{"id":97881,"date":"2023-05-04T02:27:26","date_gmt":"2023-05-04T09:27:26","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=97881"},"modified":"2024-04-18T03:08:59","modified_gmt":"2024-04-18T10:08:59","slug":"apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/","title":{"rendered":"Apple&#8217;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290"},"content":{"rendered":"\r\n<p><a class=\"wp-block-jetpack-podcast-player jetpack-podcast-player__direct-link\" href=\"http:\/\/podcast.intego.com\/rss\/\">http:\/\/podcast.intego.com\/rss\/<\/a><\/p>\r\n<p>&nbsp;<\/p>\r\n\r\n<p>Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google&#8217;s cloud sync for its Authenticator app is insecure.<\/p>\r\n<ul>\r\n<li><a href=\"https:\/\/www.rsaconference.com\" target=\"_blank\" rel=\"noopener\">RSA Conference<\/a><\/li>\r\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-issues-first-rapid-security-response-for-macos-ios-ipados\/\" target=\"_blank\" rel=\"noopener\">Apple issues first Rapid Security Response for macOS, iOS, iPadOS<\/a><\/li>\r\n<li><a href=\"https:\/\/www.theregister.com\/2023\/05\/01\/google_adds_account_sync_for\/\" target=\"_blank\" rel=\"noopener\">Google adds account sync for Authenticator, without E2EE<\/a><\/li>\r\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-are-passkeys-and-how-do-they-work\/\" target=\"_blank\" rel=\"noopener\">What are Passkeys, and how do they work?<\/a><\/li>\r\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/ai-malware-copilot-passkeys-intego-mac-podcast-episode-284\/\" target=\"_blank\" rel=\"noopener\">AI Malware, Copilot, &amp; Passkeys \u2013 Intego Mac Podcast Episode 284<\/a><\/li>\r\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-atomic-macos-info-stealing-malware-targets-50-crypto-wallets\/\" target=\"_blank\" rel=\"noopener\"> New Atomic macOS info-stealing malware targets 50 crypto wallets <\/a><\/li>\r\n<li><a href=\"https:\/\/www.tomsguide.com\/news\/hackers-are-using-a-fake-pdf-viewer-to-infect-macs-with-malware-how-to-stay-safe\" target=\"_blank\" rel=\"noopener\">RustBucket: Hackers are using a fake PDF viewer to infect Macs with malware \u2014 how to stay safe<\/a><\/li>\r\n<li><a href=\"https:\/\/privacyis1st.medium.com\/the-dark-side-of-the-mac-app-store-how-scam-apps-and-shady-developers-are-preying-on-users-b28062642e6\" target=\"_blank\" rel=\"noopener\">\u201cThe Dark Side of the Mac App Store\u201d Part 1<\/a><\/li>\r\n<li><a href=\"https:\/\/privacyis1st.medium.com\/the-ongoing-saga-of-the-dark-side-of-the-mac-app-store-new-scam-apps-and-shady-tactics-used-by-350a8495ce0c\" target=\"_blank\" rel=\"noopener\">\u201cThe Dark Side of the Mac App Store\u201d Part 2<\/a><\/li>\r\n<li><a href=\"https:\/\/security.googleblog.com\/2023\/05\/so-long-passwords-thanks-for-all-phish.html\" target=\"_blank\" rel=\"noopener\">So long passwords, thanks for all the phish<\/a><\/li>\r\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2023\/05\/ibm-pauses-hiring-around-7800-roles-that-could-be-replaced-by-ai\/\" target=\"_blank\" rel=\"noopener\"> IBM plans to replace 7,800 jobs with AI over time, pauses hiring certain positions <\/a><\/li>\r\n<\/ul>\r\n<hr \/>\r\n<h3>Transcript of Intego Mac Podcast episode 290<\/h3>\r\n<p>This week\u2019s Intego Mac Podcast security headlines include: Apple has the first worldwide release of its Rapid Security Response updates to operating systems. Did it work? Google announces its immediate support for pass keys, which is macOS and iOS compatible. And its Google Authenticator app as a convenient new feature\u2026that adds a lot of inconvenience. And we found a bevy of malware we need to catch you up on. Now here are the hosts of the Intego Mac podcast: veteran Mac journalist Kirk McElhearn and Intego\u2019s Chief Security Analyst, Josh Long.<\/p>\r\n<p>Kirk McElhearn 0:49<br \/>Good morning, Josh. How are you today?<\/p>\r\n<p>Josh Long 0:51<br \/>I\u2019m doing well. How are you, Kirk?<\/p>\r\n<p>Kirk McElhearn 0:53<br \/>I\u2019m doing okay. Should I say it? May the Fourth be with you?<\/p>\r\n<p>Josh Long 0:58<br \/>That\u2019s right. Yeah, this is going to be published on May 4. So May the Fourth be with you too? It\u2019s feels so weird to say that.<\/p>\r\n<h4><strong>Josh attended the 2023 RSA Conference<\/strong><\/h4>\r\n<p>Kirk McElhearn 1:05<br \/>Yeah. We\u2019re seeing each other for the first time in two weeks. Last week, we did a pre-recorded episode because you were at the RSA Conference and RSA\u2026What\u2019s that stand for? Like? Really security? Active something? What does RSA stand for?<\/p>\r\n<p>Josh Long 1:19<br \/>Rivest Shamir Adelman, those are the guys behind the RSA encryption algorithms.<\/p>\r\n<p>Kirk McElhearn 1:26<br \/>So I guess the abbreviation is better for marketing than anything else.<\/p>\r\n<p>Josh Long 1:30<br \/>Yeah. Well, RSA eventually became a company name. And now it\u2019s also associated with this conference. But yeah, RSA Conference was really good this year.<\/p>\r\n<p>Kirk McElhearn 1:40<br \/>I remember RSA back in the 90s, when you could use it in email apps on the Mac, am I correct to encrypt email? Is it that old?<\/p>\r\n<p>Josh Long 1:48<br \/>Yeah. RSA has been around for a long time.<\/p>\r\n<p>Kirk McElhearn 1:51<br \/>Should we think that some sort of encryption protocol that is decades old is still reliable?