Login
Amazon Web Services (AWS), one of the world’s largest cloud providers, recently experienced a major outage that disrupted popular websites and apps across the globe—including Snapchat, Reddit, Fortnite, Ring, and Coinbase, according to reports from CNN and CNBC.
The disruption began out of Northern Virginia, where many of the internet’s most-used applications are hosted.
AWS said the problem originated within its EC2 internal network, impacting more than 70 of its own services, and was tied to DNS issues, the system that tells browsers how to find the right servers online.
A few hours after the initial reports of outages, AWS said the problem had been “fully mitigated,” though it took several more hours for all users to see their systems stabilized, according to CNBC.
There is no indication the outage was caused by a cyberattack, and Amazon continues to investigate the root cause.
When Amazon Web Services falters, the ripple effects reach far beyond businesses. Millions of consumers suddenly lose access to everyday apps and tools, including everything from banking and airline systems to gaming platforms and smart home devices.
“In the past, companies ran their own servers—if one failed, only that company’s customers felt it,” said Steve Grobman, McAfee’s Chief Technology Officer. “Today, much of the internet runs on shared backends like Amazon Web Services or Google Cloud. That interconnectedness makes the web faster and more efficient, but it also means one glitch can impact dozens of services at once.”
Grobman noted the issue was related to a capability called DNS within AWS, he described DNS as providing the directions on how systems find each other and even if those systems are operational, it can be detrimental.. It’s analogous to “tearing up a map or turning off your GPS before driving to the store.” The store might still be open and stocked, he explained, but if you can’t find your way there, it doesn’t matter.
“Even with rigorous safeguards in place, events like this remind us just how complex and intertwined our digital world has become,” Grobman added. “It highlights why resilience and layered protection matter more than ever.”
Events like this sow uncertainty for consumers. When apps fail to load, people may wonder: Is my account hacked? Is my data at risk? Is it just me?
Cybercriminals exploit that confusion. After past outages, McAfee researchers have seen phishing campaigns, fake refund emails, and malicious links promising “fixes” or “status updates” appear within hours.
Scammers often mimic legitimate service alerts—complete with logos and urgent wording—to trick users into entering passwords or payment information. Others push fake customer-support numbers or send direct messages claiming to “restore access.”
Here’s how to stay secure when the :
Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
McAfee’s identity protection tools also monitor for signs that your personal information may have been exposed and guide you through steps to recover quickly.
Sign in to your McAfee account to scan for recent breaches linked to your email. You can also sign up for a free trial of McAfee antivirus to protect your devices.
The post AWS Outage Disrupts Major Apps Like Reddit and Snapchat—What Happened and How to Stay Safe appeared first on McAfee Blog.
Cybercriminals tricked employees at major global companies into handing over Salesforce access and used that access to steal millions of customer records.
Here’s the McAfee breakdown on what happened, what information was leaked, and what you need to know to keep your data and identity safe:
Hackers claim they’ve stolen customer data from multiple major companies, including household names like Adidas, Cisco, Disney, Google, IKEA, Pandora, Toyota, and Vietnam Airlines. Security Week has reported throughout 2025 on a wave of social-engineering attacks exploiting human – rather than platform – vulnerabilities.
According to The Wall Street Journal, the hacking group has already released millions of Qantas Airlines customer records and is threatening to expose information from other companies next.
The data reportedly includes names, email addresses, phone numbers, dates of birth, and loyalty program details. While it doesn’t appear that financial data was included, this kind of personal information can still be exploited in phishing and scam campaigns.
Salesforce has issued multiple advisories stressing that these attacks stem from credential theft and malicious connected apps – not from a breach of its infrastructure.
Unfortunately, incidents like this aren’t rare, and they’re not limited to any one platform or industry. Even the most sophisticated companies can fall victim when hackers rely on social engineering and manipulation to breach secure systems.
