Empowering your
online journey

Empowering your
online journey

The internet has created endless possibilities. You can pay bills, post videos of your favourite band, or even buy a dog.

Sadly, some people aim to exploit this world of possibilities. We’re here to help with that, by giving you the power to explore the internet with protection, confidence and freedom.

MORE INFO

Our Products

Privacy

CyberGhost

Shield yourself from online snoopers. Enjoy the internet like it was meant to be: private and borderless. Trusted by 15 million users.

FIND OUT MORE
ZenMate

ZenMate is a digital privacy company, headquartered in Berlin, focused on encrypting and securing internet connections and protecting individuals' privacy and digital data.

FIND OUT MORE

Performance

DriverFix

Solve all your driver and software problems instantly. DriverFix has drivers for all your devices and peripherals. Trusted by more than 50 million users.

FIND OUT MORE
Restoro

Take the sting out of computer repair. Fix your computer and restore peak performance via the internet. 24/7 support. Downloaded by over 30 million users. “A miracle service” - PC World

FIND OUT MORE

Malware Protection

Intego

End point security, anti-phishing and anti-spyware. Firewall network protection for home and on the go. Protects sensitive personal information. Mac Cleaner speeds up and organizes your Mac. Personal Backup software for quick and easy recovery in case of a crash

FIND OUT MORE

Empowering your online journey

OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass

Last week, Intego researchers discovered new Mac malware, OSX/Linker, that attempts to leverage a recently disclosed zero-day flaw in macOS' Gatekeeper protection.

Let's examine what we know about this latest Mac malware campaign.

Before digging into the OSX/Linker malware, it would be helpful, for context, to discuss the "MacOS X GateKeeper Bypass" vulnerability that was publicly disclosed by Filippo Cavallarin on May 24. Gatekeeper is a technology included in macOS that is supposed to check apps downloaded from the Internet for either a revoked developer signature, or for certain specific malware that Apple chooses to detect, before allowing an app to run.

The more technical explanation: Cavallarin noted that macOS treats apps loaded from a network share differently than apps downloaded from the Internet. By creating a symbolic link (or "symlink"—similar to an alias) to an app hosted on an attacker-controlled Network File System (NFS) server, and then creating a .zip archive containing that symlink and getting a victim to download it, the app would not be checked by Apple's rudimentary XProtect bad-download blocker.

The simpler explanation: This trick makes it easier for malware to infect a Mac—even if Apple has a built-in signature that's supposed to protect your Mac from that malware.

Cavallarin says that he reported the vulnerability to Apple on February 22, and Apple told him that the issue would be fixed within 90 days—but Apple missed its deadline, and Cavallarin believed that Apple was no longer responding to his e-mails, so he released his findings publicly via his blog.

For the full article visit Intego's blog