<\/p>\r\n<p>Josh Long 1:57<br \/>Yeah. Yeah. Until we\u2019re able to break today\u2019s encryption using quantum computing technology, then yeah, it\u2019s it\u2019s still reliable.<\/p>\r\n<p>Kirk McElhearn 2:07<br \/>That sounds so futuristic. Quantum computing technology we\u2019ve talked about in the past. And I\u2019ll link to an episode in the show notes where we were discussing quantum computing and what this means for passwords and cryptography in the future. How was the RSA Conference? What did you learn about what was everyone talking about this year?<\/p>\r\n<p>Josh Long 2:24<br \/>It was good. Of course, they did talk a little bit about quantum. And this comes up pretty much every conference, like there\u2019s at least some discussion of it. And the general consensus seems to be that this is probably not realistically coming within the next five, or maybe even 10 years. But it is something that is going to happen eventually. And so we need to be prepared for it. And so that\u2019s why that kind of tends to get talked about every year. But the bigger topic, as you might guess, because of what we\u2019ve been talking about a lot on the podcast for the last several months is AI, right? And how large language models like GPT are really changing the game in a lot of different ways. One of the things that was discussed was about how ChatGPT can be used to find zero-day vulnerabilities, you can actually put code into ChatGPT, for example, and say, Do you see any vulnerabilities here and it can potentially find zero-day vulnerabilities, things that have not yet been discovered. So if you are a bug hunter, and you want to find these things before everybody else does, you could potentially make some money with bug bounty programs just using ChatGPT. Again, you have to know enough to be able to shape those queries, right, and be able to turn that into a report that you can submit to the company. Still, pretty interesting idea.<\/p>\r\n<p>Kirk McElhearn 3:49<br \/>I see a new career path for you, Josh. I know you really want to get a bug bounty. Really seriously.<\/p>\r\n<p>Josh Long 3:57<br \/>It might be kind of fun. But honestly, right now, I don\u2019t really have the time for it. But I\u2019m sure there\u2019s a lot of people out there who have gotten laid off by security companies. Just in the past week after RSA Conference, even companies that sponsored RSA Conference and had big parties there have just laid people off this week, shockingly. So maybe some of those people could make a little bit of side income.<\/p>\r\n<p>Kirk McElhearn 4:21<br \/>I asked ChatGPT what were the main topics of this year\u2019s RSA Conference? And the response was the main topics included cybercrime and cybersecurity, cloud computing, data protection, artificial intelligence and machine learning, identity and access management, DevOps and application security, cyber resilience and risk management, privacy and compliance and IoT security. That\u2019s an awful lot from one conference.<\/p>\r\n<p>Josh Long 4:46<br \/>Yeah. Now are you actually asking ChatGPT proper? Because I thought it was trained only up to 2021.<\/p>\r\n<p>Kirk McElhearn 4:53<br \/>I said this year\u2019s RSA Conference.<\/p>\r\n<p>Josh Long 4:56<br \/>But does it think that it\u2019s that this year is 2021?<\/p>\r\n<p>Kirk McElhearn 4:59<br \/>Well, ChatGPT is able to access things on the web, right?<\/p>\r\n<p>Josh Long 5:02<br \/>Well, my understanding was that ChatGPT was trained up to 2021. If you\u2019re using something like Bing AI, which is based on ChatGPT, that can check the current year, which is actually 2023.<\/p>\r\n<p>Kirk McElhearn 5:15<br \/>Okay, so I\u2019m using on the OpenAI website using ChatGPT. So basically, it was just saying, Well, this year\u2019s RSA Conference was probably like every other year&#8217;s RSA Conference, and they covered all of these topics. And they were the same topics every year, because this is all you should talk about at a computer security conference.<\/p>\r\n<p>Josh Long 5:32<br \/>To be fair, yeah, a lot of the same topics do tend to come up from year to year. But yeah, for sure AI was on everybody\u2019s mind, it was in all kinds of side conversations as well. In any case, yeah, there were a lot of other things that were discussed. Patrick Wardle gave a presentation where he dove into some of his adventures reverse engineering some piece of malware. Most of the rest of the conference was not really Apple focused. But at least there were a couple of Apple-related sessions.<\/p>\r\n<h4><strong>Apple releases its first Rapid Security Response updates.<\/strong><\/h4>\r\n<p>Kirk McElhearn 6:02<br \/>Speaking about Apple, we had something interesting that happened a couple of days ago, Apple released their first Rapid Security Response for MacOS, iOS and iPad OS. Now they\u2019ve been beta testing this in the various beta builds of the operating systems and the Rapid Security Responses that they have used in the beta testing have been dummies, they haven\u2019t been to fix anything, they\u2019ve just been to test the process. But we got the first proper Rapid Security Response. And you know, what happened when a lot of people tried to install it, they got a dialog saying, \u201cUnable to verify security response, iOS security response 16.4.1 (a) failed verification because you are no longer connected to the internet.