Apple Updates XProtect Definitions for XcodeGhost Malware
Posted on by Derek Erwin
Apple has updated its XProtect.plist definitions file to version 2068, providing OS X with basic detection for the XcodeGhost malware and a new version of Genieo. This update detects two new variants of malware: OSX.XcodeGhost.A and OSX.Genieo.D.
The XcodeGhost malware is a fake version of Apple’s Xcode developer tool, which enabled hackers to put malicious code into apps available on the App Store.
Apple also added a new code to XProtect for OSX.Genieo.D, blocking the new variant of a problematic adware installer. Genieo is a troubling installer package that surreptitiously delivers sketchy adware to people trying to install popular applications.
Apple’s XProtect — its “safe downloads list” feature — has been part of OS X since Snow Leopard; in 2009, Intego described what this anti-malware function does to protect your Mac (and how it lacks protection). XProtect is the same function Apple uses to block out-of-date plug-ins for Flash Player and Java, both of which are often targeted by malicious folks looking to exploit vulnerabilities.
Security updates from Apple are always welcome, however, XProtect only offers rudimentary protection against specific Mac threats: it does not offer live malware scanning, nor does it protect against Windows threats or phishing attacks, and it lacks the layered protection that full-featured Mac anti-virus software can provide.