{"id":81328,"date":"2018-07-26T08:16:28","date_gmt":"2018-07-26T15:16:28","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=81292"},"modified":"2019-06-15T02:44:38","modified_gmt":"2019-06-15T09:44:38","slug":"osx-calisto-mac-malware-masquerades-as-intego-software","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/","title":{"rendered":"OSX\/Calisto Mac malware masquerades as Intego software"},"content":{"rendered":"<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse.png\"><img loading=\"lazy\" class=\"aligncenter wp-image-81301 size-full\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse.png\" alt=\"\" width=\"504\" height=\"350\" \/><\/a><\/p>\n<p>Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable company. A recent example was <a href=\"https:\/\/www.intego.com\/mac-security-blog\/watch-out-a-fake-antivirus-blog-is-distributing-proton-malware\/\" target=\"_blank\" rel=\"noopener\">Proton malware masquerading as Symantec software<\/a> in November.<\/p>\n<p>A variant of the Proton malware family was recently discovered\u2014a predecessor, in fact, dubbed <strong>OSX\/Calisto<\/strong>\u2014and this time, the malware fraudulently disguises itself as an Intego software installer.<\/p>\n<h3>What Does OSX\/Calisto Do?<\/h3>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT.jpg\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-76096\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-150x150.jpg\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-150x150.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-32x32.jpg 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-50x50.jpg 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-64x64.jpg 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-96x96.jpg 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT-128x128.jpg 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/03\/RAT.jpg 250w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a>The malware attempts to do a number of things to a victim&#8217;s Mac, including:<\/p>\n<ul>\n<li>steal a user&#8217;s local administrator username and password<\/li>\n<li>install backdoor malware and enable remote administration tool (<a href=\"https:\/\/www.intego.com\/mac-security-blog\/osxcoldroot-and-the-rat-invasion\/\" target=\"_blank\" rel=\"noopener\">RAT<\/a>) capabilities<\/li>\n<li>steal passwords and other data from the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-and-ios-keychain-tutorial-how-apples-icloud-keychain-works\/\" target=\"_blank\" rel=\"noopener\">Keychain<\/a><\/li>\n<li>extract history, bookmarks, and cookies from Google Chrome<\/li>\n<li>phone home to a (now defunct) command and control server<\/li>\n<\/ul>\n<p>Like <a href=\"https:\/\/www.intego.com\/mac-security-blog\/osxcoldroot-and-the-rat-invasion\/\" target=\"_blank\" rel=\"noopener\">OSX\/Coldroot<\/a>, it also attempts to directly modify TCC.db, an Accessibility database that tracks special permissions that the user has granted to apps, which no third-party software should ever attempt to directly alter.<\/p>\n<p>The malware&#8217;s code contains hints of capabilities that were under development but not yet completed, such as attempting to erase every file on the Mac&#8217;s boot drive.<\/p>\n<h3>How Was OSX\/Calisto Discovered?<\/h3>\n<p>Interestingly, the malware was first uploaded to VirusTotal, a multi-engine malware scanning service, on August 2, 2016\u2014nearly two years ago. Given that the malware disguises itself as the X9 version of Intego software, which was <a href=\"https:\/\/www.intego.com\/press-release\/intego-upgrades-its-mac-security-products-x9\" target=\"_blank\" rel=\"noopener\">announced<\/a> on June 20, 2016, the malware was likely developed within that six-week period.<\/p>\n<div id=\"attachment_81316\" style=\"width: 1566px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Calisto-mounted-disk-image-window-comparison-annotated-2.png\"><img aria-describedby=\"caption-attachment-81316\" loading=\"lazy\" class=\"size-full wp-image-81316\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Calisto-mounted-disk-image-window-comparison-annotated-2.png\" alt=\"\" width=\"1556\" height=\"569\" \/><\/a><p id=\"caption-attachment-81316\" class=\"wp-caption-text\">The OSX\/Calisto malware disk image (left) falsely claims to be Intego software, but excludes files that come with the real Intego installer. Image: <a href=\"https:\/\/securelist.com\/calisto-trojan-for-macos\/86543\/\" target=\"_blank\" rel=\"noopener\">Securelist<\/a><\/p><\/div>\n<p>For nearly two years after the samples were uploaded to VirusTotal, their harmful nature went undetected by every major antivirus engine, only recently being analyzed by malware researchers and identified as malicious.