\u201d And this lasted for an hour or two, I think<\/p>\r\n<p>Josh Long 6:45<br \/>This is the first time like you say that Rapid Security Responses have gone out to the entire world\u2026<\/p>\r\n<p>Kirk McElhearn 6:50<br \/>\u2026a billion devices.<\/p>\r\n<p>Josh Long 6:54<br \/>Yeah, before this, it was just to beta devices, devices that had opted into Apple\u2019s beta program. So I mean, you know, giving Apple the benefit of the doubt on this, it\u2019s not terribly shocking that if they\u2019re trying to push out updates to that many devices at a time, that there could be a problem. Now, this is not too dissimilar to regular security updates that we get in the form of operating system updates on iOS, sometimes just security updates, but they generally come as a whole operating system update on macOS as well. However, we know that Apple tends to roll those things out over a period of weeks. Normally, at least on iOS, they do that for sure. I\u2019ve even seen indications that they probably do that for macOS as well, because sometimes it can take a long time before you actually get the notification unless you go looking for it. However, the whole idea behind this is there\u2019s some actively exploited vulnerability, presumably. And so Apple needs to get all the devices patched that they can in as quick as period of time as possible. Now, what\u2019s kind of odd about this situation is that, again, this being the first time that they\u2019ve actually done a Rapid Security Response for the general public, but they did not say anything about what the vulnerability was, or vulnerabilities that were patched. So we don\u2019t actually know if it was actively exploited we, we can kind of assume that because why else would they need to put out a Rapid Security Response? But they didn\u2019t explicitly say, and they didn\u2019t say what was patched. My speculation on this is maybe this does apply to previous versions of macOS, for example. Maybe it also applies to other operating systems besides macOS, iOS, iPad OS. And they\u2019re waiting until they patch everything before they announced what they patch.<\/p>\r\n<p>Kirk McElhearn 8:48<br \/>Well, in your article on Intego. Mac security blog, you say that is for the most recent operating systems and older versions of the operating system don\u2019t even support the Rapid Security Response feature. So what you\u2019re suggesting is maybe there are bug fixes that they\u2019re going to roll out in a normal security update for older operating systems, right. What I find interesting about this is, it was a very small update, I think, was 85 megabytes on my iPhone. The installation was extremely quick. Once after it did the whole preparing, which takes several minutes. Once I tapped on install, and it restarted, I got back to my phone\u2019s lock screen in less than a minute. And, you know, we know that iOS updates can take five or 10 minutes. It\u2019s a long process. While we were preparing this episode, I updated my MacBook Air. And well less than a minute before I got back to the login screen. So I guess one of the advantages here is that they\u2019re bypassing the whole big update system, and they found a way to just update individual things. I\u2019ve always suspected that when Apple does a full operating system update, they make a snapshot of the file system, which can take a long time depending on the device and that\u2019s why it\u2019s so slow. And if they found a workaround for this, I think that\u2019s a good thing for security updates.<\/p>\r\n<p>Josh Long 10:06<br \/>Part of the idea of this whole thing being rapid is that, at least in theory, depending on what operating system component they\u2019re patching, they may not necessarily need to restart the device. Maybe they always will on iOS, I\u2019m not really sure about that. But at least on macOS, theoretically, we should be able to get some updates that don\u2019t require a full device restart. But of course, it really does depend on what components they\u2019re patching. If it\u2019s a kernel vulnerability, well, they\u2019re definitely going to require a restart for something like that. It\u2019s definitely interesting that Apple is trying a new thing, and it didn\u2019t go perfectly. But at least now, this is something that Apple has some experience with on a large scale much larger than the beta program. One other thing to note on this, if you are using an older, unsupported Mac that is running the latest operating system, make sure that you don\u2019t have the Rapid Security Response updates installed automatically, because that may break Open Core Legacy Patcher patched Max, so Mac\u2019s that are don\u2019t officially support venture that are running Ventura through Open Core Legacy Patcher. Be careful about that. treat it just like you would any other operating system update, meaning Wait, and make sure that other people aren\u2019t having problems before you upgrade. And if necessary, wait until there\u2019s a new version of Open Core Legacy Patcher. Before installing the update.<\/p>\r\n<p>Kirk McElhearn 11:34<br \/>Is it possible that this Rapid Security Response update was just a test, in other words, that they wanted to do a test on a billion devices.<\/p>\r\n<p>Josh Long 11:43<br \/>I suppose it\u2019s possible, I would hope that they\u2019re not actually beta testing live with real devices.