Hackers reportedly called various companies’ employees pretending to be IT support staff—a tactic known as “vishing”—and convinced them to share login credentials or connect fake third-party tools, essentially handing the criminals the keys to their accounts. Once inside, they accessed customer databases and stole the information stored there.
Think of it less like a burglar breaking a lock, and more like someone being tricked into opening the door.
So far, leaked data appears to include:
There’s no indication of credit card or banking data in the confirmed leaks, but that doesn’t mean you’re in the clear.
Even if your financial information isn’t exposed in a data breach, personal details like name and address can still be used for targeted scams and phishing. When that information is stolen and sold online, scammers use it to:
Even if your data isn’t part of this specific leak, these attacks highlight how often your information moves through third-party systems you don’t control.
1) Change your passwords—today.
Use strong, unique passwords for every account. McAfee’s password manager can help. Try our random password generator here.
2) Turn on two-factor authentication (2FA).
Even if a hacker has your password, they can’t get in without your code.
3) Monitor your financial and loyalty accounts.
Watch for strange charges, redemptions, or password reset emails you didn’t request.
4) Freeze your credit.
It’s free and prevents new accounts from being opened in your name. You can unfreeze it anytime. McAfee users can employ a “security freeze” for extra protection.
5) Be extra cautious with “breach” emails or calls.
Scammers often pretend to be from affected companies to “help you secure your account.” Don’t click links or give information over the phone. Go directly to the company’s website or app or your own IT team if a breach happens at your workplace.
6) Consider identity protection.
McAfee’s built-in identity monitoring can monitor your personal info across the dark web, send alerts if your data appears in a breach, and include up to $1 million in coverage for identity recovery expenses.
Your data could already be out there, but you don’t have to leave it there.
McAfee helps you take back control. Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
And McAfee’s Personal Data Cleanup can help you check which data brokers have your private details and request to have it removed on your behalf.
Stay ahead of scammers. Check your exposure, clean up your data, and protect your identity, all with McAfee.
Learn more about McAfee and McAfee Scam Detector.
What to do if you’re caught up in a data breach
How to delete yourself from the internet
How to spot phishing emails and scams
The post Hackers Trick Staff Into Exposing Major Companies’ Salesforce Data–Find Out if You’re Safe appeared first on McAfee Blog.
by Harshil Patel and Prabudh Chakravorty
*EDITOR’S NOTE: Special thank you to the GitHub team for working with us on this research. All malicious GitHub repositories mentioned in the following research have been reported to GitHub and taken down.
Digital banking has made our lives easier, but it’s also handed cybercriminals a golden opportunity. Banking trojans are the invisible pickpockets of the digital age, silently stealing credentials while you browse your bank account or check your crypto wallet. Today, we’re breaking down a particularly nasty variant called Astaroth, and it’s doing something clever: abusing GitHub to stay resilient.
McAfee’s Threat Research team recently uncovered a new Astaroth campaign that’s taken infrastructure abuse to a new level. Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware configurations. When law enforcement or security researchers shut down their C2 infrastructure, Astaroth simply pulls fresh configurations from GitHub and keeps running. Think of it like a criminal who keeps backup keys to your house hidden around the neighborhood. Even if you change your locks, they’ve got another way in.
Astaroth is capable of targeting many South American countries like Brazil, Mexico, Uruguay, Argentina, Paraguay, Chile, Bolivia, Peru, Ecuador, Colombia, Venezuela, and Panama. It can also target Portugal and Italy.
But in the recent campaign, it seems to be largely focused on Brazil.
Figure 1: Geographical Prevalence
Astaroth is a password-stealing malware family that targets South America. The malware leverages GitHub to host configuration files, treating the platform as resilient backup infrastructure when primary C2 servers become inaccessible. McAfee reported the findings to GitHub and worked with their security research team to remove the malicious repositories, temporarily disrupting operations.
Figure 2 : Infection chain
The attack starts with an e-mail to the victim which contains a link to a site that downloads a zip file. Emails with themes such as DocuSign and resumes are used to lure the victims into downloading a zip file.