<\/p>\n<h3>Was Intego Hacked?<\/h3>\n<p><strong>No.<\/strong> Intego servers were <strong>not<\/strong> hacked, and <strong>no<\/strong> source code was stolen from Intego.\u00a0<strong>Anyone who downloaded an installer from Intego&#8217;s site is safe.<\/strong><\/p>\n<p>Unfortunately, it&#8217;s fairly easy for any attacker to create fraudulent software that looks nearly identical to the legitimate version, or to hijack someone else&#8217;s software and embed malware into it\u2014and that appears to be exactly what the creators of OSX\/Calisto did.<\/p>\n<p>For this reason, it&#8217;s best to avoid obtaining software from third parties such as <a href=\"https:\/\/www.intego.com\/mac-security-blog\/why-bittorrent-sites-are-a-malware-cesspool\/\" target=\"_blank\" rel=\"noopener\">BitTorrent<\/a>.<\/p>\n<p>Whenever possible, obtain your software directly from Apple&#8217;s App Store or a trusted software developer&#8217;s official site. And <strong>never<\/strong> install pirated, cracked, or other illegally or questionably obtained software, which is significantly more likely to contain malware.<\/p>\n<p>Developers&#8217; official sites and even the App Store aren&#8217;t impervious to attacks, but they&#8217;re generally much safer than other software download sources.<\/p>\n<h3>Is My Mac Infected?<\/h3>\n<p>It&#8217;s fairly unlikely that you&#8217;ll find this malware in the wild today given how long ago it was first uploaded to VirusTotal. It&#8217;s possible that the malware was never very widespread, if it ever made it into the wild at all.<\/p>\n<p><img loading=\"lazy\" class=\"alignleft wp-image-81328 size-medium\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/VirusTotal-logo-300x61.png\" alt=\"\" width=\"200\" height=\"41\" \/>Malware developers sometimes upload their software to VirusTotal simply to check whether or not their latest sample is identified by any major antivirus vendor as malicious. While it&#8217;s unclear whether or not that&#8217;s the case for OSX\/Calisto, it&#8217;s possible that it may have simply been a prototype of OSX\/Proton that may never have been distributed publicly.<\/p>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-54214\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png\" alt=\"Intego X9 Mac Antivirus\" width=\"300\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch.png 600w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Regardless of how pervasive the malware was, if you&#8217;re a user of <a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\" target=\"_blank\" rel=\"noopener\">Intego VirusBarrier X9<\/a>\u2014assuming you downloaded a legitimate copy from Intego\u2014your Mac is already protected from this threat, and any existing infection will automatically be identified as <strong>OSX\/Calisto<\/strong> and exterminated.<\/p>\n<p>If you aren&#8217;t currently running anti-virus software on your Mac, you can scan your computer with <a href=\"https:\/\/www.intego.com\/virusbarrier-scanner\" target=\"_blank\" rel=\"noopener\">VirusBarrier Scanner<\/a>, available for\u00a0<strong>free<\/strong> in the Mac App Store. (Later, you may want to read about the benefits of using an anti-malware suite with <a href=\"https:\/\/www.intego.com\/mac-security-blog\/why-your-antivirus-needs-real-time-scanning\/\" target=\"_blank\" rel=\"noopener\">real-time scanning<\/a>.)<\/p>\n<p>If your Mac has ever been infected with OSX\/Calisto or an OSX\/Proton variant, you&#8217;ll want to clean up any data folders and files that may have been left behind, as they may contain your passwords and other sensitive information in plain text. As <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/07\/new-strain-of-mac-malware-found-after-two-years\/\" target=\"_blank\" rel=\"noopener\">noted<\/a> by researcher Thomas Reed, a future attack against your computer could leverage the information contained in those files if they&#8217;ve been left behind by a malware removal tool.<\/p>\n<p>You can <strong>copy and paste<\/strong> the following command into Terminal to remove those fragments from your system if they exist (note that it can be dangerous to run Terminal commands unless you really know what you&#8217;re doing\u2014<strong>if you&#8217;re not an expert, you should always consult one first<\/strong>):<\/p>\n<pre>sudo rm -rf ~\/.calisto ~\/Library\/VideoFrameworks \/Library\/.cachedir<\/pre>\n<h3>Where Can I Learn More?<\/h3>\n<p><a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\"><img loading=\"lazy\" class=\"alignright wp-image-71419 size-thumbnail\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/Intego-Podcast-A.png 216w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a>We&#8217;ll talk about OSX\/Calisto on this week&#8217;s episode of the <strong>Intego Mac Podcast<\/strong>. <a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">Subscribe now<\/a> to make sure you don&#8217;t miss an episode!