<\/p>\r\n<p>Kirk McElhearn 11:51<br \/>The reason I asked is on Sunday, April 23 here in the UK, every single smartphone in the country at 3pm, give or take a minute or two received a Severe Alert Notification. Now this is a new system that is apparently used in a lot of different countries. It\u2019s based on cell towers. So they don\u2019t, they\u2019re not sending a message to your phone number. They\u2019re sending a message to phones within reach of cell towers. So potentially, if there\u2019s a risk of flooding, or hurricanes or tornadoes, or volcanic eruptions, they\u2019ll send messages to the people who are close to them. And so the whole country got this alert Sunday at 3pm. Give or take one or two minutes, one network didn\u2019t send the alert. And that\u2019s a bit of a problem. And that was the point of the beta test to see how people react, how it\u2019s received. And it was a loud beep. If you were watching TV loud or listening to music, you might not have heard it. But you get a notification I got a notification on my Apple Watch as well for this.<\/p>\r\n<p>Josh Long 12:48<br \/>Yeah, they\u2019ve been doing this in certainly in the United States for for many years. I remember getting like Amber Alerts, for example, a child abduction alert, and they have a loud alarm type tone. And everybody\u2019s phones in the room will go off at the same time if you\u2019re if you\u2019re in a meeting or a conference room with somebody. So this is something that has been available at least in the US for a while and so it sounds like that\u2019s now going to be available across the UK as well.<\/p>\r\n<p>Kirk McElhearn 13:19<br \/>Okay, we\u2019re gonna take a break. When we come back, we\u2019re gonna talk about new Mac malware and new iPhone malware and boy is there a lot of malware these days.<\/p>\r\n<p>Voice Over 13:29<br \/>Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego Mac Premium Bundle X9 includes VirusBarrier, the world\u2019s best Mac anti-malware protection, NetBarrier, powerful inbound and outbound firewall security, Personal Backup, to keep your important files safe from ransomware, and much more to help protect, secure, and organize your Mac. Best of all, it\u2019s compatible with macOS Ventura and the latest Apple silicon Macs. Download the free trial of Mac Premium Bundle X9 from intego.com today, when you\u2019re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode show notes at podcast.intego.com. That\u2019s podcast.intego.com, and click on this episode to find the special discount link exclusively for Intego Mac podcast listeners. Intego, world-class protection and utility software for Mac users made by the Mac security experts.<\/p>\r\n<h4><strong>Google rolls out account sync for Authenticator app but without end-to-end encryption<\/strong><\/h4>\r\n<p>Kirk McElhearn 14:45<br \/>Okay, before we get to new Mac malware and iPhone malware, we have a couple of Google stories to talk about. We\u2019ve mentioned in the past that Google Authenticator, which is an app that you use to generate two factor authentication codes, you\u2019ve never been able to back this up or sync it so If you changed phones, you might lose all of your information for two factor codes. Well, Google has added account sync for authenticator. And this is just wonderful, isn\u2019t it, Josh? Well,<\/p>\r\n<p>Josh Long 15:10<br \/>Google didn\u2019t do this quite right. For some reason.<\/p>\r\n<p>Kirk McElhearn 15:14<br \/>What how is that possible that Google did something wrong?<\/p>\r\n<p>Josh Long 15:18<br \/>Yeah, I know, right? Google doesn\u2019t have the greatest track record for respecting user privacy. And well, in this case, they\u2019ve done something worse than disrespecting your privacy, they\u2019ve actually potentially compromised your security if you\u2019re using this new feature. So first of all, Google Authenticator. There\u2019s nothing wrong with using Google Authenticator, I actually recommend it, it works better for me than a lot of other authentication apps, and has the advantage that it\u2019s very easy to move from one phone to another, just make sure that once you get your new phone set up that all your codes show up there, and you\u2019re good to go. So what this new feature is, is that you can opt in to backing up your authenticator codes, these one time password, you know, codes that get generated, you can backup the seed that makes those one time codes possible to Google\u2019s cloud. But the problem is, apparently, these two FA codes are not being transmitted with end to end encryption. And according to researchers, they\u2019re likely visible to Google, when stored on Google servers.<\/p>\r\n<p>Kirk McElhearn 16:30<br \/>Okay, this this sounds like someone didn\u2019t do their homework. And they did like part of the job, but they didn\u2019t finish it. So they\u2019re not saying that Google can access your password. They\u2019re saying that Google can access the seed, which is what\u2019s used to generate the two factor code, right?