{"id":21033,"date":"2013-11-13T07:56:42","date_gmt":"2013-11-13T15:56:42","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=21033"},"modified":"2016-10-07T12:19:46","modified_gmt":"2016-10-07T19:19:46","slug":"new-osx-crisis-business-cards-gone-wild","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/","title":{"rendered":"New OSX\/Crisis or Business Cards Gone Wild"},"content":{"rendered":"<p>In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of <em>Remote Control System<\/em>, Hacking Team&#8217;s spyware, landed on <a title=\"aed135515b8f326fb2c74b30b452857d8c93f4c74acc0f3e59048b6f80f966d2\" href=\"https:\/\/www.virustotal.com\/en\/file\/aed135515b8f326fb2c74b30b452857d8c93f4c74acc0f3e59048b6f80f966d2\/analysis\/\" target=\"_blank\">VirusTotal<\/a> with a detection rate of 0 out of 47 scanners.<\/p>\n<p><em>RCS<\/em>, also known as\u00a0<a title=\"New Apple Mac Trojan Called OSX\/Crisis Discovered\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-apple-mac-trojan-called-osxcrisis-discovered-by-intego-virus-team\/\" target=\"_blank\">OSX\/Crisis<\/a>, is an expensive rootkit used by governments during <a title=\"OSX\/Crisis Has Been Used as Part of a Targeted Attack\" href=\"https:\/\/www.intego.com\/mac-security-blog\/osxcrisis-has-been-used-as-part-of-a-targeted-attack\/\" target=\"_blank\">targeted attacks<\/a>. It collects audio, pictures, screenshots, keystrokes and report everything to a remote server. It&#8217;s known to be delivered through <a title=\"Backdoors are Forever: Hacking Team and the Targeting of Dissent?\" href=\"https:\/\/citizenlab.org\/2012\/10\/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent\/\">grey market exploits<\/a>.<\/p>\n<p>The dropper filename, <em>Biglietto Visita<\/em>, is Italian for business card. Like OSX\/Crisis.A, the code is in a <a title=\"Tales from Crisis, Chapter 1: The dropper\u2019s box of tricks\" href=\"http:\/\/reverse.put.as\/2012\/08\/06\/tales-from-crisis-chapter-1-the-droppers-box-of-tricks\/\" target=\"_blank\">dedicated section<\/a> and uses\u00a0<a title=\"Tales from Crisis, Chapter 1: The dropper\u2019s box of tricks\" href=\"http:\/\/reverse.put.as\/2012\/08\/06\/tales-from-crisis-chapter-1-the-droppers-box-of-tricks\/\" target=\"_blank\">low-level system calls<\/a> to deploy the spyware: a backdoor and its encrypted configuration, an image, a scripting addition and the kernel extensions.<\/p>\n<p>To avoid antivirus detection, the backdoor is now obfuscated using MPress packer. We can use <a title=\"How to dump a MPress packed binary\" href=\"http:\/\/reverse.put.as\/2009\/07\/22\/how-to-dump-a-mpress-packed-binary\/\" target=\"_blank\">gdb<\/a> or <a title=\"The Volatility Framework: Volatile memory artifact extraction utility framework\" href=\"http:\/\/code.google.com\/p\/volatility\/wiki\/MacMemoryForensics\" target=\"_blank\">Volatility<\/a> to dump the unpacked binary. Complete analysis is in progress, as it is another story to put the symbols in place, but here you have an excerpt of the decrypted configuration file:<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-21053\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/11\/osx_crisis_b_config.png\" alt=\"OSX\/Crisis.B decrypted configuration excerpt\" width=\"591\" height=\"216\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/11\/osx_crisis_b_config.png 591w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/11\/osx_crisis_b_config-150x54.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/11\/osx_crisis_b_config-300x109.png 300w\" sizes=\"(max-width: 591px) 100vw, 591px\" \/><\/p>\n<p>As you can see, our infected machines have good reasons to communicate with 176.58.121.242 (we also have <a title=\"Tales from Crisis, Chapter 4: A ghost in the network\" href=\"http:\/\/reverse.put.as\/2012\/08\/26\/tales-from-crisis-chapter-4-a-ghost-in-the-network\/\" target=\"_blank\">packet captures to decrypt<\/a>). At the time of this writing, this Linode UK host is online and moderates unwanted targets quickly (remote uninstall).<\/p>\n<p>As is, the backdoor do not trigger the social-engineering privilege escalation, or load the kernel extensions.<\/p>\n<p>Should you feel concerned by government targeted attacks, or recently received a <a title=\"The one ring to rule them all\" href=\"http:\/\/www.smh.com.au\/business\/world-business\/the-one-ring-to-rule-them-all-20111121-1nqx1.html\" target=\"_blank\">200k\u20ac<\/a> business card, then look for those files in your <a title=\"What is the Library folder?\" href=\"http:\/\/support.apple.com\/kb\/PH11395\" target=\"_blank\">Home folder<\/a> and your Startup Disk:<\/p>\n<ul>\n<li>Library\/LaunchAgents\/com.apple.UIServerLogin.plist<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/0T4Nn2U0.tze<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/5KusPre5.vAl<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/Contents\/Info.plist<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/Contents\/Resources\/9uW_anE9.cIL.kext\/Contents\/Info.plist<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/Contents\/Resources\/9uW_anE9.cIL.kext\/Contents\/MacOS\/9uW_anE9.cIL<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/hFSGY5ih.rfU<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/q45tyh<\/li>\n<li>Library\/Preferences\/2Md1ctl2\/WaAvsmZW.EMb<\/li>\n<li>Library\/Scripting Additions\/UIServerEvents\/Contents\/Info.plist<\/li>\n<li>Library\/Scripting Additions\/UIServerEvents\/Contents\/MacOS\/0T4Nn2U0.tze<\/li>\n<li>Library\/Scripting Additions\/UIServerEvents\/Contents\/Resources\/UIServerEvents.r<\/li>\n<\/ul>\n<p>Intego <a title=\"VirusBarrier\" href=\"https:\/\/www.intego.com\/virusbarrier\" target=\"_blank\">VirusBarrier<\/a>\u00a0with up-to-date