‘Tarmac’ Virus Enters your MacOS as ‘Pop-ups’

A new form of malware, dubbed ‘Tarmac’ is making its appearance on Mac devices.

What is Tarmac malware? How does it work?

Tarmac is a ‘malvertisements’ or malicious ads discovered by security researchers. Tarmac malware is also known as OSX. Tarmac is actually a companion of Shlayer, an older program. The two viruses work together to infect MacOS users with spam advertisements.

This combo of Shlayer+Tarmac malvertising campaign started in January this year.

The victims are infested to a malicious pop-up site like Adobe flash player.

When the victim downloads and runs these alleged updates, the OSX/Shlayer malware is installed, which will eventually run the OSX/Tarmac payload. The data of the infected machine is collected by Tarmac and then passed on to its command-and-control server.

“This is obviously a fake Adobe installation signed with an Apple developer certificate(2L27TJZBZM). This certificate was issued by Fajar Budiarto a fake entity,” – the ethical hacking experts said.

The good news is that Tarmac’s command-and-control servers are offline, so the only thing the program is capable of doing now is spying on users.

Malware targets on…

Japan, Italy, U.S have been found targeted by the malvertising campaign.

“We think actors proceed by trial and error, and they might have found a sweet spot in Italy, between the profit they can reap and the level of attention from the security community,” added a confiant security researcher Tara Kahim.

Still unknown!

It is still unknown regarding the capabilities of Tarmac once the server goes live. The purpose and full features of Mac malware still remain a mystery. The confiant researchers still don’t know what the next step would be.

What can you do to stay safe?

 Does your phone act funky nowadays, then

  • Avoid unnecessary download links, emails and messages.
  • To be on the safer side you can scan your Mac by installing anti-malware software for Mac.
  • Make sure your Mac is running a good Mac antivirus software.

If you want more information about Techtron’s secure endpoint protection for Mac and Windows click here to find out more

Leave a Reply

Your email address will not be published. Required fields are marked *