<\/p>\r\n<p>Josh Long 16:48<br \/>Yes. But if you have that seed, then you can take that and put it into any other authenticator app, and now be able to get a second factor code for that person\u2019s account,<\/p>\r\n<p>Kirk McElhearn 16:58<br \/>Right, you won\u2019t have the password, but you could use this for a man in the middle attack, where you\u2019re tricking someone into logging into their Google account. And you know, the seed for the second factor. And after you\u2019ve recovered their password on, say, a phishing website, then the second factor once you take control of their account, (Theoretically.) Theoretically,<\/p>\r\n<p>Josh Long 17:18<br \/>This is not something that people need to be terribly worried about. But my recommendation would be don\u2019t turn on synching until Google fixes this. And they have kind of admitted that maybe they didn\u2019t do this the best way that they could have, and so they\u2019re planning to improve this process. In the meantime, there\u2019s no reason for you to sync authenticator to Google\u2019s cloud anyway, in my opinion, as long as you\u2019ve got access to your old phone, when you\u2019re setting up your new phone, and you can just back it up and transfer your data over, then there\u2019s not really any reason to backup to Google\u2019s cloud. Anyway. So Google<\/p>\r\n<p>Kirk McElhearn 17:54<br \/>Authenticator isn\u2019t just for logging into Google, you can use it as a two factor code generator for any website. Right?<\/p>\r\n<p>Josh Long 18:01<br \/>Exactly. Yeah, anything that requires a one time code that gets generated, you know, these like six digit codes, right? You can use a password manager for this if your password manager has this built in one password, has this built in. (iCloud Keychain does too.) Yes, iCloud Keychain even does they didn\u2019t use to but they have that as of last version, or two of iOS has that baked in now. Some password managers have it but it\u2019s like one of those upsell things where you can only get your second factor code if you\u2019re paying for a subscription to that service. Regardless of what password manager you use. You know, often when you\u2019re setting up these second factor codes, they\u2019ll give you like a QR code that you scan with whatever authenticator app you want to set up. You can actually do this with multiple apps. So you can set a one password and you can set a Google Authenticator if you want to have it in more than one place. That\u2019s another reason why it may not make sense for you to back this up to Google\u2019s cloud anyway, because if you\u2019ve got it in, say, one password, if you lose access to Google Authenticator because you lost your phone, you\u2019ve still got your one password database, and so you\u2019re still going to have a way to get your two factor codes.<\/p>\r\n<h4><strong>Google enables pass keys for Google accounts.<\/strong><\/h4>\r\n<p>Kirk McElhearn 19:10<br \/>Okay. In other Google News, as of May 3, they have launched past keys for your Google account. We\u2019ve discussed pass keys in the past, and I\u2019ll link in the show notes to an episode where we talked about it to an article on the Intego Max security blog. And you can now convert your Google account to use a pass key you go into your security settings, you say use passkey I did it on my iMac with Safari. Press Touch ID saved the past key went to my iPhone to log into google it asked for a password. So we\u2019re still not in the place where the past keys which are supposed to be saved to the iCloud Keychain actually get saved to the iCloud Keychain. Or is it that my iPhone wasn\u2019t able to detect that I might have a past key. But in any case, past keys will prevent phishing will link to a Google security blog article called ready for this? So long passwords. Thanks for all the fish. I hope you understand the reference here. Pass keys are good. Use pass keys.<\/p>\r\n<p>Josh Long 20:06<br \/>Yep, we\u2019re still not like in a perfect spot yet, but at least like more companies are starting to adopt it. This is a good thing.<\/p>\r\n<h4><strong>What is Atomic Stealer malware?<\/strong><\/h4>\r\n<p>Kirk McElhearn 20:13<br \/>Okay, we\u2019ve got malware, we\u2019ve got new Mac malware. Let\u2019s start with Atomic Stealer. It has nothing to do with the Pittsburgh football team, I assume.<\/p>\r\n<p>Josh Long 20:23<br \/>No, it doesn\u2019t. As you might guess, stealer malware targets, certain types of things on your system that might be very attractive for a bad guy to remove and exfiltrate from your system. So that could include for example, your key chains so they can steal your passwords that you\u2019ve saved your apple keychain. Of course, all of the typical browser things they want everything that you can autofill and your they want your passwords your cookies, because of course session cookies allow you to just be able to get in too many types of different accounts if you have that cookie stored on your computer. And so if you can steal it, and put it on an on a bad guy\u2019s computer, now that bad guy can be logged in as you typically these stealer malware are looking for things like Bitcoin wallets and other cryptocurrency wallets. Um, so basically, yeah, it\u2019s your typical steal or malware out there in the wild, bad guys are actually selling this stealer malware via a dedicated telegram channel, apparently.<\/p>\r\n<p>Kirk McElhearn 21:27<br \/>And I\u2019m pretty sure that if people were using Intego Virus Barrier, they are protected from this malware. Correct?<\/p>\r\n<p>Josh Long 21:32<br \/>Yeah, if you\u2019ve got all the latest definitions installed, you will be protected from this malware.<\/p>\r\n<h4><strong>What is RustBucket malware?