back to article Malware spotted doing unspeakable, filthy things to infected Macs – injecting Bing results into Google searches

A devious and baffling new strain of malware intercepts and tampers with internet traffic on infected Apple Macs to inject Bing results into users' Google search results, we're told. A report out this month by security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS …

  1. anthonyhegedus Silver badge

    Perhaps they’re just testing the thing out there and will eventually do really nasty things like intercept bank account logins to facilitate the sort of scams that involve fake refunds, where prospective marks are shown doctored versions of their bank statements.

    1. Swarthy
      Pirate

      I was thinking that this was Proof-of-Concept in the wild. Maybe the malware writers profiteers stiffed one of their developers, and this got released so that when the real one (that skims bank info) comes out, it's already blocked by AV.

  2. John H Woods

    Do Americans ....

    ... still get Amazon gift card rewards for using Bing? If so, could this be designed to generate them, but hoover them up before the users get them?

  3. Anonymous Coward
    Anonymous Coward

    I thought the Firefox browser on a Linux VM was infected once...

    Every web search turned up unrelated ads and nefarious web links.

    I realized after a few minutes that the search engine was just set to Yahoo!

    (Sorry, no joke icon as Anon)

    1. phuzz Silver badge

      Re: I thought the Firefox browser on a Linux VM was infected once...

      Was that Mint by any chance?

      I respect that by setting the default search to Yahoo they get a bit of extra funding, but it's still the first think I change on a fresh install.

  4. Anonymous Coward
    Linux

    Baffling new strain of malware?

    security house AiroAV details how its bods apparently spotted a software nasty that configures compromised macOS computers

    The most important bit is how does this baffling malware get onto the Mac in the first place. does it require visiting a compromised repository and downloading and installing the malware or opening an email attachment or clicking on a malicious link.

    In this latest case, it is claimed, the malware masquerades as an installer for an Adobe Flash plugin – delivered perhaps by email or a drive-by download

    Thanking you, so, a total non-story ..

    1. sabroni Silver badge
      Facepalm

      Re: a total non-story ..

      What a total non-comment.

      "Injecting bing results into Google searches". That's the story.

  5. macjules

    Adobe Flash plugin ... that the user is tricked into running

    If you can be tricked into installing Adobe Flash then unfortunately I would suggest that you deserve what you get.

    1. Pen-y-gors

      Re: Adobe Flash plugin ... that the user is tricked into running

      If you can be tricked into installing Adobe Flash - and then giving it your account authentication details as well - then unfortunately I would suggest that you really really deserve what you get, and then some.

    2. bombastic bob Silver badge
      Facepalm

      Re: Adobe Flash plugin ... that the user is tricked into running

      yeah... from the article: the malware masquerades as an installer for an Adobe Flash plugin

      I saw that and was thinking the Mac gods must be FURIOUS (at the users, for being so brain-impaired)

      1. Evil Auditor Silver badge

        Re: Adobe Flash plugin ... that the user is tricked into running

        And what do the mac gods say about brain-impaired fanbois willing to pay silly dosh for a monitor stand?

        1. Joe Gurman

          Re: Adobe Flash plugin ... that the user is tricked into running

          Not likely to appeal to most fanboys, unless they’re of the idle mega rich variety who can afford a US$5K (or $6K) display to it on the mount. Actual pro device, affordable only by the professional video and sound editing industry and the owners of super yachts. The US$1K for the stand is in the noise of 28-core, 4 graphics chip, 1.5 Tbyte of memory kit.

  6. Ribfeast

    Quite a few steps to go through to install it. I doubt it is signed by any developer certificate, it's not on the app store, so you need to go to System Preferences, and manually allow that instance. You'd have to be pretty keen!

  7. Tim99 Silver badge
    Gimp

    Adobe Flash

    Why would you install Flash on a Mac? The porn/gambling site you visit requires it for an "enhanced experience"?

    1. bombastic bob Silver badge
      Facepalm

      Re: Adobe Flash

      claims of it being enhanced with 'f-u-f-me' maybe...

      Adobe flash player is already DEAD. This kind of crap tries to make it UNDEAD [even if it's all scam downloads]

  8. RyokuMas
    Joke

    Maybe...

    What goes around comes around?

  9. Spacedinvader
    Trollface

    So THIS is how Bing is used in 34% of searches

    https://www.theregister.co.uk/2019/06/04/microsoft_bing_is_10/

    :D

  10. Al fazed

    No Flash involved

    Unfortunately I have come across this little blighter twice. Two seperate MAC's with the same unauthorised Proxy sitting on the network filtering away.

    However this little bugger had convinced the MAC that there were no OS or software updates available for the last couple of years. Everything was fine, even with Sophos antivirus installed, it wasna working.

    How was it done ?

    Something took over DHCP side of the WiFi component ! Badda Boom !

    All search results were being manipulated.

    Trying to update Sophos returned no results via it's software.

    Searching for Sophos with Google on Safari brought in dead pages with the links pointing to more search results, or Sophos pages where the links are all dead.

    Meanwhile, accessing eMails and Internet shopping trips were unaffected

    Clever stuff ????

    I fixed the devils by dishing out fixed IP addresses for the devices and deleting the Proxy configurations and clearing caches of the browsers and temp directories on the systems. The bugger just disappeared on both devices and hasn't returned yet. Updating to the latest OS releases may have prevented re infection.

    I get the feeling it was a router compromise in teh first place as the logs had all vanished. A Talk Talk router on one system and Virgin Media router on the other. Sadly I am not experienced enough to know for sure how this happened in the first place. It was aided and abetted by the User's indifference/lack of technical know how, when it comes to maintaining a device properly, or even just running anti virus software.

    So many end users are in the same boat I fear.

  11. Al fazed
    WTF?

    Flash is still required

    Don't know if anyone here watches UK Television, but it is still the case that in order to watch anything on Channel 4 via the Internet, you need to have Flash Player installed, or it won't work.

    It used to be the same with BBC iPlayer, but I haven't even tried to see if things have improved, so I am just one more lost consumer.

    It is still out there and some developers are still arranging for the delivery of their clients web content via Flash ??????

    Go figure that out if you can.

    1. RichardBarrell

      Re: Flash is still required

      Try using Chrome or Safari but changing the user-agent so that it reports itself as being an iPad?

      I've seen this work before on e.g. the BBC's website a couple years ago. They were doing UA sniffing to decide whether to try to show you the news video via a dirty dirty SWF or a nice cleanHTML5 video tag.

      1. bombastic bob Silver badge
        Devil

        Re: Flash is still required

        so the problem is that ti's not recognizing HTML5 capable browsers, then?

        you might see if there's a custom user-agent thing you can use, modify in about:config (for FF, not sure if Chrome "lets you" that filthy little dictator of a web browser)

        /me just reminded I need to finish my X11 toolkit, port webkit to use it, and write my OWN browser with built-in no script, memory-only cookies, customizable user agent, and NO 2D FLATTY or flash plugins!

        1. jbuk1

          Re: Flash is still required

          I think it's more to do with the DRM that they can wrap around the flash version.

          There use to be (may still be) a Windows command line utility for downloading videos from the BBC iPlayer which spoofed it's user agent as an iPad so that the BBC would return a drm free video stream which the tool could intercept.

  12. one crazy media

    Airo AV sells malware protection software. Buy it and install.

    No worries.

    1. Al fazed
      WTF?

      A bit pointless telling people here to install anti virus, unless you are trying to sell the one you mention.

      One of the affected clients reads the Radio Times and the Daily Mirror, the other reads about growing vegetables.

      Ordinary End Users do not read the Register as far as I can tell.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like