Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

8.24.2017 ( Version 2094 )


Also Known As: OSX/Genieo

OSX/AceInstaller appears to be a Trojaned or bundled installer distributed with torrent downloads [1]. However, there is little publicly available information about this threat at this time. Researching the Yara rule, a matching file appears to have been uploaded and analyzed by malwr.com. The sample contains additional strings that indicate its ability to masquerade as an Adobe Flash Installer, likely as a form of Adware [2]. While the hash associated with the malwr.com analysis [2] is not currently found in VirusTotal, the hash associated a second sample at malwr.com [3] is detected by many AV products as a variant of OSX/Genieo.

  1. http://www.mac-forums.com/security-awareness/342209-aceinstaller-dmg-please-help.html
  2. https://malwr.com/analysis/MjExN2EwODAwNDE4NGFmY2FjMGE0YTg0NzNkYjczZTQ/
  3. https://malwr.com/analysis/MzdiNGEyMjk4NTRlNDMwOWFjYTU2OTBhMzk2NjFlMTM/

Sample Hashes (VT links):