<\/p>\n<p>If you&#8217;d like additional technical details about OSX\/Calisto, you can read the write-ups by\u00a0<a href=\"https:\/\/securelist.com\/calisto-trojan-for-macos\/86543\/\" target=\"_blank\" rel=\"noopener\">Mikhail Kuzin and Sergey Zelensky<\/a> and <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2018\/07\/new-strain-of-mac-malware-found-after-two-years\/\" target=\"_blank\" rel=\"noopener\">Thomas Reed<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable company. A recent example was Proton malware masquerading as Symantec software in November. A variant of the Proton malware family was recently discovered\u2014a predecessor, in fact, dubbed OSX\/Calisto\u2014and this time, [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":81553,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,151],"tags":[30,54,4255,3703,3469],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OSX\/Calisto Mac malware masquerades as Intego software - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-26T15:16:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-15T09:44:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1151\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png\",\"width\":1151,\"height\":800},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/\",\"name\":\"OSX\/Calisto Mac malware masquerades as Intego software - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage\"},\"datePublished\":\"2018-07-26T15:16:28+00:00\",\"dateModified\":\"2019-06-15T09:44:38+00:00\",\"description\":\"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OSX\/Calisto Mac malware masquerades as Intego software\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"OSX\/Calisto Mac malware masquerades as Intego software\",\"datePublished\":\"2018-07-26T15:16:28+00:00\",\"dateModified\":\"2019-06-15T09:44:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage\"},\"wordCount\":824,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png\",\"keywords\":[\"Backdoor\",\"Fake Antivirus\",\"OSX\/Calisto\",\"OSX\/Proton\",\"Proton\"],\"articleSection\":[\"Malware\",\"Recommended\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/","og_locale":"en_US","og_type":"article","og_title":"OSX\/Calisto Mac malware masquerades as Intego software - The Mac Security Blog","og_description":"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable","og_url":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2018-07-26T15:16:28+00:00","article_modified_time":"2019-06-15T09:44:38+00:00","og_image":[{"width":1151,"height":800,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png","width":1151,"height":800},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/","name":"OSX\/Calisto Mac malware masquerades as Intego software - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage"},"datePublished":"2018-07-26T15:16:28+00:00","dateModified":"2019-06-15T09:44:38+00:00","description":"Every so often, a new piece of malware comes along that tries to deceive victims by disguising itself as legitimate anti-malware software from a reputable","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"OSX\/Calisto Mac malware masquerades as Intego software"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"OSX\/Calisto Mac malware masquerades as Intego software","datePublished":"2018-07-26T15:16:28+00:00","dateModified":"2019-06-15T09:44:38+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#webpage"},"wordCount":824,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png","keywords":["Backdoor","Fake Antivirus","OSX\/Calisto","OSX\/Proton","Proton"],"articleSection":["Malware","Recommended"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/osx-calisto-mac-malware-masquerades-as-intego-software\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/FakeAV-Trojan-Horse-1.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-l9K","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/81328"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=81328"}],"version-history":[{"count":3,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/81328\/revisions"}],"predecessor-version":[{"id":88186,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/81328\/revisions\/88186"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/81553"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=81328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=81328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=81328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}