Figure 3: Phishing Email
Figure 4: Phishing Email
Figure 5: Phishing Email
JavaScript Downloader
The downloaded zip file contains a LNK file, which has obfuscated javascript command run using mshta.exe.
This command simply fetches more javascript code from the following URL:
To impede analysis, all the links are geo-restricted, such that they can only be accessed from the targeted geography.
The downloaded javascript then downloads a set of files in ProgramData from a randomly selected server:
Figure 6: Downloaded Files
Here,
”Corsair.Yoga.06342.8476.366.log” is AutoIT compiled script, “Corsair.Yoga.06342.8476.366.exe” is AutoIT interpreter,
“stack.tmp” is an encrypted payload (Astaroth),
and “dump.log” is an encrypted malware configuration.
AutoIt script is executed by javascript, which builds and loads a shellcode in the memory of AutoIT process.
Figure 7: AutoIt script building shellcode
The shellcode has 3 entrypoints and $LOADOFFSET is the one using which it loads a DLL in memory.
To run the shellcode the script hooks Kernel32: LocalCompact, and makes it jump to the entrypoint.
Figure 8: Hooking LocalCompact API
Shellcode’s $LOADOFFSET starts by resolving a set of APIs that are used for loading a DLL in memory. The API addresses are stored in a jump table at the very beginning of the shellcode memory.
Figure 9: APIs resolved by shellcode
Here shellcode is made to load a DLL file(Delphi) and this DLL decrypts and injects the final payload into newly created RegSvc.exe process.
The payload, Astaroth malware is written in Delphi and uses various anti-analysis techniques and shuts down the system if it detects that it is being analyzed.
It checks for the following tools in the system:
Figure 10: List of analysis tools
It also makes sure that system locale is not related to the United States or English.
Every second it checks for program windows like browsers, if that window is in foreground and has a banking related site opened then it hooks keyboard events to get keystrokes.
Figure 11: Hooking keyboard events
Programs are targeted if they have a window class name containing chrome, ieframe, mozilla, xoff, xdesk, xtrava or sunawtframe.
Many banking-related sites are targeted, some of which are mentioned below:
caixa.gov.br
safra.com.br
Itau.com.br
bancooriginal.com.br
santandernet.com.br
btgpactual.com
We also observed some cryptocurrency-related sites being targeted:
etherscan.io
binance.com
bitcointrade.com.br
metamask.io
foxbit.com.br
localbitcoins.com
The stolen banking credentials and other information are sent to C2 server using a custom binary protocol.
Figure 12: C2 communication
Figure 13: C2 infrastructure
Malware config is stored in dump.log encrypted, following is the information stored in it:
Figure 14: Malware configuration
Every 2 hours the configuration is updated by fetching an image file from config update URLs and extracting the hidden configuration from the image.
hxxps://bit[.]ly/4gf4E7H —> hxxps://raw.githubusercontent[.]com//dridex2024//razeronline//refs/heads/main/razerlimpa[.]png
Image file keeps the configuration hidden by storing it in the following format:
We found more such GitHub repositories having image files with above pattern and reported them to GitHub, which they have taken down.
For persistence, Astaroth drops a LNK file in startup folder which runs the AutoIT script to launch the malware when the system starts.
