{"id":75934,"date":"2018-02-27T13:25:30","date_gmt":"2018-02-27T21:25:30","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=75934"},"modified":"2018-02-27T13:25:30","modified_gmt":"2018-02-27T21:25:30","slug":"new-evilosx-malware-spotlights-risk-of-poor-password-hygiene","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/","title":{"rendered":"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-76024\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Mac-Malware.png\" alt=\"\" width=\"600\" height=\"319\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Mac-Malware.png 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Mac-Malware-150x80.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Mac-Malware-300x160.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Around the same time <a href=\"https:\/\/www.intego.com\/mac-security-blog\/osxdok-can-read-encrypted-web-traffic-open-a-backdoor\/\" target=\"_blank\" rel=\"noopener\">OSX\/Dok<\/a> was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called <a href=\"https:\/\/github.com\/cys3c\/EvilOSX\" target=\"_blank\" rel=\"noopener\">EvilOSX<\/a>. While OSX\/Dok made headlines, the sample of\u00a0EvilOSX malware didn\u2019t receive much\u00a0attention at that time, because while capable and dangerous it was a low risk threat that had not been used on a large scale. Use of the open source EvilOSX was\u00a0mostly by\u00a0those experimenting with it, and perhaps by some who\u00a0genuinely attempted to infect a target.<\/p>\n<p>With little fanfare, EvilOSX was quickly forgotten by most; that is, until a few days ago when John Lambert posted the following tweet:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\">\n<p lang=\"en\" dir=\"ltr\">If you are interested in OSX malware, have a look at this new sample of EvilOSX that just appeared on VT.<br \/>1\u20e3Repo: <a href=\"https:\/\/t.co\/vI8jv0ILWO\">https:\/\/t.co\/vI8jv0ILWO<\/a><br \/>2\u20e3Source and decodes: <a href=\"https:\/\/t.co\/o9t78vTZTt\">https:\/\/t.co\/o9t78vTZTt<\/a><br \/>3\u20e3Hash: 89e5b8208daf85f549d9b7df8e2a062e47f15a5b08462a4224f73c0a6223972a <a href=\"https:\/\/t.co\/8DWJYXY2E5\">pic.twitter.com\/8DWJYXY2E5<\/a><\/p>\n<p>&mdash; John Lambert (@JohnLaTwC) <a href=\"https:\/\/twitter.com\/JohnLaTwC\/status\/966139336436498432?ref_src=twsrc%5Etfw\">February 21, 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>What we&#8217;re looking at here is indeed a new sample of EvilOSX malware\u00a0and looks to be from the same\u00a0malware author, <a href=\"https:\/\/github.com\/Marten4n6\/EvilOSX\" target=\"_blank\">Marten4n6<\/a>, who created the original variant.\u00a0The new variant of EvilOSX is still a RAT, and while still not currently used as part of a malware campaign in large scale attacks,\u00a0the author still appears hard at work.<\/p>\n<p>Here\u2019s a comparison of features, comparing the old EvilOSX malware vs. the new variant:<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-75946 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison.png\" alt=\"\" width=\"1392\" height=\"485\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison.png 1392w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison-150x52.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison-300x105.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison-768x268.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison-1024x357.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Feature-Comparison-657x229.png 657w\" sizes=\"(max-width: 1392px) 100vw, 1392px\" \/><\/p>\n<p>The new EvilOSX\u00a0also includes an update module, so the malware\u00a0can update itself if a new version comes out. Needless to say, this is not a RAT you want on your system. However, with the risk of infection currently low, there is no need for alarm, especially if you are an Intego VirusBarrier customer with up-to-date malware definitions. If EvilOSX ever makes its way onto your system, despite what the EvilOSX author claims, <a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\">Intego VirusBarrier<\/a> will detect it as <strong>OSX\/EvilOSX<\/strong> and eliminate it accordingly.<\/p>\n<h3>What is the infection vector?<\/h3>\n<p>EvilOSX is a remote access tool (RAT) that, for now, would most likely find its way onto your Mac\u00a0through an angry ex or a \u201clook at me I\u2019m a cool h4ck3r!\u201d coworker. With EvilOSX being open source and easily accessible, at any time it may\u00a0find\u00a0its way to a piece of malware that is far more widespread. Currently, as far as we know and as mentioned earlier, we are not aware of EvilOSX being bundled with malware that attempts to infect Macs on a large scale.<\/p>\n<h3>Where does OSX\/EvilOSX install?<\/h3>\n<p>A launch agent is placed in ~\/Library\/LaunchAgents, named &#8220;com.apple.EvilOSX.plist.&#8221; The RAT itself is placed inside a hidden directory, \u00a0in ~\/Library\/Containers, named \u201c.EvilOSX.