Apple has pushed updates to both XProtect and MRT

Apple has pushed two updates overnight, to the ‘Yara’ data files used by XProtect, bringing its version number to 2103, dated 2 May 2019, and to its malware removal tool MRT, bringing it to version 1.41, also dated 2 May 2019.

This update to XProtect’s Yara definitions brings one addition, which Apple refers to as MACOS.6175e25. According to Patrick Wardle, this refers to malware with the ID com.techyutils.UnPack, which he thinks may be more generally known as OSX.AMCleaner, a Trojan which may have been around since late last year. This version also increments the version number properly, in its meta.plist file as well as the overall number.

You can check whether this update has been installed by opening System Information via About This Mac, and selecting the Installations item under Software.

A full listing of security data file versions is given by LockRattler and SystHist for El Capitan, Sierra, High Sierra and Mojave, available from their product page. If your Mac has not yet installed this update, you can force an update using LockRattler, or at the command line.

I have updated the reference pages here which are accessed directly from LockRattler 4.2 and later using its Check blog button.

I maintain lists of the current versions of security data files for Mojave on this page, High Sierra on this page, Sierra on this page, and El Capitan on this page.