Hi. I was wondering if anyone could help me out or point me in the right direction regarding a malware program that is a trojan horse designed mostly for macOS. The bundled app and a number of it's files have been detected as malware (OSX Genieo and PUA.OSX mostly) by McAfee and a number of other av companies according to VirusTotal. However it seems like the developer releases new versions frequently that I'm assuming will have a different checksum or have somehow hidden the indicators listed by VirusTotal in previous reports that have detected the program as malware.
In addition to this I have plenty of evidence the program is malware, including it making a lot of communications with IP addresses that are servers hosting tons of known malware, somehow exploiting symantec's and digicert's certificate ocsp response as well as potentially Apple's or generating fake responses to crl checks, network IDS codes to prevent execution if it detects a debugger is running, scanning the local network for other connected devices, and other various suspicious NIDS codes, among other various indicators that I'd like to further confirm.
Is there anyway to tell why something was declared malware by McAfee and to have other versions of the program flagged as malware whose sha256 hash checksum has changed to avoid evasion?
I will contact someone on your behalf at McAfee Labs. Of course you could follow these guidelines/instructions. https://community.mcafee.com/t5/Malware/What-To-Do-When-McAfee-Detects-Software-As-An-Infection-How-...