McAfee has extensive coverage for Astaroth:
Trojan:Shortcut/SuspiciousLNK.OSRT
Trojan:Shortcut/Astaroth.OJS
Trojan:Script/Astaroth.DL
Trojan:Script/Astaroth.AI
Trojan:Script/AutoITLoader.LC!2
Trojan:Shortcut/Astaroth.STUP
| IOC | Hash / URL |
|
7418ffa31f8a51a04274fc8f610fa4d5aa5758746617020ee57493546ae35b70 7609973939b46fe13266eacd1f06b533f8991337d6334c15ab78e28fa3b320be 11f0d7e18f9a2913d2480b6a6955ebc92e40434ad11bed62d1ff81ddd3dda945 |
|
| ZIP URL | https://91.220.167.72.host.secureserver[.]net/peHg4yDUYgzNeAvm5.zip |
| LNK | 34207fbffcb38ed51cd469d082c0c518b696bac4eb61e5b191a141b5459669df |
| JS Downloader | 28515ea1ed7befb39f428f046ba034d92d44a075cc7a6f252d6faf681bdba39c |
| Download server |
clafenval.medicarium[.]help sprudiz.medicinatramp[.]click frecil.medicinatramp[.]beauty stroal.medicoassocidos[.]beauty strosonvaz.medicoassocidos[.]help gluminal188.trovaodoceara[.]sbs scrivinlinfer.medicinatramp[.]icu trisinsil.medicesterium[.]help brusar.trovaodoceara[.]autos gramgunvel.medicoassocidos[.]beauty blojannindor0.trovaodoceara[.]motorcycles |
| AutoIT compiled script | a235d2e44ea87e5764c66247e80a1c518c38a7395291ce7037f877a968c7b42b |
| Injector dll | db9d00f30e7df4d0cf10cee8c49ee59a6b2e518107fd6504475e99bbcf6cce34 |
| payload | 251cde68c30c7d303221207370c314362f4adccdd5db4533a67bedc2dc1e6195 |
| Startup LNK | 049849998f2d4dd1e629d46446699f15332daa54530a5dad5f35cc8904adea43 |
| C2 server |
1.tcp.sa.ngrok[.]io:20262 1.tcp.us-cal-1.ngrok[.]io:24521 5.tcp.ngrok[.]io:22934 7.tcp.ngrok[.]io:22426 9.tcp.ngrok[.]io:23955 9.tcp.ngrok[.]io:24080 |
| Config update URL |
https://bit[.]ly/49mKne9 https://bit[.]ly/4gf4E7H https://raw.githubusercontent[.]com/dridex2024/razeronline/refs/heads/main/razerlimpa.png |
| GitHub Repositories hosting config images |
https://github[.]com/dridex2024/razeronline
https://github[.]com/Config2023/01atk-83567z https://github[.]com/S20x/m25 https://github[.]com/Tami1010/base https://github[.]com/balancinho1/balaco https://github[.]com/fernandolopes201/675878fvfsv2231im2 https://github[.]com/polarbearfish/fishbom https://github[.]com/polarbearultra/amendointorrado https://github[.]com/projetonovo52/master https://github[.]com/vaicurintha/gol |
The post Astaroth: Banking Trojan Abusing GitHub for Resilience appeared first on McAfee Blog.
Latest research from McAfee Labs just announced and the numbers are staggering. If you think you’re immune to scams because you’re “too smart” or “too careful,” you might want to think again. Scammers have stepped up their game in 2025, and they’re coming for everyone.
Let’s start with the most shocking stat: job-related scams exploded by over 1,000% from May through late July 2025. Yes, you read that right. One thousand percent.
Think about that for a moment. In a world where finding decent work feels harder than ever, scammers are weaponizing our most basic need for employment. They’re not just sending random “work from home” nonsense anymore. These criminals are getting sophisticated, using terms like “resume,” “recruit,” “maternity,” and “paternity” to exploit our hopes around benefits and career opportunities.
Here’s the brutal reality: Nearly 1 in 3 Americans have received a job offer scam by text message. That means if you’re in a group of three people, at least one of you has been targeted. Even more disturbing? 45% of Americans have either experienced a job search scam personally or know someone who has. This isn’t some distant threat anymore, it’s hitting close to home.
Amazon Prime Day was a goldmine for scammers. Text scams in the shopping category jumped 250% from May to late July, with much of that spike happening right around Prime Day. Coincidence? Absolutely not.
Scammers know exactly when we’re most vulnerable. They know we’re hunting for deals, expecting delivery notifications, and clicking faster than we’re thinking. Amazon and Apple are the top brand names being impersonated because, let’s face it, we all interact with these companies constantly.
