Skip to main content

Spoke with Webroot technical support about latest version not detecting latest Mac malware. The tech support person wasn’t inclined to believe me and would not help further. Anyone here know why malware discovered in December ‘21 and Jan ‘22 would not have detection in place. 

 

Please don’t ask me to contact technical report (read above).

Hello @lhigdon2325 Welcome to the Webroot Community Forum.

You will probably be asked to give more information on this subject. Let me ping a Webroot Mac Expert @ChadL He may be able to help you on this.

HTH,

Dave.


Spoke with Webroot technical support about latest version not detecting latest Mac malware. The tech support person wasn’t inclined to believe me and would not help further. Anyone here know why malware discovered in December ‘21 and Jan ‘22 would not have detection in place. 

 

Please don’t ask me to contact technical report (read above).

Hello there, welcome to the forum. Would you mind providing some details on the malware discovered in December ‘21 and Jan ‘22 you are referring to? 

Also what version of Webroot SecureAnywhere are you using which can be found under the “My Account” tab on the right side panel? 


Version 9.4.1.27

 

The malware are:

CDDS (MacMa)

SysJoker

DazzleSpy

Go to : Objective-see.com for more details. 

 

The Webroot support person could not be less interested if he tried.

 


Sorry to hear about that.

I just confirmed with our threat research team and we do in fact detect those types of Malware but of course new variants could cause them to not be detected. Could you share the file hashes so we can verify? 

Also, are you seeing that these specific types of malware are not being detected, but other types are? 


Sorry, but I don’t know how to supply the hashes. The malware is downloadable from objective-see.com. 

 

All I know is that other anti-malware wprograms I have tested detect and remediate the malware and Webroot does not.

 

Webroot, I believe detects all other malware on that site.


All good, I’m able to pull them if its just from Objective-See. The Threat Research team is going to look into this and see if we can’t get to the bottom of what’s going on. I’ll just tag you in a response here when I do hear back from them, until then thank you for bringing this up! 

 


@lhigdon2325 Just wanted to update you that our next definitions release should include these malware file signatures and be caught by our system. Thanks for letting us know about this! 


Thanks. Look forward to it.


As of today, these malware items are still not detected. Seems odd that malware discovered in December/January would still not be detected by Webroot. Is the Mac just an afterthought?


Hey sorry, I am checking on this right now. It was slated to be included in the latest definitions release, while I’m checking can you let me know what the number is in the “My Account” Window, under “About SecureAnywhere.” 

It would look something like this. Please include the full number, so for above it would be “9.5.2.1:1624”


That’s the version I have. The latest one. 


Yes, thats the same version I have rolled out too. Is there a new release coming soon to cover these vulnerabilities as I have a couple of rollouts to do next week so would be handy to know if a new version is to be soon released.


I like the Webroot design, but there are too many issues (not detecting recent malware, multiple scans taking place for no reason) for me to expend anymore calories on this until fixes are in place. 


The latest download from Webroot STILL does not detect Mac Malware discovered in December 2021 and early 2022. This, in spite of being assured “it is coming”. I am shocked that a well-known company like Webroot would be this nonchalant about malware detection. BTW, I’ve provide samples and the source for this malware. 


@lhigdon2325 Just wanted to update you that our next definitions release should include these malware file signatures and be caught by our system. Thanks for letting us know about this! 

Still nothing, 3 months later. @ChadL 


Reply