Stealer malware continues to spawn variants, poisoning ad-search platforms and hijacking cryptocurrency wallets. How much is actually being done to detect and neutralize Stealer related wrongdoing? App subscription scams on the App Store are on the increase: what’s Apple doing about it? And the Apple Car project has ended. What will Apple be working on next instead?
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Have a question? Ask us! Contact Intego via email if you have any questions you want to hear discussed on the podcast, or to provide feedback and ideas for upcoming podcast episodes.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Voice Over 0:00
This is the Intego Mac Podcast—the voice of Mac security—for Thursday February 29 2024.
This week’s Intego Mac Podcast—the voice o security headlines include: Stealer malware continues to spawn variants, from the poisoning of ad search platforms to hijacking cryptocurrency wallets. How much is actually being done to detect and neutralize Steeler related wrongdoing? App subscription scams on the App Store are on the increase. What’s Apple doing about it? And the Apple Car project has ended. What will Apple be working on next instead? Now here are the hosts of the Intego Mac Podcast. veteran Mac journalist, Kirk McElhearn. And Intego’s chief security analyst, Josh Long.
Kirk McElhearn 0:50
Good morning, Josh. How are you today?
Josh Long 0:51
I’m doing well. How are you, Kirk?
Kirk McElhearn 0:53
I’m doing just fine. You know what today is? Not the day that we’re recording. But the day that the podcast is released? (I don’t know. What is it?) Today, if you’re listening to this on Thursday, is Leap Day, February 29. And we’ve got some more malware. Is it really a big deal because it’s the same kind of malware we talked about recently. And I guess the only important thing to note is it’s still active and still spreading via Google ads.
Josh Long 1:18
Yeah, so we talked about Stealer malware a lot. It’s been a big topic over the last year. And it still continues to be probably, I would say the most prevalent Mac malware that we’re seeing at this point. And there’s various different families of this. One of the ones that we’ve been seeing a lot of is called Atomic macOS Stealer, also known as Atomic Stealer, or AMOS for short, Atomic macOS Stealer. That’s where the AMOS comes from. And so this particular malware is still active. This typically comes in the form of a Trojan horse. So you’re searching for, maybe you’re doing a Google search for some particular piece of software that you want to download. And you don’t notice that the first result in Google search results is actually an ad because there it’s kind of hard to tell sometimes if you’re not really looking and paying attention. And so it might look exactly like the real ads for that particular software. But when you click on it, it redirects to a site that, again, looks exactly or nearly exactly like the real site. It’s hosted on a different domain. And maybe you don’t notice that. And when you download it, you get a Trojan horse, it looks like the real app. But it contains malware that is now going to be actively stealing data from your system and exfiltrating it to some malicious third party. So that’s Atomic macro is Stealer and how it works. It’s still around this has been ongoing with multiple different search engine poisoning campaigns, and ad malicious advertisement campaigns. And it’s still going on it’s so it came up in the news again this week, because it hasn’t gone away yet. And it’s not going to by the way, we’re seeing so much Stealer malware on the Mac. Now, it’s eclipsing almost every other kind of malware that’s out there. And because what’s profitable, what, you know, why are bad guys doing all of this, they’re primarily either working for a nation state, you know, they’re maybe they’re trying to, to get gather information from certain targets, or just people in general, or the other thing that they might be doing is trying to finance their operation by stealing cryptocurrency wallets and other things like that. And if they can steal your wallets, or if they can steal your session cookies that authenticate you to sites like Facebook, then they can take over your account, and they can you know, spread malicious links or propaganda or whatever their goals might be.
Kirk McElhearn 3:52
You know, listening to this, and having heard you say something similar several times in the past year, two years, it’s easy to think, well, he’s just saying the same thing. But the real problem is that this still exists. It’s still a threat. It’s still stealing more stuff. And it’s, I don’t want to say you’re the boy crying wolf. But a lot of people might think, Oh, he’s talking about the same thing again, but it’s not the fact that it’s still around, it’s still spreading via Google Ads shows that Google isn’t really doing anything to stop this. Yeah.