<\/strong><\/h4>\r\n<p>Kirk McElhearn 21:38<br \/>Okay, the next one we have is RustBucket. And this is used by a BlueNoroff a subgroup of the Lazarus Group. What are the all these names? It\u2019s just like, you know, can it just be like, I don\u2019t know Smith and Smith, right? The subgroup of of World Corp, Inc, something like that.<\/p>\r\n<p>Josh Long 21:58<br \/>Yeah, AAPT groups have a lot of different names. And of course, Lazarus group is just one of like, half a dozen names, at least of that particular group. And so BlueNoroff is a subgroup of Lazarus Group, apparently. So the names that are the most catchy tend to be the ones that news outlets tend to use and pick up on. So<\/p>\r\n<p>Kirk McElhearn 22:16<br \/>I\u2019ll tell you RustBucket, it makes me think of, you know, an old Dodge Dart that a friend of mine had in the 70s.<\/p>\r\n<p>Josh Long 22:22<br \/>Right. RustBucket also is capable of gathering system information from an infected Mac, it comes in the form of a Trojan Horse, an app that\u2019s called internal PDF viewer. Interestingly, this app isn\u2019t signed. So this is the kind of thing that like they either have some other way of getting it to execute for the first time on your system, or they trick you into, you know, right clicking it and opening it to run it for the first time. So when you run this internal PDF viewer, what it does is it displays a PDF to the user. So you think that it\u2019s doing its job and showing you the PDF that it\u2019s supposed to show you. In the meantime, it\u2019s also installing some other malware on your system, and downloading additional payloads. So whatever that might be, whatever the attacker, whatever the threat actor wants to put on your system, they put that on the server, they make it available to download. And it all happens in the background. So you get further infected by whatever other payloads they want to put on your computer, which could do whatever they want, whatever anything malware can do.<\/p>\r\n<h4><strong>Apple\u2019s Mac App Store allows scam apps to remain available on the platform.<\/strong><\/h4>\r\n<p>Kirk McElhearn 23:31<br \/>Okay, we have a couple of stories from Medium called the \u201cDark Side of the Mac App Store\u201d. We\u2019re not going to spend too much time on this, because this is something we want to cover in more detail in the future. But there\u2019s a security researcher who has been sort of anonymous for a while, and he has been closely monitoring the Mac App Store and has made a disturbing discovery.<\/p>\r\n<p>Josh Long 23:51<br \/>Yes, you might have heard the name \u201cprivacyis1st\u201d or he goes by \u201cprivacy1st\u201d on medium. His real name is Alex Kleber. And he is a security researcher based in Germany. And he is on a mission to expose malicious and scammy apps in the Mac App Store. Because this is an ongoing problem, as we\u2019ve mentioned many times before, just because something is in the App Store and has been vetted by Apple doesn\u2019t necessarily mean that it\u2019s not a scam app. And so Alex has been recently reporting on a bunch of GPT, lookalike apps, things that are using the same logo or very similar logo and color scheme to OpenAI as official logo. And they\u2019re charging a lot of money for things that you can get free access to. And they\u2019re also violating a bunch of other apps or policies, for example, having multiple developer accounts that are actually all the same company, and multiple apps that are identical to each other but just released on are different names.<\/p>\r\n<p>Kirk McElhearn 25:01<br \/>I don\u2019t think there\u2019s anything wrong with someone saying that app is powered by GPT. We\u2019ll link in the show notes to the Medium articles. Any company can tap into OpenAI\u2019s API. And in fact, I have an OpenAI account. And I\u2019ve been playing around with ChatGPT. And I want to say it cost pennies, but it\u2019s not even pennies. It\u2019s pennies of pennies. It\u2019s like, it\u2019s like a 100th of a cent for every query, it\u2019s really, really cheap. So if anyone\u2019s charging what these companies are charging, it\u2019s overpriced. Now, once this became public, at the end of last year, a lot of companies started building websites, where you could access the features from ChatGPT. And you\u2019d pay $50 A month or $100 a month. If you really want to use these features go to OpenAI.com and create an account. I don\u2019t want to say it\u2019s free, but you\u2019ll spend a couple bucks a month to generate everything that you need. So part of the scam here is that their overpricing? But I don\u2019t think it\u2019s wrong that they say that they\u2019re using GPT.<\/p>\r\n<p>Josh Long 26:00<br \/>No, that is not necessarily wrong, as long as that\u2019s a true statement. And they actually are using it. But they\u2019re using all sorts of different methods of manipulating the Appstore algorithms so that they can rank really highly. One of these apps was ranked number four in the business category in the Mac App Store, for example. They\u2019re stuffing a bunch of fake reviews, all the typical scammy stuff. So do you really want to be trusting these apps with your data? You know, with whatever your querying GPT about a it\u2019s better to use an official trusted app or use the GPT website, the official OpenAI website and the real ChatGPT.