Trend Micro warned that hackers are testing a new way to infect the Mac. It bypasses macOS’s Gatekeeper security feature and deploys executables containing malware to the victim’s computer. Researchers discovered this malware when analyzing Little Snitch. Little Snitch is a firewall application that is easy to run on Mac/Windows. Researchers believe that hackers are still studying malware and how it is used.
Mac users cannot install EXE files, which is the executable file format used by Windows. If the macOS user tries to install the EXE file, they will see an error message. “However, we found EXE files in the wild delivering a malicious payload that overrides Mac’s built-in protection mechanisms such as Gatekeeper. This routine evades Gatekeeper because EXE is not checked by this software, bypassing the code signature check and verification since the technology only checks native Mac files. While no specific attack pattern is seen, our telemetry showed the highest numbers for infections to be in the United Kingdom, Australia, Armenia, Luxembourg, South Africa, and the United States.”
In this regard, our recommendation remains to avoid downloading the software and other files from unverified sources and enabling multi-layered protection on the Mac.