Josh Long 4:26
Well, and that’s one big problem here is that this requires a team effort, right? Everybody has to be on board with this. You know, once these websites get discovered, they need to be shut down quickly, like the domains need to be revoked from whoever purchased them immediately. Right. Usually these things, use some brand newly registered domain, that’s should be a pretty big red flag when all of a sudden they’re hosting software. Right. And so I think there’s a lot of parties that could be doing a better job of, you know, policing within their jurisdictions, but Sir only Google has a big responsibility here. They’re the ones who were, you know, allowing these malware developers to buy ads and have them look exactly in some cases almost exactly or exactly like the real ads for the legitimate software. How is it that Google is allowing that to happen in 2024, this shouldn’t be a thing. And yet, unfortunately, we’re still seeing that happen. By the way, there are new variants of this malware that event that come out. So once they kind of get picked up by a number of antivirus engines, then they modify their code and you know, change things around so that it’s more difficult to detect, and new signatures have to be developed. And so it’s not like they’re the malware developers or even being complacent, they’re actively developing this malware to make it harder to detect.
Kirk McElhearn 5:53
But Intego’s malware research team is working hard to make sure that Intego Virus Barrier’s virus definitions are always up to date.
Josh Long 6:00
Exactly right. So that’s why it’s so important to make sure that you don’t just rely on Apple’s built in limited X protect protection, which by the way, they came out with an update this week, we don’t usually mention it because there’s usually not a whole lot to say about it. XProtect, if you’re not aware is this technology that’s been built into macOS all the way back to macOS 10, Snow Leopard, and it’s a very limited selection of particular malware that Apple is looking for, and not nearly as comprehensive as full fledged antivirus software with teams of people who are looking for hunting for this malware and developing signatures to protect people right away way before Apple usually ever gets a signature added to the operating system.
Kirk McElhearn 6:46
Maybe you should explain what a signature is because I don’t think we’ve discussed this in a long time.
Josh Long 6:52
There are particular data points or or bits of metadata or code that can easily be recognized. And so a signature looks for those particular things, those attributes that uniquely identify some file as being malware as being associated with a known malware campaign, or a known malware family.
Kirk McElhearn 7:14
Okay. Speaking of malware, and scams, we’ve been talking about scam apps a lot recently, and you discovered an interesting list of scam apps in both the Apple App Store on the Google Play Store. And the person who’s maintaining this list says that this is a multimillion dollar scam. It’s hard to know how many people fall for this. But when you look at the apps, and you look at the reviews talking about people getting tricked into paying for subscriptions, this could add up to a lot.
Josh Long 7:41
Right there was a researcher I’d never heard of before. But they reached out to me. And they had shared this link to a pretty detailed article that they wrote, they linked to a whole bunch of different apps on the App Store that are still available on the App Store. Most of these apps claimed to be video game mods, which is a little bit suspicious, because a lot of games you can’t really get mods for them on iOS. But a lot of these apps claimed to be mods for existing video games. And what this researcher describes is that when you download these apps, and by the way, they come from a whole bunch of different developers. So even though they look like they’re all designed by the same developer, they all behave in nearly exactly the same way. But there are multiple different developer accounts for all of these different apps. So it’s possible that they may be violating AppStore policies by having multiple developer accounts, just to make it a little bit harder to take them down if Apple does discover that some of these things are in violation of App Store policies. But what these apps generally do is that as soon as you open the app, you know, you start tapping on things, and within seconds, you’ll get a prompt that tells you that you need to subscribe in order to use this app. And they typically charge about $10 a month. According to this researcher, they claim that you can get charged up to three times some in some cases per app with three different in app purchases. So you could end up getting charged up to $30 a month if you’re not careful. And so imagine that like a kid downloads these games, right? Maybe your your child downloads one of these games, because it looks like a game that they play. And it might have something to do with it. Maybe they can give them some advantage in the game. And they download this this app, you haven’t limited their ability to make an app purchases and now you could be paying some kind of scam where developers anywhere from 10 to $30 a week. That’s a lot of money. And it may be a little while before you realize this and and put a stop to that. So that’s kind of what it seems like they’re banking on. They violate multiple App Store policies by the way, one of them is that the amount that’s going to be charged to you is in really tiny fine print. It’s so small that it that I think most people would have a hard time seeing it. Not only that, but in many cases, there’s sort of like a background like preview video that’s going on to show you supposedly, what you’re going to get if you purchase this in app subscription. And that video can also kind of obscure the text that’s in the foreground, which is already really small. So this violates an App Store policy that says that you need to be really clear about how much is going to be charged to the user if they if they purchase something in app.
