January 4, 2017 by

Fake Software Updates Can Lead To Stolen Keychains On Apple Products


Recently there has been a small uptick in the occurrences in fake software updates, in particular Adobe Flash Player. These especially have been seen targeting Macbooks and other Apple products in order to steal their keychains. This kind of attack can compromise all passwords that were ever saved on all the devices tied to that Apple ID.

Adobe Flash Player is used to deliver high quality web content and animation for viewing and streaming both video and audio. It is hard to find computers and web browsers that don’t have Flash Player installed. Since it is such a commonality many people are use to receiving what seems like almost constant update alerts. These updates are usually done to fix the security vulnerabilities that are found within Flash Player. Hackers have taken advantage of this to create fake updates that deliver malware.

The type of malware that is commonly seen now on Macs focuses on gaining access to the keychain. The keychain is a password management system which stores all passwords for applications, servers, and websites. It also can store sensitive information such as credit card numbers, and PINs for bank accounts. If you choose to use the Keychain, passwords are made accessible on all devices sharing the Apple ID.

In the unfortunate event that your information is compromised via this method, you will have to reset all of your passwords that were stored on the keychain. On top of this, you will also need to ensure that you have removed the attackers access after resetting your password, so they are no longer able to maintain access via active sessions. You will also need to notify any bank or any related financial institutions if your PIN number or other personal information was stored in the keychain and stolen to prevent or stop further financial losses. In addition, you need to ensure that any other personal information such as social security numbers is safe potentially by using identity theft monitoring. In the worst case scenario, the attacker has gained control of the computer and changed your passwords. If this is the case, you should contact Apple as well as a cybersecurity company in the event you need assistance in remediating this problem.

A good security posture can help protect you from this type of compromise. Be sure to never click on links you do not recognize, never connect to strange wireless networks or ones that do not have passwords, and lastly, if it looks out of place it most likely is a scam.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Apple Partners Allianz to Offer CyberCrime Insurance Perks

A new partnership between Apple, Cisco and insurance firm Allianz SE will see businesses using...

Read more arrow_forward

Hackers Steal $400,000 of Cryptocurrency in DNS Hijack

Unknown hackers have hijacked the DNS server for web-based wallet application BlackWallet, an online...

Read more arrow_forward

Happy New Year: Researcher Drops MacOS Zero-Day Root Access Kernel Exploit

To ring in the new year, a security researcher on New Year’s Day disclosed an unpatched security...

Read more arrow_forward