Security company Moysle is warning Mac users about a new malware attack that may operate undetected. The malware, dubbed JSCoreRunner, spreads through what appears to be a free PDF converter app distributed on a website with the domain fileripple.com that offers an app called Ripple Effect.
The attack starts after a user downloads the FileRipple.pkg file from the website. According to Moysle via a report by 9to5Mac, when the user unpacks the file, “a fake webview” displays a PDF tool that appears legitimate, but “malicious activity runs silently in the background.” The Mac’s built-in security, however, has a record of the package’s signature as a revoked one, so the package is blocked. But a second stage is involved, where an unsigned package named Safari14.1.2MojaveAuto.pkg runs and installs the malware.
Read more at Macworld.com