Kirk McElhearn 10:41
So I just picked one of them at random to look at in the App Store. And I opened it on my iMac. And you can see these apps in the macOS App Store. Even though it says designed for iPad not verified for macOS. And I also worked on my iPhone, one thing you notice is that they they have an average of let’s see, the one I’m looking at just picked a random, the average reviews are 4.3 stars out of five. So which means that they’ve had a whole campaign of fake reviews. But you can tell that there are a number of one star reviews. And when you look at them, people say that this is fake, and it’s a scam and all that there is no button to report apps on the App Store. I think you can go to an Apple web page someplace to report an app. But there’s no button to say, I’m an Amazon report, you know, from bad product information on that you can do that on Amazon easily. You can’t do that on Apple’s App Store. And I think that’s something that Apple needs. It looks like Apples just opening the door to this because there’s so many apps, they can’t verify them all, it’s clear that the review process is not very efficient, because as you say, that text is so small that no one can see it. So it’s Whack a Mole. But in a way, it’s I don’t see what they can do without somehow getting proof that these developers exist and maybe getting a deposit from them. Right or holding their money for a certain amount of time. Before they pay it out. It seems that this is there’s so many these apps that it must be an easy scam and Apples not really trying hard.
Josh Long 12:11
By the way, what you actually get if you do happen to pay for the in app subscription is, according to this researcher, the only thing that you really get out of it is, for example, wallpaper. So you get oh, wow, I get to download a new wallpaper, whoop dee doo. And that’s going to cost me $10 A week, like it’s kind of crazy. So these are clearly apps that are not providing any real value is certainly not relative to the amount that they’re charging, by the way. And you mentioned about the reviews, the so the way that this works is that they’ll average out to somewhere between four and five stars, because as soon as they the malicious developer puts these things into the App Store, they have a whole bunch of accounts that they use to leave fake reviews. And so they boosted up to five stars. So it’s immediately five stars, practically as soon as it hits the App Store. And then as people if if people leave a negative review of one star and say this is a scam app, it stole my money, it didn’t provide the thing that it claimed it would, then what the malicious developer will do is they’ll just have a whole bunch of additional accounts leave more five star reviews to silence the one stars and outnumber the one star reviews. So they continue to maintain a four point something star rating. And we’ve seen this multiple times. By the way, the the scam app that we talked about last week, the cryptocurrency scam app, we have an article on the Intego Mac security blog about this. And there was a second app that also had recently been in the App Store that’s mentioned in that article. And what we have seen with those apps and many many others is that again, these fake reviews will boost the star rating and sometimes that star rating it will show five stars even if you can see a review where somebody left a one star review for it.
Kirk McElhearn 14:06
Well it’s an average right so if there were enough five star reviews, they will totally annihilate the one star reviews. All right, that’s enough about scams we’re gonna take a break when we come back we’re going to talk about the Apple car that is no more.
