Jump to content

Archived

This topic is now archived and is closed to further replies.

Recommended Posts

Does ESET Cyber Security only detects OR removes the OSX.Proton malware found in Eltima Software some days ago?

Thanks for any information you can provide me

Came

Share this post


Link to post
Share on other sites

Since Eset was the one to discover it as noted in this blog posting: https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/ , I assume they have a signature for it. However if one was infected in the early attack stages, it appears all that can be done is to reinstall the OS.

Share this post


Link to post
Share on other sites

Hi Came,

It sure does, detection has been available since 7th May 2017 according to ESET Virus Radar (OSX/Proton), and subsequent variations of Proton have been added to the definitions. Most recent one is variant D, which was added on 19th October 2017.

Because of this, ESET Cyber Security and ESET Cyber Security Pro should detect as well as protect you.

If it has already been opened without protection, as @itman mentioned and referenced in the ESET blog post, you should erase the drive on your Mac and fresh install macOS as it does monitor quite a bit on your system and just a simple reinstall on top may not remove all traces.

Apple has an article on how to reinstall macOS, which you can view here: https://support.apple.com/en-us/HT204904. You would want to install from macOS Recovery, and erase your startup disk (Back up everything first as this will delete everything from your Mac.)

Share this post


Link to post
Share on other sites

What kind of harm does this malware cause? I mean, how do users recognize it without a scan?

Share this post


Link to post
Share on other sites

Hello,

I am still having problems with my second Macbook and its the older one:

A)  The computer doesn't  have restore partition or macOS Recovery, I know this since I bought it (I am the second owner)

B) I can not connect to Internet, I don't know why

The only solution I have at this moment is to use a bootable backup solution (Carbon Copy Cloner) from a friend of mine

But I read this Trojan is a persistent malware, so I am afraid I can infect her external hard drive, trying to boot with CCC

So my question will be:

Can I infect her bootlable backup media?

Thanks

Came

 

 

Share this post


Link to post
Share on other sites
2 hours ago, camelia said:

The only solution I have at this moment is to use a bootable backup solution (Carbon Copy Cloner) from a friend of mine

There is also another option to download macOS High Sierra from the App Store on your main MacBook and create a bootable USB installer to use on your second MacBook, which you can boot into and perform the clean install. Easiest Instructions are provided by MacWorld: https://www.macworld.com/article/3204672/macs/how-to-create-a-bootable-macos-high-sierra-installer-drive.html

 

2 hours ago, camelia said:

Can I infect her bootlable backup media?

As long as you directly access the backup media by holding down the alt/option key before booting up into macOS, it shouldn't infect it. Once you use the CCC cloned Recovery and erase your Macintosh HD from your MacBook using Disk Utility, all traces will be removed since you've completely wiped the hard drive.

Share this post


Link to post
Share on other sites
21 hours ago, Warsik said:

What kind of harm does this malware cause? I mean, how do users recognize it without a scan?

The intention of Proton is to remain hidden and provide a backdoor on your Mac to steal all sorts of personal information.

The WeLiveSecurity article that @itman linked provides a wonderful amount of detail about Proton — including how to manually check if you are compromised and what the payload does on the system.

https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/

Share this post


Link to post
Share on other sites
23 hours ago, planet said:

There is also another option to download macOS High Sierra from the App Store on your main MacBook and create a bootable USB installer to use on your second MacBook, which you can boot into and perform the clean install. Easiest Instructions are provided by MacWorld: https://www.macworld.com/article/3204672/macs/how-to-create-a-bootable-macos-high-sierra-installer-drive.html

Thank you expert Planet, it was a satisfactory solution for my old Mac, successfully I could boot from the bootable media and I found out, I didn't have internet connection because my USB Ethernet Adapter is broken, I will get my replacement next week, that is why I think I downloaded the trojanized applications from the my newest MacBook, but I didn't install them in the newest only in the oldest

In this case, downloading the trojanized applications only, but not install them can compromise my newest Mackbook?

Can I post ESET Cyber Security Logs in the sub forum Malware Finding and Cleaning?

I don't want to continue creating a bootable USB installer until I know your advice.

Thanks in advance for any information you can provide me

Share this post


Link to post
Share on other sites
4 hours ago, camelia said:

In this case, downloading the trojanized applications only, but not install them can compromise my newest Mackbook?

Not running the applications will not compromise your system, so in this case, your newest MacBook should be fine. To be safe, if you have performed an In-depth scan from ESET Cyber Security and found no threats, your system should be fine.

Share this post


Link to post
Share on other sites
18 hours ago, planet said:

Not running the applications will not compromise your system, so in this case, your newest MacBook should be fine. To be safe, if you have performed an In-depth scan from ESET Cyber Security and found no threats, your system should be fine.

Thank you very much, expert planet

Everything is OK now, with my new bootlable media

:)

Came

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...