Digita Security

Cybersecurity solutions for the

  • modern
  • mobile
  • independent
  • innovative
  • enterprising

macOS workforce

8.24.2017 ( Version 2094 )

XProtect_OSX_Mughthesec_A

Also Known As: OSX/OperatorMac, Safe Finder

OSX/Mughthesec is macOS Adware that masquerades as a Flash Installer named Player.dmg. The installer is legitimately signed and was written with VM and AV avoidance techniques. Upon execution of the installer, Adware and other Potentially Unwanted Programs (PUPs) are offered along with the Flash player install. Once accepted the malware installs a Safari extension and hijacks the user's search experience and homepage to serve its advertising [1].

References:
  1. https://objective-see.com/blog/blog_0x20.html

Sample Hashes (VT links):
f5d76324cb8fcae7f00b6825e4c110ddfd6b32db452f1eca0f4cff958316869c