Voice Over 14:20
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Best of all, it’s compatible with macOS Sonoma, and the latest Apple Silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Kirk McElhearn 15:36
If you’ve been following Apple news, you know that Apple has already announced that they are canceling the Apple car. Actually they didn’t announce it was I believe Mark Gurmann and a couple of other people who have information from Apple, the Apple car is not going to exist. Apparently the company had 2000 employees working on this. They’ve been working on it for 10 years, they might have even been working on it for longer than that. We don’t know how much preparatory work they did. Coincidentally, I read an article just this morning that was in yesterday’s New York Times and it is entitled, China’s electric vehicles are going to hit Detroit like a wrecking ball. And it made me think that gee, I wonder if Apple read that article. Of course, they already knew about this. There’s one particular Chinese company DYB that’s going to be introducing an electric car into United States is going to cost $11,000. Now if you want an electric car, you know, you can’t even get half of an electric car for $11,000. This price includes a 25% tariff for imported cars. $11,000 think the last time you bought a new car for $11,000. Maybe not even in this century, right? I’ve always and I’ve said here many times, I’ve always been skeptical about Apple making a car. A car is a big thing. Apple makes small things right? You put them in your pocket, you put them on your face, you put them on a desk, right? You don’t put them in your garage, where would Apple sell them? There’s no room in Apple stores to sell Apple cars, but they just sell it online. It’s entirely possible. But how would people test right? It just seemed like a logistic problem that was too big for a company like Apple, and the risk of coming into a market that is more than 100 years old, right? With hundreds of manufacturers around the world. And particularly with the electric car being so well optimized in China, compared to other countries. It’s good that Apple dropped out now. And in fact, we’ll link to an article in Apple insider that points out that canceling the Apple Car is a good move, says Morgan Stanley. And what I like is the mentioned that Morgan Stanley is retaining its price target for Apple of $220 because it had put no value on Apple Car. Because none of these analysts believed that Apple was going to ever ship a car. Another thing happening today, the 28th, not the Leap Day is an Apple shareholder meeting. And this could be the time that Apple announces things like that. I think Tim Cook made announcement already about Apple doing groundbreaking things in AI, and we’ll hear about them in June at the worldwide developer conference. But I mean, the car, I always thought that Apple could really build in car software. And we seen that with the new car play. And they could maybe sell a car operating system to other companies. But building a car doesn’t make sense.
Josh Long 18:20
First of all, I don’t like the idea of this, like $11,000 cheap, you know, Chinese electric vehicle. That’s not for me, That sounds sketchy. I feel like they’re going to be cutting corners at that price point. And there’s no way I would trust an electric vehicle that cheap that that just does that doesn’t sound right. Like there’s got to be some major problems with that. Anyway, setting my own personal opinions aside, yes, some people might be interested in an electric car, if it’s at the right price point. But Apple, you know, even if they were to enter this market, we all kind of knew they were going to be competing at the high end, because that’s just what Apple does. They don’t make cheap garbage. They make premium quality, everything, right. And so just like vision Pro, where it’s kind of out of the price range of the majority of people that were they’re not going to be willing to spend 3500 Plus, on a brand new product, the Apple car was kind of going to be a hard sell no matter what, because it was going to end up having to be expensive and more expensive than competitors. Like for example, Tesla who has been in this game long enough that they’ve been able to bring their manufacturing costs down and therefore their prices down. Right. And so Apple, if they were just starting this out, they would have a really hard uphill battle to ever gain any traction in the market. So yeah, I from that perspective, I’m not terribly surprised to see Apple canceling the Apple car. The other thing is that you know, Apple does its software, right that that’s where Apple really shines. They make good hardware too. At least computer hardware. But software is what Apple is really, really good at. And guess what CarPlay works in all kinds of vehicles, right? Every manufacturer wants to have CarPlay in their vehicle, because they know that Apple does the software really well already. And so Apple can still probably make money through making partnerships with car manufacturers to have CarPlay available more places. And remember, they recently showed off that we’re going to have these full driver side to passenger side displays, or multiple displays, in some cases, coming up in vehicles as soon as this year. So CarPlay is going places, and it kind of just didn’t make sense for the Apple car to continue to be a project.