\u201d There are just two components to EvilOSX, as the setup script is automatically removed once installation is\u00a0complete.\u00a0As soon as EvilOSX touches down on your system, VirusBarrier will let you know.<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-75952 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-touchdown.png\" alt=\"\" width=\"634\" height=\"299\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-touchdown.png 634w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-touchdown-150x71.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-touchdown-300x141.png 300w\" sizes=\"(max-width: 634px) 100vw, 634px\" \/><\/p>\n<p>If for some reason you trust the file and run it, VirusBarrier will alert you again when EvilOSX installs itself in a hidden directory.<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-75958 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Installed.png\" alt=\"\" width=\"634\" height=\"299\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Installed.png 634w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Installed-150x71.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-Installed-300x141.png 300w\" sizes=\"(max-width: 634px) 100vw, 634px\" \/><\/p>\n<p>Meanwhile, NetBarrier will alert you to a connection attempt that is being made to icanhazip.com.<\/p>\n<p><img loading=\"lazy\" class=\"size-full wp-image-75964 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-icanhazip.png\" alt=\"\" width=\"668\" height=\"409\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-icanhazip.png 668w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-icanhazip-150x92.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-icanhazip-300x184.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-icanhazip-657x402.png 657w\" sizes=\"(max-width: 668px) 100vw, 668px\" \/><\/p>\n<p>As you can see, there is a very slim chance EvilOSX can infect a system if the user is paying attention to the various popups generated by it. Even though the creator of EvilOSX states that his malware is\u00a0<em>\u201cundetected by anti-virus,\u201d<\/em>\u00a0this is simply not the case.<\/p>\n<h3>Should Mac users be concerned about OSX\/EvilOSX?<\/h3>\n<p>Currently no malware exists\u00a0that uses EvilOSX as a payload, but targeted Mac users are at risk. For now, in order to infect Macs with EvilOSX, someone would need physical access to your machine, or a victim would need to be tricked via social engineering to download and install it.<\/p>\n<p>If your Mac is not <a href=\"https:\/\/www.intego.com\/mac-security-blog\/15-mac-hardening-security-tips-to-protect-your-privacy\/\" target=\"_blank\">properly locked down<\/a>, EvilOSX should concern you.\u00a0Installation of the malware does not require an administrator password and, according to the malware author, a Mac can be infected in about 10 seconds or less. This means anyone with access to your computer can install EvilOSX\u00a0if you walk away for even just a minute. For this and other security reasons, always make sure your Mac is locked down as soon as you leave your desk. For tips on how to encrypt and password protect\u00a0your system, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-encrypt-and-password-protect-files-on-your-mac\/\" target=\"_blank\" rel=\"noopener\">have a look here<\/a>. A simple screensaver password is a big step to keeping unwanted snoops out of your system when you go to grab a coffee or take a bathroom break.<\/p>\n<p>Unfortunately, if someone has the kind of access to your Mac that allows them to install EvilOSX, they can also easily instruct\u00a0your anti-virus\u00a0product to trust the installed RAT. By the time you get back to your desk, you wouldn&#8217;t\u00a0know that your Mac was infected and your anti-virus solution wouldn&#8217;t inform you.<\/p>\n<p>If your Mac is properly locked down, I&#8217;d say there is currently no cause for concern.<\/p>\n<h3>How to tell if your Mac is infected (and removal instructions)<\/h3>\n<p>In your User folder \/Library\/LaunchAgents, look for a file named \u201ccom.apple.EvilOSX.plist.\u201d If it\u2019s there, delete it. This is the file EvilOSX uses for persistence.<\/p>\n<p>Also in your User folder \/Library\/Containers, a hidden directory will be present if the system is infected with EvilOSX.\u00a0To make the invisible directory visible, use the following key combination: Command-Shift-. (period)<\/p>\n<p>Now look for a folder named \u201c.EvilOSX.\u201d If it\u2019s there, delete it. This is the actual RAT contacting the Command and Control (C&amp;C) server and looking for instructions. If infections are\u00a0found and the components subsequently deleted, restart your Mac, empty the trash and restart again. Your Mac should now be free of EvilOSX.<\/p>\n<p>For <a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\">Intego VirusBarrier<\/a> customers, protection comes in the form of updated virus definitions, which will detect and remove all of the OSX\/EvilOSX files.