Shopping email scams climbed 60% during this same period, with Amazon holding the top spot, Target moving into second place, and Apple rounding out the top three. The fact that Target surged into the number two spot tells us something important: scammers are diversifying their approach and studying our shopping habits more carefully than we might be studying theirs.
Personal finance scams aren’t just growing, they’re surging nearly 150% from May to late July. Email scams in this category literally doubled between June and July. The top bait words? “Loan” and “money.” Because nothing says desperation like targeting people who are already financially stressed.
Credit cards topped the list of email scam keywords, which makes perfect sense. In an economy where everyone’s feeling pinched, the promise of easy credit or debt relief hits different. URL-based finance scams rose 10% in July alone, proving that scammers are hitting us from every digital angle.
Here’s what’s really clever (in a completely evil way): technology scams grew 40% in text messages and saw a staggering 160% increase in email scams across June and July. Apple dominated the scam landscape, but here’s the kicker: Nvidia drove much of the late-July growth.
Think about why that matters. Nvidia isn’t just any tech company; it’s the company behind the AI revolution everyone’s talking about. Scammers are literally using our fascination with AI and cutting-edge tech against us. They’re banking on our FOMO around technology trends.
Let’s step back and think critically about what’s really happening here. These aren’t random increases. Scammers are becoming more sophisticated, more targeted, and more successful because they’re exploiting fundamental human psychology:
Economic anxiety: With inflation concerns and job market uncertainty, financial scams hit when people are most vulnerable.
Technology overwhelm: As tech evolves rapidly, scammers exploit our confusion and excitement about new developments.
Social proof manipulation: Using trusted brand names like Apple, Amazon, and Target because we’ve been conditioned to trust these companies.
Timing exploitation: Hitting during Prime Day, benefit enrollment periods, and job hunting seasons when our guard is down.
But there’s another layer we need to call out, the long-term impact of falling for a fake job. When you’re unemployed, every lead matters. Chasing a fraudulent one doesn’t just waste time; it effectively pauses your real job search. Many people say job hunting is a full-time job in itself, so losing that time can feel like being pushed back to square one. That setback compounds stress and deepens the economic anxiety you were already feeling. It’s not just about losing money, it’s about losing momentum, confidence, and critical opportunities in a competitive market.
Advice like “just be careful” doesn’t cut it anymore. Scammers have leveled up, and their tactics are sophisticated enough to fool even the smartest of people. That’s why having the right tools and awareness matters more than ever. Staying informed isn’t about fear, it’s about empowerment. The more you know, the harder it is for scammers to win.
For job seekers: If someone contacts you about a job you didn’t apply for, especially mentioning benefits or asking for personal information upfront, pump the brakes. Real recruiters don’t typically lead with benefit details or ask for sensitive data in initial communications.
For online shoppers: Those delivery notifications and deal alerts you’re getting? Slow down before clicking. Go directly to the retailer’s official website or app instead of clicking links in texts or emails.
For anyone with financial concerns: If an offer sounds too good to be true (instant loans, credit repair miracles, investment opportunities), it probably is. When you’re stressed about money, that’s exactly when scammers strike hardest.
For tech enthusiasts: Being excited about new technology is great, but scammers are counting on that excitement to make you click faster than you think. Always verify tech-related communications through official channels.
The data is crystal clear: scams aren’t just increasing, they’re exploding across every category that matters to everyday people. Job hunting, shopping, managing money, staying current with technology. These criminals are systematically targeting the most essential aspects of modern life.
But here’s what the scammers don’t want you to know: awareness is your best defense. They rely on speed, emotion, and distraction. The moment you slow down, verify independently, and think critically, their whole game falls apart.