Kirk McElhearn 20:45
So that low price car reminded me of something and you’re too young to remember this Josh. In fact, it was probably before you were born. In 1986, someone imported and sold a car called the Yugo in the United States, with a starting price of $3,990, which, according to Wikipedia, is $10,652.11 and 2022. We’re right around that $11,000 mark and the Yugo was trash. But it’s a totally different thing. Because the Chinese, they have optimized batteries, they’ve optimized electric cars. You know, electric cars aren’t that hard to build. The engines aren’t really complicated. They’re just motors and not inch. Anyway, we’re not going to discuss that we are going to discuss however, some other information from Mark Gurmann in his power newsletter, where he’s talking about Apple pondering whether to develop smart glasses or a fitness ring. And our opinion on glasses is different. You see, you don’t wear glasses, and I do. And my initial thought is Apple comes out with smart glasses with cameras in the front, maybe a heads up display on one of the lenses. But you have to buy the lenses from Apple the same way you have to do with the vision Pro, and you pay the Apple tax and this is going to be really expensive. Now you don’t wear glasses. So you would buy glasses with blank lenses just playing non prescription lenses if you wanted to wear them.
Josh Long 22:00
Right. And so I’ve actually kind of thought about this. I don’t know if I’ve mentioned it before on the show. But I actually did try on a pair of the meadow Ray Ban glasses just out of curiosity. And you know, it wasn’t, it didn’t make sense for me. First of all, there’s no augmented reality whatsoever. It’s basically just an AI virtual assistant in your ear. And yes, it does have cameras. So it can also record video for you and things like that to pretty good quality video for considering that it’s these little cameras on your face. But you know, it’s an impediment to my vision, because I see Well, and without anything in front of my face. And so putting lenses in front of my face for no reason, just you know, actually impedes my vision, it makes it worse. So it didn’t wouldn’t make sense to be a practical thing that I could just wear all the time.
Kirk McElhearn 22:49
So the other option is putting cameras in AirPods. And I don’t know if this is serious. But the idea I’ve got my AirPods pro in right now. And you could have multiple cameras pointing in several directions. But I don’t see how useful this is, well, how do you see what’s on the cameras, right? You need a vision pro, you need glasses to see it. If it’s just a record, that’s not very interesting. The other thing is the possible Apple fitness ring. And we’re talking about this because I wear my Apple watch at night to track my sleep and I have a series eight and so the battery is good, I don’t need to charge it a lot. Josh has a series five, and his battery doesn’t last. So he would love to have a ring to track his sleep and a ring like that could track activity, it could track your heart rate your blood oxygen more efficiently than on the wrist, sleep and maybe some other things as well.
Josh Long 23:38
That’s actually really interesting. I like the idea of it also doing a blood oxygen, all those things, the sleep tracking is definitely the one that I would use the most or be the most interested in purchasing a ring for that functionality. Just because like you said, I charged my watch overnight, so it wouldn’t make sense to just wear that ring instead. So I liked the idea from that perspective. But also, this is not something that was particularly mentioned by Mark Gurmann in this article, but I would love to see this being also an authentication device. You might remember that last year at RSA conference I talked about there was a ring there that was called token ring, which is kind of you know, a joke, it’s kind of a nod to an old networking technology. But tokens ring product was actually pretty cool. And it was an authentication device where when you put it on your finger, you first you know put it checks your fingerprint to make sure that it really is you and then you slide it onto your finger and now it becomes a Fido authentication device, which is really cool. I love that idea. And Apple could easily do that, like why not do that? You know, and then it can also potentially be used for authentication just like how in some cases you can use an Apple Watch to authenticate. Kirk as mentioned before how he unlocks his Mac with his Apple watch just by Being nearby his Mac, his Mac is now able to unlock because it detects that he’s nearby, you could be able to do the exact same thing with an Apple ring as well. So I’m actually really bullish on this Apple ring idea. And I do hope that we get something like that from Apple eventually.