<\/p>\n<h3>How to protect yourself from OSX\/EvilOSX<\/h3>\n<p>We are not aware of EvilOSX being bundled with other malware that attempts to infect Macs on a large scale. As long as you follow the usual precautions and make\u00a0sure your files come from a trusted source, your Mac is locked down properly, and you have a few up-to-date layers of security in place, the risk of getting infected by EvilOSX or any other malware is very low.<\/p>\n<p>EvilOSX made a brief appearance on the radar last year not to be heard from again until a few days ago.\u00a0This shows that development on these kinds of tools is ongoing. This goes for all kinds of malware and shows the importance of the security industry to constantly be on the lookout for new potential threats. For you, the user, this shows the importance of always keeping your system and security solutions up to date to ensure you are protected from vulnerabilities and malware as soon as they are discovered.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made headlines, the sample of\u00a0EvilOSX malware didn\u2019t receive much\u00a0attention at that time, because while capable and dangerous it was a low risk threat that had not been used on [&hellip;]<\/p>\n","protected":false},"author":79,"featured_media":76051,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[3946,3949],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-27T21:25:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jay Vrijenhoek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png\",\"width\":400,\"height\":260},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/\",\"name\":\"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage\"},\"datePublished\":\"2018-02-27T21:25:30+00:00\",\"dateModified\":\"2018-02-27T21:25:30+00:00\",\"description\":\"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0\"},\"headline\":\"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene\",\"datePublished\":\"2018-02-27T21:25:30+00:00\",\"dateModified\":\"2018-02-27T21:25:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage\"},\"wordCount\":1105,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png\",\"keywords\":[\"EvilOSX\",\"OSX\/EvilOSX\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0\",\"name\":\"Jay Vrijenhoek\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g\",\"caption\":\"Jay Vrijenhoek\"},\"description\":\"Jay Vrijenhoek is an IT consultant with a passion for Mac security research.\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/jay-vrijenhoek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/","og_locale":"en_US","og_type":"article","og_title":"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene - The Mac Security Blog","og_description":"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/","og_site_name":"The Mac Security Blog","article_published_time":"2018-02-27T21:25:30+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jay Vrijenhoek","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png","width":400,"height":260},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/","name":"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage"},"datePublished":"2018-02-27T21:25:30+00:00","dateModified":"2018-02-27T21:25:30+00:00","description":"Around the same time OSX\/Dok was discovered last year, a remote access tool (RAT) for macOS and OS X was also found, called EvilOSX. While OSX\/Dok made","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0"},"headline":"New EvilOSX Malware Spotlights Risk of Poor Password Hygiene","datePublished":"2018-02-27T21:25:30+00:00","dateModified":"2018-02-27T21:25:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#webpage"},"wordCount":1105,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png","keywords":["EvilOSX","OSX\/EvilOSX"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/new-evilosx-malware-spotlights-risk-of-poor-password-hygiene\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0","name":"Jay Vrijenhoek","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g","caption":"Jay Vrijenhoek"},"description":"Jay Vrijenhoek is an IT consultant with a passion for Mac security research.","url":"https:\/\/www.intego.com\/mac-security-blog\/author\/jay-vrijenhoek\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/02\/EvilOSX-logo-featured.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-jKK","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/75934"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=75934"}],"version-history":[{"count":30,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/75934\/revisions"}],"predecessor-version":[{"id":76021,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/75934\/revisions\/76021"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/76051"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=75934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=75934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=75934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}