The 2025 scam landscape isn’t just more dangerous, it’s more personal. These aren’t random attempts anymore. They’re calculated attacks designed to hit you exactly when and where you’re most likely to let your guard down. To help job hunters and others, McAfee has launched Scam Detector, an all-in-one protection solution to help keep you safer across text, email and video. McAfee’s Scam Detector runs continuously in the background across all your devices, analyzing incoming emails, texts, and videos to detect potential scams in real-time. When it detects something suspicious, you get an instant alert that explains what raised the red flag and walks you through the specific tactics scammers use, so you can spot similar attempts on your own. For job seekers, Scam Detector can be an invaluable tool to help prevent fraudulent scams.
Stay sharp out there. Your financial security, career prospects, and digital safety depend on it.
The post Scam Alert: The Alarming Reality Behind 2025’s Explosion in Digital Fraud appeared first on McAfee Blog.
When news of Taylor Swift and Travis Kelce’s engagement broke recently, fans around the world celebrated this real-life love story. Unfortunately, cybercriminals saw something else entirely: a golden opportunity to exploit millions of devoted Swifties and NFL fans through sophisticated scams that blend AI technology with classic fraud tactics.
The engagement of two mega-celebrities creates an ideal environment for scammers. With millions of fans eager for content, merchandise, and insider information about their favorite stars, fraudsters have crafted elaborate schemes that prey on this enthusiasm. What makes these recent scams particularly dangerous is their use of cutting-edge AI technology that makes fake content increasingly difficult to detect.
McAfee threat researchers have identified a deepfake video circulating across social media platforms, all capitalizing on the engagement buzz. These AI-generated videos, some featuring a likeness of Selena Gomez, are commenting on the engagement, overlayed on video clips of Taylor Swift, but they’re entirely fabricated.
Figure 1 – Examples of deepfakes on social media
The sophistication of these deepfakes is concerning. They feature realistic facial movements and convincing audio that can fool even discerning viewers. Fortunately, McAfee’s Scam Detector technology has been successfully identifying these fraudulent videos, alerting users with notifications that read “Deepfake detected” and advising viewers to “take a moment to double-check if the video is real and accurate.”
Deepfake videos can serve several malicious purposes:
Perhaps even more concerning than the deepfakes is the explosion of fraudulent merchandise capitalizing on the engagement. Scammers have quickly pivoted to creating fake commemorative items, with one of the most prominent examples being counterfeit “Taylor Swift Funko Style Collectible Engagement Edition Dolls.”
Figure 2 – AI-Generated Funko Style Doll with AI-Generated Text
McAfee threat researchers recently investigated a website selling unauthorized Taylor Swift and Travis Kelce Funko Pop-style dolls. At first glance, the site appears legitimate, complete with professional product photography and detailed descriptions. However, closer inspection reveals several red flags:
AI-Generated Product Image: The most telling sign of fraud lies in the product images themselves. Researchers discovered that the Funko doll boxes contained misspelled words and incorrect text placement – classic indicators that the images were generated by AI rather than photographed from real products. These imperfections are common in AI-generated content, where text rendering often fails to produce accurate spelling or realistic placement. However, AI image generation tools are rapidly improving and are getting better at generating text.
Fraudulent Security Badges: The website goes to extraordinary lengths to appear legitimate, even displaying a fake “McAfee Secure” badge. This is particularly brazen, as scammers are literally using McAfee’s trusted brand to legitimize their fraudulent operation. Consumers should always verify security badges by clicking on them to ensure they lead to official verification pages. The McAfee SECURE seal was replaced by TrustedSite in 2013.
Too-Good-To-Be-True Pricing: The dolls are priced at $26.98, marked down from $49.99 – a classic pricing strategy designed to create urgency and the perception of a great deal.
These scams represent more than just financial fraud; they’re part of a larger ecosystem of misinformation and exploitation that damages both fans and the celebrities themselves. When deepfakes spread false information or when unauthorized merchandise floods the market, it can:
As these scams continue to evolve, consumers need to stay vigilant. Here are key steps to protect yourself:
For Social Media Content:
For Merchandise Purchases:
The Taylor Swift and Travis Kelce engagement scams highlight a broader trend in cybercrime: the democratization of sophisticated fraud tools. AI technology that once required significant technical expertise is now accessible to everyday scammers, making it easier than ever to create convincing fake content.
