A new form of malware, called JokerSpy, is infecting Mac desktops and laptops. It’s unclear how the malware is currently spreading although phishing attacks and infected software could act as a vector.
“Once a system is compromised and infected with malware like JokerSpy, the attacker effectively has a great degree of control over the system. With a backdoor, attackers can install additional components in the background, and could potentially run further exploits, monitor users’ behavior, steal login credentials or cryptocurrency wallets, and more,” said Joshua Long of Mac security company Intego.
The malware has already hit a major cryptocurrency exchange in Japan. The code, which was written in Python, runs on Windows and Linux but it is unique for Mac OS to get hit with a powerful and damaging piece of malware.
The malware allows hackers to access the entire system, enabling backdoors and other nasties. This lets the attackers modify any file at will and even run programs without users seeing notifications or warnings.
Some believe that they are being attacked by malware after downloading files associated with a malicious QR code. Most popular antivirus software will delete this malware on contact but you will need to look for OSX/JokerSpy, Python/JokerSpy, or names similar to adware/OSX/Agent.jlejb in your virus definitions to be sure.