Kirk McElhearn 25:17
There are a lot of people who can’t wear an Apple watch, because they’re not allowed to wear it at work, because it’s not comfortable. They don’t like a watch, they sweat too much, etc. So a ring would be a good option for them. Another thing I’ve seen a lot of in Facebook ads and Facebook ads, he says really weird rings that you can use to pay for things. All you can do with them is pay for things. So it’s an NFC chip. And it’s connected somehow to an app that you’ve set up on your phone and you can pay for things and why would you wear a ring to pay for things? How many things do you buy every day that you need to pay for? Yes, you don’t have to have your phone or your watch. And you can pay but of course Apple could add Apple pay into it. They could add some sort of vibration to give you notifications of certain things. There are a lot of features that Apple could port to a ring. Of course, the problem with rings is you have different sizes, you have different colors, but they could make a gold ring and a silver ring. And they could make fancy rings. And they could, you know, do some sort of a deal with a jewelry company to make really special Apple rings. And if it looked nice enough, mostly smart rings look really big and really thick. And if Apple could make it small enough that it looks like a ring and not like a tool, I think that would sell.
Josh Long 26:26
You know if Apple’s coming out with an Apple ring. They’re going to have Apple ring Hermes, right, they’ve got to, they’ve got to it’s, it’s just a requirement.
Kirk McElhearn 26:34
I don’t think Hermes makes jewelry, but they would find a jewelry company to partner with. And they would have you know, the special version. But it kind of seems to fit with Apple with their attention on wearables that this is one area that they’re not covering yet. I would almost wonder if they could make a smart bracelet of some sort. That’s not a watch, just kind of sensors and a bracelet. There are lots of possibilities for this. Oh, you’re scowling. Josh, you don’t like that idea. A lot of people just don’t want to wear a watch. Our producer Doug is pointing at himself. He doesn’t want to wear a watch, I want to say about the Apple Watch is it’s not a very attractive watch. It is a Dakota squircle square with rounded corners. Is that what it is? And they’ve designed it as nice as possible. But it’s not an really nice looking watch. You know, when you look at analog watches, they can be very nice looking. And there’s only one shape for the Apple Watch. And of course, the second one is the Apple Watch Ultra. But a lot of people don’t want to wear it for that reason.
Josh Long 27:31
Yeah, that’s a good point. In fact, I wasn’t a watch wearer for many years before buying the Apple Watch. And so I was kind of like, do I really want to have this thing on my wrist all the time. Like I check the time by looking at my phone, it’s super easy to just pull the phone out of my pocket and go okay, that’s what time it is. I don’t need a watch to tell me the time. But of course, that’s not what I really use it for. So I’m more excited than I’ve ever been about a product right, right in this moment about getting an Apple ring. And we don’t even know if that’s a product that’s for sure coming in the future, but at least we know they’re working on behind the scenes.
Kirk McElhearn 28:05
Okay, before we finish, just to mention, for anyone who’s interested in buying an iMac within three chip, Apple has started selling refurbished models for $1,099. That’s $1,100 Minus one. It’s only eight gigabytes of memory, which for a lot of people might be sufficient. Josh says, Oh, that’s not enough for me because I have 3000 browser tabs open. I think Josh needs better discipline. But if you want an M three iMac for $1,100. I mean, that’s a pretty good deal. I’ve bought many refurbished Macs, and I’ve never been disappointed.
Josh Long 28:35
And it’s only a 10th of the price of those Chinese electric cars.
Kirk McElhearn 28:40
So I mean, it’s less than 1/3 of the price of Apple’s new face computer.
Josh Long 28:43
Ooh, yeah, that’s a good point. And it’s got an M3 chip. It’s got a better chip than Apple Vision Pro, which only has an M2. Yeah, you know what you’ve sold me. I’m gonna go buy a refurbished iMac. I won’t really but I’m tempted to I’m actually tempted to.
Kirk McElhearn 28:57
We’ll check back next week. Until next week, Josh, stay secure.
Josh Long 29:00
All right, stay secure.
Voice Over 29:05
Thanks for listening to the Intego Mac podcast, the voice of Mac security with your host, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like or review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.