MacUpdate Website Directed Users to Malicious Applications

A researcher with SentinelOne recently discovered a new Mac malware, dubbed OSX.CreativeUpdate, distributed via the MacUpdate website on or about February 1, 2018. OSX.CreativeUpdate is a cryptocurrency miner designed to generate Monero by hijacking the processing power of infected machines. Links posted on the MacUpdate website mimicked legitimate websites for Titanium Software and Firefox and directed users to download fraudulent versions of the Firefox, OnyX, and Deeper applications. Once installed, these fraudulent applications delivered the Monero-mining malware onto infected devices. The NJCCIC recommends users who installed the malicious applications uninstall them immediately and review Malwarebytes Labs analysis for detailed removal instructions. We also recommend installing applications directly from the developer’s site or official Mac App Store and checking user ratings prior to installation.