Tarmac Malware

Named Tarmac (OSX/Tarmac), this new malware was distributed to macOS users via online malvertising (malicious ads) campaigns.

These malicious ads ran rogue code inside a Mac user’s browser to redirect the would-be victim to sites showing popups peddling software updates — usually for Adobe’s Flash Player.

Victims who fell for this trick and downloaded the Flash Player update would end up installing a malware duo on their systems — first the OSX/Shlayer malware, and then OSX/Tarmac, launched by the first.

Source: ZDNet

How do you protect yourself?

Proper security measures must be in place to defend against Tarmac Malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.

CVE 2019-8164

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and  important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.    

Source: Adobe

How do you protect yourself?

Update your Adobe software to the latest version.

SDBot Trojan

SDBot uses application shimming for persistence, a technique that “can be used to Bypass User Account Control (UAC) (RedirectEXE), inject DLLs into processes (InjectDLL), disable Data Execution Prevention (DisableNX) and Structure Exception Handling (DisableSEH), and intercept memory addresses (GetProcAddress).”

This, in turn, makes it possible for attackers to elevate privileges for malicious processes, to install backdoors on infected systems, as well as to disable anti-malware solutions Windows Defender.

SDBot is a modular malware as it uses an installer, a loader, and a RAT component, with the installer being used to store the RAT component within a compromised device’s registry and for establishing persistence for the loader component which executes the RAT payload.

Source: BleepingComputer

How do you protect yourself?

Proper security measures must be in place to defend against SDBot trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.