<\/p>\r\n<p>Kirk McElhearn 26:45<br \/>I just asked the OpenAI website to give me tweets promoting Joshua Long @theJoshMeister on Twitter security researcher. Know what\u2019s it going to say the security world is better with @theJoshMeister check out Joshua Long\u2019s research to learn more about the latest security trends, or stay ahead of the game with security research from @theJoshMeister follow Joshua Long for the latest security news. I second that follow @theJoshMeister on Twitter, follow @Intego on Twitter as well.<\/p>\r\n<p>Josh Long 27:13<br \/>Yep. All right. Thanks for the promo.<\/p>\r\n<p>Kirk McElhearn 27:18<br \/>Yes, we were having fun before we started recording looking at some of the things that ChatGPT Well, GPT and OpenAI can do. And it is actually quite impressive. We have talked about this a lot. Recently, I think IBM just announced they\u2019re laying off 7000 people in this sort of middle management content creation level that automation is going to replace very quickly. So if you\u2019ve got a job creating content, like reports and texts and things like that, in business, your job may be in danger.<\/p>\r\n<p>Josh Long 27:45<br \/>Bringing this back to RSA Conference, there were a couple of keynote presentations where the presenter asked the audience do you feel like your job is at risk because of things like ChatGPT, and very few people in the audience actually raised their hands that thought their job was at risk. So it does depend, it depends on what exactly you\u2019re doing as your job. But also, if you feel threatened right now, then I would say, learn to use the technology, right? Learn how you can use it to your advantage and also learn about its weaknesses. So if a potential employer or maybe your boss was looking to fire you and replace you with an AI bot, if they\u2019re not very well informed about these things, you can educate them on what kinds of things AI can do very well. And the things that it just does not do a good job of and consider becoming an AI Wrangler, right.<\/p>\r\n<p>Kirk McElhearn 28:42<br \/>AI Sherpa, I think AI Sherpa. (Okay, yeah.) So the AI Sherpa is the person who takes the AI content, does the fact checking corrects the writing and the text and the tone and everything to make it adapt to your business. Because GPT is going to make texts that all sound the same. And if every company uses this, every company\u2019s marketing will sound the same. So you have to learn how to, you have to learn how to customize this to match your company\u2019s marketing plan, your company\u2019s tone, et cetera.<\/p>\r\n<p>Josh Long 29:12<br \/>There\u2019s several websites where you can input any block of text and say \u201cdid GPT generate this?\u201d and it will tell you whether it did or not. Obviously, this is something that a lot of teachers are using to make sure that their kids aren\u2019t just cheating and putting something into a bot to try to get an answer and fill out an entire report. Of course, anybody can use this to identify whether something you\u2019ve written was written by GPT as well. So just be aware of that.<\/p>\r\n<p>Kirk McElhearn 29:40<br \/>Okay, that\u2019s enough for this week. Until next week, Josh, stay secure.<\/p>\r\n<p>Josh Long 29:44<br \/>All right, stay secure.<\/p>\r\n<p>Voice Over 29:47<br \/>Thanks for listening to the Intego Mac Podcast\u2014the voice of Mac security\u2014with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode, be sure to follow us on Apple Podcasts, or subscribe in your favorite podcast app. And, if you can, leave a rating, a like, or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode podcast.intego.com The Intego website is also where to find details on the full line of Intego security and utility software: intego.com.<\/p>\r\n<hr \/>\r\n<p>If you like the Intego Mac Podcast Podcast, be sure to rate and review it on Apple Podcasts. <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\"><img loading=\"lazy\" class=\"aligncenter size-thumbnail wp-image-78820\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/05\/Listen_on_Apple_Podcasts-150x39.png\" alt=\"Intego Mac Podcast\" width=\"150\" height=\"39\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/05\/Listen_on_Apple_Podcasts-150x39.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/05\/Listen_on_Apple_Podcasts-300x78.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/05\/Listen_on_Apple_Podcasts.png 400w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/><\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google&#8217;s cloud sync for its Authenticator app is insecure. <\/p>\n","protected":false},"author":46,"featured_media":80878,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[4390],"tags":[3715,4722],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google&#039;s cloud sync for its Authenticator app is insecure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple&#039;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290 - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google&#039;s cloud sync for its Authenticator app is insecure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-04T09:27:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-18T10:08:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kirk McElhearn\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"29 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png\",\"width\":400,\"height\":260,\"caption\":\"Intego Mac Podcast - Apple security news and more\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/\",\"name\":\"Apple's First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \\u2013 Intego Mac Podcast Episode 290 - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage\"},\"datePublished\":\"2023-05-04T09:27:26+00:00\",\"dateModified\":\"2024-04-18T10:08:59+00:00\",\"description\":\"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google's cloud sync for its Authenticator app is insecure.