However, the same technology enabling these scams is also being used to combat them. Detection tools like McAfee’s Scam Detector are becoming more sophisticated at identifying AI-generated content, providing crucial protection for consumers.
The Taylor Swift and Travis Kelce engagement should be a celebration of love and happiness. Instead, it’s become another reminder of how quickly scammers adapt to exploit major news events and celebrity culture. By staying informed about these tactics and maintaining healthy skepticism about online content, fans can protect themselves while still enjoying legitimate coverage of their favorite celebrities.
Remember: if something seems too good to be true – whether it’s exclusive celebrity content or amazing merchandise deals, it probably is. In the age of AI-generated scams, a moment of caution can save you from becoming the next victim in this digital love story gone wrong. The best way to show love for Taylor Swift and Travis Kelce isn’t by clicking on suspicious links or buying questionable merchandise – it’s by being smart, careful consumers who don’t give scammers the attention and money they’re seeking.
The post How Fraudsters Are Exploiting the Taylor Swift and Travis Kelce Engagement appeared first on McAfee Blog.
While Apple goes to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. What does Apple provide in terms of antivirus protection? In this article, we will discuss some signs that your Mac may be infected with a virus or malware, the built-in protections that Apple provides, and how you can protect your computer and yourself from threats beyond viruses.
A computer virus is a piece of code that inserts itself into an application or operating system and spreads when that program is run. While viruses exist, most modern threats to macOS come in the form of other malicious software, also known as malware. While technically different from viruses, malware impacts your Mac computers similarly: it compromises your device, data, and privacy.
While Apple’s macOS has robust security features, it’s not impenetrable. Cybercriminals can compromise a Mac through several methods that bypass traditional virus signatures. Common attack vectors include software vulnerabilities, phishing attacks that steal passwords, drive-by downloads from compromised websites, malicious browser extensions that seem harmless, or remote access Trojans disguised as legitimate software.
Understanding the common types of viruses and malware that target macOS can help you better protect your device and data. Here’s a closer look at the most prevalent forms of malware that Mac users should watch out for.
Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a couple of ways:
Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have a virus or malware running in the background, zapping your device’s resources.
Malware or mining apps running in the background can burn extra computing power and data, causing your computer to operate at a high temperature or overheat.
If you find unfamiliar apps you didn’t download, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, unauthorized changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer has been hacked.
Your browser’s homepage or default search engine changes without your permission, and searches are redirected to unfamiliar sites. Check your browser’s settings and extensions for anything you don’t recognize.
Your antivirus software or macOS firewall is disabled without your action. Some viruses or malware are capable of turning off your security software to allow them to perform their criminal activities.
Fortunately, there are easy-to-use tools and key steps to help you validate for viruses and malware so you can take action before any real damage is done.
Macs contain several built-in features that help protect them from viruses:
There are a couple of reasons why Mac users may want to consider additional protection on top of the built-in antivirus safeguards:
Macs are like any other connected device. They’re also susceptible to the wider world of threats and vulnerabilities on the internet. For this reason, Mac users should think about bolstering their defenses further with online protection software.
If you suspect your Mac has been infected with a virus or other malware, acting quickly is essential to protect your personal data and stop the threat from spreading. Fortunately, this can be effectively done with a combination of manual steps and trusted security software:
In the most extreme cases, erasing your hard drive and reinstalling a fresh copy of macOS is a very effective way to eliminate viruses and malware. This process wipes out all data, including the malicious software. This, however, is considered the last resort for deep-rooted infections that are difficult to remove manually.
