The company describes how bad actors can place infected material onto an EXE extension and feed it to Mac. Yes, the same EXE files that only work on Windows, but the method is functioning. To make matters worse, the malware is attached to a security solution calls Little Snitch Firewall. Users who believe they are paying to protect their Mac end up with infections. Hackers loaded a version of the firewall with infections and sent to torrent distribution services. Interestingly, there is a MonoBundle folder inside the firewall that holds an installer.exe. Needless to say, this is unusual for Mac, as Kaspersky Lab points out: “In fact, Windows executables are so unsupported in macOS that Gatekeeper (a security feature of macOS that prevents suspicious programs from running) simply ignores EXE files. This is quite understandable: It makes little sense to overload the system by scanning obviously inactive files, especially with one of Apple’s selling points being operating speed.”

Avoidance

Kaspersky Lab says this shows even macOS has its vulnerabilities and can be exploited. Furthermore, the company offers some advice to help users avoid such problems:

“Do not install pirated versions of applications. If you really need a program, and really, really aren’t prepared to pay for it, first try to find a free alternative. Always download programs from official sources: the App Store or developer websites. If you decide to download an application from an unofficial source, for example a torrent tracker as mentioned above, be sure to check what actually gets downloaded. Be suspicious of any “extra” files in the installation package.” Windows EXE Files Are Being Used to Exploit MacOS - 55Windows EXE Files Are Being Used to Exploit MacOS - 34Windows EXE Files Are Being Used to Exploit MacOS - 15Windows EXE Files Are Being Used to Exploit MacOS - 87Windows EXE Files Are Being Used to Exploit MacOS - 55