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple&#8217;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \\u2013 Intego Mac Podcast Episode 290\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/a27d67016ab454807cd0c055fc28bb09\"},\"headline\":\"Apple&#8217;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \\u2013 Intego Mac Podcast Episode 290\",\"datePublished\":\"2023-05-04T09:27:26+00:00\",\"dateModified\":\"2024-04-18T10:08:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage\"},\"wordCount\":5809,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png\",\"keywords\":[\"Intego Mac Podcast\",\"Stealer Malware\"],\"articleSection\":[\"Intego Mac Security Podcast\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/a27d67016ab454807cd0c055fc28bb09\",\"name\":\"Kirk McElhearn\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9ffd73df6063179d7cdcb79109ff0a2d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9ffd73df6063179d7cdcb79109ff0a2d?s=96&d=mm&r=g\",\"caption\":\"Kirk McElhearn\"},\"description\":\"Kirk McElhearn has been writing about Apple product and computer security for more than 25 years. His blog, Kirkville, links to his work. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Bluesky at @kirkville.com.\",\"sameAs\":[\"http:\/\/www.kirkville.com\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/kirk-mcelhearn\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google's cloud sync for its Authenticator app is insecure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/","og_locale":"en_US","og_type":"article","og_title":"Apple's First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290 - The Mac Security Blog","og_description":"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google's cloud sync for its Authenticator app is insecure.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/","og_site_name":"The Mac Security Blog","article_published_time":"2023-05-04T09:27:26+00:00","article_modified_time":"2024-04-18T10:08:59+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kirk McElhearn","Est. reading time":"29 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png","width":400,"height":260,"caption":"Intego Mac Podcast - Apple security news and more"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/","name":"Apple's First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290 - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage"},"datePublished":"2023-05-04T09:27:26+00:00","dateModified":"2024-04-18T10:08:59+00:00","description":"Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google's cloud sync for its Authenticator app is insecure.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple&#8217;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/a27d67016ab454807cd0c055fc28bb09"},"headline":"Apple&#8217;s First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync \u2013 Intego Mac Podcast Episode 290","datePublished":"2023-05-04T09:27:26+00:00","dateModified":"2024-04-18T10:08:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#webpage"},"wordCount":5809,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png","keywords":["Intego Mac Podcast","Stealer Malware"],"articleSection":["Intego Mac Security Podcast"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/apples-first-rapid-security-response-new-mac-malware-and-insecure-google-authenticator-sync\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/a27d67016ab454807cd0c055fc28bb09","name":"Kirk McElhearn","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/9ffd73df6063179d7cdcb79109ff0a2d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9ffd73df6063179d7cdcb79109ff0a2d?s=96&d=mm&r=g","caption":"Kirk McElhearn"},"description":"Kirk McElhearn has been writing about Apple product and computer security for more than 25 years. His blog, Kirkville, links to his work. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Bluesky at @kirkville.com.","sameAs":["http:\/\/www.kirkville.com"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/kirk-mcelhearn\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2018\/07\/Intego-Mac-Podcast-New-Episode-Featured.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-psJ","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/97881"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/46"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=97881"}],"version-history":[{"count":15,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/97881\/revisions"}],"predecessor-version":[{"id":100252,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/97881\/revisions\/100252"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/80878"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=97881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=97881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=97881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}