategies as well as consistent reports of it being more deleterious than helpful to Mac usability. As usual, it pays to shop around and compare malware lists, test results and the reputations of the folks doing the testing.

Anyway, its good to see Integos Virus Barrier again was at the top of the list in Security Spreads testing.

Malware Lists:

Of slight interest, here is Security Spreads rendition of the history of Mac malware:

http://securityspread.com/history-of-mac-malware/

This list is by no means complete! The list of Mac OS (pre-Mac OS X) malware is worthless. Nearly 50 malware are missing. (o_0) Many of the listed OS X era malware were mere proof-of-concept malware, never found in the wild. Again, there is no listing of malware strains is provided. Their naming protocol for malware is incomplete and provides no transmission vector indication. And so forth. But its a list of sorts and is therefore sort of useful.

Thomas Reed provides his own list of OS X malware at his The Safe Mac website:

http://www.thesafemac.com/mmg-catalog/

I keep my own personal list of OS X malware, but it too is not perfect. I keep it in order to have a historical count of Mac malware as well as to provide a file system where I can store related malware articles as I find them. However, Ive discovered that posting such a list is beyond the intentional scope of this blog, so I no longer bother to collate it for public viewing. Instead, Thomas Reed and I share notes and I leave the public list maintenance to him. (Thank you Thomas!)

Another drawback about such lists is that, with time, malware becomes inert on various versions of OS X. For example, anyone with OS X 10.6.8 and above has Apples XProtect system installed as part of the system. XProtect has made a vast variety of OS X malware inert. This means that for those versions of OS X, theres very little active malware in the wild. The only reason I posted this article about CoinThief.A is that XProtect has not yet (as of this moment anyway) been updated to identify it on Mac systems. CoinThief.A and the newly discovered Crisis.C would literally be the only two OS X malware on any up-to-date active Mac malware list at this moment. Therefore, I prefer simple blog posting alerts about new malware.

Bored yet? I find this stuff interesting. Be glad I dont dump the gory details on you. Some of that stuff puts me to sleep. Happy dreams ~ ~ ~

:-Derek

[Credits: The creepy hand used in the Bitcoin graphic I concocted is by ze ice. The original can be found here:

http://fc02.deviantart.net/fs70/i/2011/313/b/9/creepy_hand_by_ze_ice-d4eb3yx.jpg]

Go to link Download