{"id":84307,"date":"2018-11-30T10:39:09","date_gmt":"2018-11-30T18:39:09","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=84307"},"modified":"2019-05-08T20:46:08","modified_gmt":"2019-05-09T03:46:08","slug":"privacy-exodus-spam-delivers-mac-spyware","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/","title":{"rendered":"Privacy Exodus: spam delivers Mac spyware"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84343\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-600x300.png\" alt=\"\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-600x300.png 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-600x300-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-600x300-300x150.png 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment.<\/p>\n<p>Let&#8217;s take a look at the e-mail in question,\u00a0the signs that indicate it&#8217;s a scam, and what the malware does if someone falls victim.<\/p>\n<h3>Scam E-mail Disguised as Legit Developer Update<\/h3>\n<p>At first glance, the e-mail may appear to be a legitimate software update notification from the developer of Exodus. The real Exodus app is a digital wallet designed to hold more than 90 varieties of cryptocurrency (such as Bitcoin, Ethereum, Litecoin, and Zcash).<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84319\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-top.png\" alt=\"\" width=\"669\" height=\"364\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-top.png 669w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-top-150x82.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-top-300x163.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-top-657x357.png 657w\" sizes=\"(max-width: 669px) 100vw, 669px\" \/><\/p>\n<p style=\"text-align: center;\">This fake Exodus e-mail has a\u00a0harmful\u00a0attachment. Screenshot: <a href=\"https:\/\/labsblog.f-secure.com\/2018\/11\/02\/spam-campaign-targets-exodus-mac-users\/\" target=\"_blank\" rel=\"noopener\">F. Vila<\/a><\/p>\n<p>Unlike many scam and spam e-mails, this one has very few typos or glaring indicators that the e-mail may be fake. Even a close inspection will only reveal a few very minor textual issues: macOS is misspelled with a capital M, the From address has a different domain than the actual Exodus site, and the ad copy in the body of the e-mail promises &#8220;shorter release notes below&#8221; but doesn&#8217;t deliver. Frankly, all of those things are fairly passable and not necessarily indicative of a problem.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84322\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom.png\" alt=\"\" width=\"986\" height=\"529\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom.png 986w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom-150x80.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom-300x161.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom-768x412.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Update-Scam-Email-bottom-657x352.png 657w\" sizes=\"(max-width: 986px) 100vw, 986px\" \/><\/p>\n<p style=\"text-align: center;\">The scammer\u00a0didn&#8217;t include &#8220;release notes below.&#8221; Screenshot:\u00a0<a href=\"https:\/\/labsblog.f-secure.com\/2018\/11\/02\/spam-campaign-targets-exodus-mac-users\/\" target=\"_blank\" rel=\"noopener\">F.\u00a0Vila<\/a><\/p>\n<p>The biggest red flag is one of the e-mail attachments: a .zip file that supposedly contains an updater app (file name &#8220;Exodus-MacOS-1.64.1-update.zip&#8221;). I can&#8217;t recall ever seeing a developer distribute software updates to all of their users as a direct attachment to an e-mail, so this is sufficient cause for concern.<\/p>\n<h3>What&#8217;s Really In the Attachment?<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-84346\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-150x150.png\" alt=\"\" width=\"150\" height=\"150\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-300x300.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-768x768.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-657x657.png 657w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/macOS-ZIP-file-attachment-icon.png 1024w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>As you&#8217;ve probably guessed, the attachment doesn&#8217;t actually contain a software update from the developer of Exodus.<\/p>\n<p>Rather than updating Exodus, the Trojan horse actually installs a copy of Realtime-Spy, a utility that allows someone to remotely monitor and spy on another computer. Realtime-Spy&#8217;s homepage claims that the software is &#8220;designed for parents and employers to legitimately monitor&#8221; computers they own.<\/p>\n<p>According to Spytech, the developer of Realtime-Spy, the software supports Mac OS X 10.6 all the way through current versions of macOS.<\/p>\n<h3>What Can the Spyware Do?<\/h3>\n<p>According to Spytech, Realtime-Spy can log what applications you use, what sites you visit and for how long (including in private browsing sessions), and the approximate location of the computer. It can also record keystrokes and take continuous screenshots of the victim&#8217;s computer.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84331\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features.png\" alt=\"\" width=\"2112\" height=\"1470\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features.png 2112w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features-150x104.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features-300x209.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features-768x535.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features-1024x713.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Spytech-Realtime-Spy-Mac-Features-657x457.png 657w\" sizes=\"(max-width: 2112px) 100vw, 2112px\" \/><\/p>\n<p style=\"text-align: center;\">Realtime-Spy&#8217;s list of creepy features<\/p>\n<p>For the person who deployed Realtime-Spy, all of these logs are supposedly available via an online interface with handy reports for each individual computer to which the user has deployed the spyware.<\/p>\n<h3>How Can Mac Users Stay Protected?