Computer security researchers at Trend Micro have discovered a new way hackers are trying to run .EXE files, the official executable file format used for Windows, on macOS. During their investigation, these .EXE files were delivering a malicious payload that overrides Mac’s built-in protection mechanisms such as Gatekeeper, with the highest numbers for infections to be in the United Kingdom, Australia, Armenia, Luxembourg, South Africa and the United States. It was found in the installer of a popular firewall app for Mac and Windows called Little Snitch, available for download from various torrent websites. Read more to discover how this app is able to bypass Gatekeeper.
Photo credit: Christian Colen
“By default, EXE files won’t run on a Mac. The booby-trapped Little Snitch installer worked around this limitation by bundling the EXE file with a free framework known as Mono. Mono allows Windows executables to run on MacOS, Android, and a variety of other operating systems. It also provided the DLL mapping and other support required for the hidden EXE to execute and install the hidden payload. Interestingly, the researchers couldn’t get the same EXE to run on Windows,” reports Ars Technica.
Photo credit: Trend Micro