The Adwind Remote Access Trojan typically spreads by phishing e-mails.
Which is why you shouldn't believe everything you read.
By the way, this last sentence:
>Movies and other media files that don't run any scripts are ok if you're careful and know what you're doing, but installing pirated software is an invitation to get blackmailed and extored by darknet hackers.
Is entirely wrong. If you're worried about malware, you already know that it can come via video files as well as binary programs.
The rest of what you wrote is just spreading fear for notoriety's sake. Pirated software isn't an "invitation" to anything provided you have good anti-malware defenses and good security practices.
There is no such thing as good anti-malware defenses. Most of the antiviruses are 80% bullshit + 20% obsolete, yet asking for money and full-time administrator privileges and unrestricted Internet connection (doesn't that sound suspicious?). Besides patching vulnerabilities regularly, being very careful of what files&websites do you open is the only real protection… as long as you don't come in contact with a fresh exploit which doesn't need you to let them.
>There is no such thing as good anti-malware defenses.
You prove my point for me. Good defenses doesn't consist of solely antimalware software. Defense in depth is needed, along with education and awareness of new vulnerabilities.
The sum total of things you do to keep your systems uninfected are your anti-malware defenses.
Dangerous for Windows maybe? Most cracked OS X apps make you disable Gatekeeper or System Integry Protection. Game over. So yes, to me that is an invititation.
Any examples of something that requires disabling SIP in cracked version and not original? Never heard of it, sounds implausible but then I'm hardly up to speed.
Like I get swapping dylibs, but not why that'd be best done by poking around in /System rather than the binary.
Both 'appked' and 'macbed' websites have guides for disabling both Gatekeepr and SIP (now they are derivative websites because the domains keep getting banned/confiscated):
macappdownload dot com slash fix-damaged-app-message
macappdownload dot com slash how-to-disable-system-integrity-protection-in-macos
These guides are all over their websites, especially at the download stage, where there is a short list of 'download instructions' with a link to these guides.
A while back I read someone saying that these websites are owned by a Russian hacker network. Touch at your own risk.
My question was "Any examples of something that requires disabling SIP in cracked version and not original?", this (while certainly possibly relevant) is not an answer to that.
To me this is an answer. I think somehow you're not understanding what I am implying.
These guides I linked to are there because when the software is being installed, it asks for these guides to be applied, to make the apps work. The modifications added to the cracked applications by the crackers take them off Apple's trusted developers list. So the only way to get some of them to work is to disable SIP and GateKeeper. This move then makes the user's computer vulnerable to all malware, because most forget to turn them back on. They also often don't know about the importance of these security features in the first place.
I am not concerned for your safety - I trust you will be safe. I am scared for the user I described above.
I hope this make it clearer.
I won't bother replying to more of your messages until you can show that you've actually tried this all out on a VM, because otherwise we just won't be talking about the same thing.
Off course gatekeeper needs to be off once something doesn't have a valid signature.
But SIP protects /System, NVRAM, kext loading and some additional stuff. Not user app signatures. Hence my question.
Even without disabling Gatekeeper and SIP it is possible to insert malicious code into the OS somewhere because of full read and write access to the home directory and what not.
You could run the application in a VM without networking capabilities.
Which is why you shouldn't believe everything you read.
By the way, this last sentence:
>Movies and other media files that don't run any scripts are ok if you're careful and know what you're doing, but installing pirated software is an invitation to get blackmailed and extored by darknet hackers.
Is entirely wrong. If you're worried about malware, you already know that it can come via video files as well as binary programs.
The rest of what you wrote is just spreading fear for notoriety's sake. Pirated software isn't an "invitation" to anything provided you have good anti-malware defenses and good security practices.