<\/h3>\n<p><a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\" target=\"_blank\" rel=\"noopener\">Intego VirusBarrier X9<\/a> and\u00a0<a href=\"https:\/\/www.intego.com\/business\/flextivity-secure\" target=\"_blank\" rel=\"noopener\">Flextivity<\/a> detect and eliminate this malware, components of which are identified as <strong>Hacker Tool: OSX\/RealtimeSpy<\/strong> and <strong>Keylogger: OSX\/KeySpy.A<\/strong>.<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter size-full wp-image-84334\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier.png\" alt=\"\" width=\"1202\" height=\"617\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier.png 1202w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier-150x77.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier-300x154.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier-768x394.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier-1024x526.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/OSX-RealtimeSpy-and-OSX-KeySpy-A-Detected-By-Intego-VirusBarrier-657x337.png 657w\" sizes=\"(max-width: 1202px) 100vw, 1202px\" \/><\/p>\n<p style=\"text-align: center;\">The e-mail attachment is blocked by Intego VirusBarrier X9.<\/p>\n<p>Network administrators can monitor for traffic to realtime-spy-mac[.]com and search for inbound e-mails from update-exodus[.]io to find potentially infected computers.<\/p>\n<h3>How\u00a0Can I Learn More?<\/h3>\n<p><a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"50\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 50px) 100vw, 50px\" \/><\/a>Each week we talk about the latest Apple security news on the <strong>Intego Mac Podcast<\/strong>, so be sure to <a href=\"https:\/\/itunes.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\">subscribe<\/a> to make sure you don&#8217;t miss any episodes. You&#8217;ll also want to subscribe to our <strong>e-mail newsletter<\/strong> and keep an eye here on <strong>The Mac Security Blog<\/strong> for updates.<\/p>\n<p>For a few additional technical details on this malware, you can refer to Frederic Vila&#8217;s <a href=\"https:\/\/labsblog.f-secure.com\/2018\/11\/02\/spam-campaign-targets-exodus-mac-users\/\" target=\"_blank\" rel=\"noopener\">write-up<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let&#8217;s take a look at the e-mail in question,\u00a0the signs that indicate it&#8217;s a scam, and what the malware does if someone falls victim. Scam E-mail Disguised as Legit Developer Update At first glance, the e-mail [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":84352,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[86,4408,4405,116,124,125],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let&#039;s take a\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Exodus: spam delivers Mac spyware - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let&#039;s take a\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-30T18:39:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-05-09T03:46:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png\",\"width\":400,\"height\":260,\"caption\":\"Privacy Exodus: Spam Delivers Mac Spyware\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/\",\"name\":\"Privacy Exodus: spam delivers Mac spyware - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage\"},\"datePublished\":\"2018-11-30T18:39:09+00:00\",\"dateModified\":\"2019-05-09T03:46:08+00:00\",\"description\":\"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let's take a\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Exodus: spam delivers Mac spyware\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Privacy Exodus: spam delivers Mac spyware\",\"datePublished\":\"2018-11-30T18:39:09+00:00\",\"dateModified\":\"2019-05-09T03:46:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage\"},\"wordCount\":563,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png\",\"keywords\":[\"Malware\",\"OSX\/KeySpy\",\"OSX\/RealtimeSpy\",\"Scam\",\"Spam\",\"Spyware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let's take a","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/","og_locale":"en_US","og_type":"article","og_title":"Privacy Exodus: spam delivers Mac spyware - The Mac Security Blog","og_description":"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let's take a","og_url":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2018-11-30T18:39:09+00:00","article_modified_time":"2019-05-09T03:46:08+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png","width":400,"height":260,"caption":"Privacy Exodus: Spam Delivers Mac Spyware"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/","name":"Privacy Exodus: spam delivers Mac spyware - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage"},"datePublished":"2018-11-30T18:39:09+00:00","dateModified":"2019-05-09T03:46:08+00:00","description":"Earlier this month, malware researchers discovered an interesting attack: a scam e-mail with a cleverly disguised Mac malware attachment. Let's take a","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Privacy Exodus: spam delivers Mac spyware"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Privacy Exodus: spam delivers Mac spyware","datePublished":"2018-11-30T18:39:09+00:00","dateModified":"2019-05-09T03:46:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#webpage"},"wordCount":563,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png","keywords":["Malware","OSX\/KeySpy","OSX\/RealtimeSpy","Scam","Spam","Spyware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/privacy-exodus-spam-delivers-mac-spyware\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/11\/Fake-Exodus-Spyware-400x260.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-lVN","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84307"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=84307"}],"version-history":[{"count":7,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84307\/revisions"}],"predecessor-version":[{"id":87529,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/84307\/revisions\/87529"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/84352"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=84307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=84307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=84307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}