As cyber threats grow more sophisticated, taking proactive steps now can protect your device, your data, and your identity in the long run. Here are simple but powerful ways to future-proof your Mac, and help ensure your device stays protected against tomorrow’s threats before they reach you:
Staying safe online isn’t just about having the right software—it’s about making smart choices every day. Adopting strong digital habits can drastically reduce your risk of falling victim to viruses, scams, or data breaches.
An important part of a McAfee’s Protection Score involves protecting your identity and privacy beyond the antivirus solution. While online threats have evolved, McAfee has elevated its online protection software to thwart hackers, scammers, and cyberthieves who aim to steal your personal info, online banking accounts, financial info, and even your social media accounts to commit identity theft and fraud in your name. As you go about your day online, online protection suites help you do it more privately and safely. Comprehensive security solutions like McAfee+ include:
Yes. While Safari has built-in security features, you can still get a Mac virus by visiting a compromised website that initiates a drive-by download or by being tricked into downloading and running a malicious file.
Not necessarily. Many websites use aggressive pop-up advertising. However, if you see persistent pop-ups that are difficult to close, or fake virus warnings, it’s a strong sign of an adware infection.
Yes. While some consider it less harmful than a trojan, adware is a form of malware. It compromises your browsing experience, tracks your activity, slows down your computer, and can serve as a gateway for more dangerous infections.
If you have a security suite with real-time protection, your Mac is continuously monitored. It is still good practice to run a full system scan at least once a week for peace of mind.
Direct infection via a cable is extremely unlikely due to the security architecture of both operating systems. The greater risk comes from shared accounts. A malicious link or file opened on one device and synced via iCloud, or a compromised Apple ID, could affect your other devices.
Current trends show a rise in sophisticated adware and PUPs that are often bundled with legitimate-looking software. Cybercriminals are also focusing on malicious browser extensions that steal data and credentials, injecting malicious code into legitimate software updates, or devising clever ways to bypass Apple’s notarization process. Given these developments, Macs can and do get viruses and are subject to threats just like any other computer. While Apple provides a strong security foundation, their operating systems may not offer the full breadth of protection you need, particularly against online identity theft and the latest malware threats. Combining an updated system, smart online habits, and a comprehensive protection solution helps you stay well ahead of emerging threats. Regularly reviewing your Mac’s security posture and following the tips outlined here will also enable you to use your device with confidence and peace of mind.
The post Can Apple Macs get Viruses? appeared first on McAfee Blog.
The value of Bitcoin has had its ups and downs since its inception in 2013, but its recent skyrocket in value has created renewed interest in this virtual currency. The rapid growth of this alternative currency has dominated headlines and ignited a cryptocurrency boom that has consumers everywhere wondering how to get a slice of the Bitcoin pie. For those who want to join the craze without trading traditional currencies like U.S. dollars (i.e., fiat currency), a process called Bitcoin mining is an entry point. However, Bitcoin mining poses a number of security risks that you need to know.
Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. Miners, as they are called, essentially maintain and secure Bitcoin’s decentralized accounting system. Bitcoin transactions are recorded in a digital ledger called a blockchain. Bitcoin miners update the ledger by downloading a special piece of software that allows them to verify and collect new transactions. Then, they must solve a mathematical puzzle to secure access to add a block of transactions to the chain. In return, they earn Bitcoins, as well as a transaction fee.
As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning, a Bitcoin user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power. This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices.
One example of this security breach happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors used this time delay to access the users’ laptops for mining. In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. When an attacker loads mining software onto devices without the owner’s permission, it’s called a cryptocurrency mining encounter or cryptojacking.
It’s estimated that 50 out of every 100,000 devices have encountered a cryptocurrency miner. Cryptojacking is a widespread problem and can slow down your device; though, that’s not the worst that can happen. Utility costs are also likely to go through the roof. A device that is cryptojacked could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.
Now that you know a little about mining and the Bitcoin security risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:
The post Bitcoin Security: Mining Threats You Need to Know appeared first on McAfee Blog.
FreshRSS