malware definitions protects Mac users against this malware, detected as\u00a0<strong>OSX\/Crisis.B<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team&#8217;s spyware, landed on VirusTotal with a detection rate of 0 out of 47 scanners. RCS, also known as\u00a0OSX\/Crisis, is an expensive rootkit used by governments during targeted attacks. It collects audio, pictures, screenshots, keystrokes and [&hellip;]<\/p>\n","protected":false},"author":29,"featured_media":8763,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,5],"tags":[840,86,703,2809,839],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team&#039;s spyware, landed on VirusTotal with\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New OSX\/Crisis or Business Cards Gone Wild - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team&#039;s spyware, landed on VirusTotal with\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-13T15:56:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-07T19:19:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Abbati\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"width\":\"400\",\"height\":\"260\",\"caption\":\"Malware Alert from Intego\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/\",\"name\":\"New OSX\/Crisis or Business Cards Gone Wild - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage\"},\"datePublished\":\"2013-11-13T15:56:42+00:00\",\"dateModified\":\"2016-10-07T19:19:46+00:00\",\"description\":\"In these days of computer conspiracies, the Mac is not left out.\\u00a0A new variant of Remote Control System, Hacking Team's spyware, landed on VirusTotal with\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New OSX\/Crisis or Business Cards Gone Wild\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/cbc02d2ed3bdeeb64e8cf2737c231ce8\"},\"headline\":\"New OSX\/Crisis or Business Cards Gone Wild\",\"datePublished\":\"2013-11-13T15:56:42+00:00\",\"dateModified\":\"2016-10-07T19:19:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage\"},\"wordCount\":373,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg\",\"keywords\":[\"Hacking Team\",\"Malware\",\"OSX\/Crisis\",\"OSX\/Crisis.B\",\"RCS\"],\"articleSection\":[\"Malware\",\"Security News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/cbc02d2ed3bdeeb64e8cf2737c231ce8\",\"name\":\"Arnaud Abbati\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ac67b13519d6788f0f6e2df392735a3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ac67b13519d6788f0f6e2df392735a3?s=96&d=mm&r=g\",\"caption\":\"Arnaud Abbati\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/aabbati\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team's spyware, landed on VirusTotal with","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/","og_locale":"en_US","og_type":"article","og_title":"New OSX\/Crisis or Business Cards Gone Wild - The Mac Security Blog","og_description":"In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team's spyware, landed on VirusTotal with","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/","og_site_name":"The Mac Security Blog","article_published_time":"2013-11-13T15:56:42+00:00","article_modified_time":"2016-10-07T19:19:46+00:00","og_image":[{"width":"400","height":"260","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Arnaud Abbati","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","width":"400","height":"260","caption":"Malware Alert from Intego"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/","name":"New OSX\/Crisis or Business Cards Gone Wild - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage"},"datePublished":"2013-11-13T15:56:42+00:00","dateModified":"2016-10-07T19:19:46+00:00","description":"In these days of computer conspiracies, the Mac is not left out.\u00a0A new variant of Remote Control System, Hacking Team's spyware, landed on VirusTotal with","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"New OSX\/Crisis or Business Cards Gone Wild"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/cbc02d2ed3bdeeb64e8cf2737c231ce8"},"headline":"New OSX\/Crisis or Business Cards Gone Wild","datePublished":"2013-11-13T15:56:42+00:00","dateModified":"2016-10-07T19:19:46+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#webpage"},"wordCount":373,"commentCount":1,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","keywords":["Hacking Team","Malware","OSX\/Crisis","OSX\/Crisis.B","RCS"],"articleSection":["Malware","Security News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/new-osx-crisis-business-cards-gone-wild\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/cbc02d2ed3bdeeb64e8cf2737c231ce8","name":"Arnaud Abbati","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/9ac67b13519d6788f0f6e2df392735a3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ac67b13519d6788f0f6e2df392735a3?s=96&d=mm&r=g","caption":"Arnaud Abbati"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/aabbati\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2012\/12\/MalwareAlert-intego.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-5tf","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/21033"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/29"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=21033"}],"version-history":[{"count":77,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/21033\/revisions"}],"predecessor-version":[{"id":51268,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/21033\/revisions\/51268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/8763"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=21033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=21033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=21033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}