Recently, researchers at Trend Micro discovered an app on a popular Torrent site that was promised to install a macOS program called Little Snitch, which is a firewall app. Lurking inside the package, however, was an EXE file that could deliver a hidden payload.
A spokesman at Trend had the following to say about the discovery:
"We suspect that this specific malware can be used as an evasion technique for other attack or infection attempts to bypass some built-in safeguards such as digital certification checks, since it is an unsupported binary executable in Mac systems by design. We think that the cyber-criminals are studying the development and opportunities from this malware bundled in apps and available in torrent sites, and therefore we will continue investigating how cyber-criminals can use this information and routine."
Normally, a Windows executable file can't and won't run on a Mac. The hackers have worked around this by bundling the EXE with a free framework called Mono. Trend's research team went onto say:
"Currently, running an EXE on other platforms may have a bigger impact on non-Windows systems such as MacOS. Normally, a Mono framework installed in the system is required to compile or load executables and libraries. In this case, however, the bundling of the files with the said framework becomes a workaround to bypass the systems given EXE is not a recognized binary executable by MacOS' security features. As for the native library differences between Windows and MacOS, Mono framework supports DLL mapping to support Windows-only dependencies to their MacOS counterparts."
Long story short, Mac users have a new potential threat to worry about. Stay vigilant.