Mac malware is on the rise

Could years of relative immunity to the viruses and malware that have plagued PC users finally come back to bite Apple? ZDNet’s Ed Bott has been following an interesting story that started with the release of what’s being called the first DIY malware kit targeting OS X. The kit made its way onto the Internet’s black market a few weeks ago, and it reportedly allows folks to create Mac-compatible malware in seconds.

Bott warned that a rash of malware could have a devastating impact on Mac users unaccustomed to having to defend themselves from the Internet’s more nefarious schemes. Then, some two weeks later, an AppleCare support rep confirmed those fears. According to the rep, the volume of AppleCare calls is currently 4-5 times higher than normal. 50% of those calls are reportedly related to a single piece of malware known as Mac Defender.

After digging through Apple’s support forums, Bott discovered more than 200 separate threads related to Mac Defender alone. All but four of those threads are less than three weeks old, and a fifth of them are fresh as of last weekend.

Surprisingly, AppleCare reps have been instructed not to aid users in removing the malware. According to the support rep, Apple doesn’t want to “set the expectation to customers that we will be able to remove all malware in the future.” Apple has, of course, set the expectation that users don’t have to worry about viruses in the first place. On its Why you’ll love a Mac page, Apple notes that “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.”

If script kiddies can now create OS X malware with a few mouse clicks, and Mac users have the expectation that no work is needed to secure their systems against attack, Apple could be in for a long summer of exploits. I’m trying not to be too smug about the situation, but Apple has made a point of poking fun at PC viruses. Perhaps John Hodgman can lend Justin Long his biohazard suit.

Comments closed
    • ronch
    • 8 years ago

    [quote<]Surprisingly, AppleCare reps have been instructed not to aid users in removing the malware. According to the support rep, Apple doesn't want to "set the expectation to customers that we will be able to remove all malware in the future."[/quote<] THANKS A LOT, Steve. Not to worry. Apple fanbois will always be Apple fanbois for life!

    • jcw122
    • 8 years ago

    All I have to say is bring on the malware. I don’t care who you are, nor your level of expertise with computers. There was a stretch of time when I built my first computer where I didn’t have a single virus (WinXP) for probably 2 years. It is a simple matter of installing the right software, maintaining your system, and not visiting websites you shouldn’t be on!

    Maybe Mac users will wake up once they realize their operating systems aren’t infallible.

    • WaltC
    • 8 years ago

    [quote<]On its Why you'll love a Mac page, Apple notes that "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."[/quote<] This is exactly the kind of over-the-top dishonesty that keeps the lid on world-wide OS X market share at ~5%, year after year (Well, that and the fact that Apple ties OS X to x86 Macs and won't compete against Windows in the world market.) People who know enough about computers to clearly understand why buying a Mac is not in their best interests would never be fooled by this kind of marketing prevarication. The reason that Windows viruses and Windows malware might affect a Windows machine but not a Mac is *because* those viruses and malware are specifically written to operate on *Windows* files--which, of course, do not exist on a Mac since a Mac running OS X isn't running Windows. There are *no* other "built-in-defenses" inside the Mac OS that "keep you safe, without any work on your part" from being infected by viruses and malware written to attack [i<]Windows.[/i<] (Office 2010 for Windows won't run under OS X for exactly the same reason--you'd have to buy the version of Office coded for OS X before it would run on OS X.) The reverse is also true: malware and viruses written to exploit OS X files [i<]will not run on Windows[/i<], either, also "without any work on your [the user's] part." To add grievous insult to injury, Apple then instructs its techs to lie to people who have in many cases [i<]paid for[/i<] Apple Care by telling them that they don't have the malware--or if the malware is found but the customer doesn't know it, Apple Care has been instructed not to tell their own customers that it is present in their systems! And, amazingly, if they do somehow get around to telling their Apple Care customers they've contracted this malware--then, gosh, they get to tell them that "We can't help you get rid of it!" Man, when the people who write this sort of malicious code finally do get around to seeing what a ripe, juicy, unprotected--neigh, virginal--low-hanging fruit OS X is, Apple is going to emerge with one hell of a shiner and a "safety" PR so tattered that Windows by comparison will seem like Fort Knox. I just cannot understand why Apple continues to treat its customers with so much contempt by constantly spinning yarns designed to mollify them and to create false hope and expectation. The fact is that Apple has created such a security illusion around the Mac that many Mac users undoubtedly feel that [i<]it doesn't matter what buttons they push or what info they enter, they believe they are still protected.[/i<] I recall reading a quote by Steve Jobs when asked about the overall security level of OS X. "It's safe enough," is what I recall him saying in reply, and all I recall him saying. Yet every time Apple rolls out an OS X update its full of bug fixes and security fixes--which Apple barely publicizes at all--as if the company is embarrassed to have to admit OS X files have vulnerabilities that hackers could exploit. Basically, what it boils down to is that like so much else at Apple pertaining to the Mac, *marketing* is "Job One" and apparently is more important than any other consideration including customer satisfaction. "As long as they think you've treated them right it really doesn't matter whether you have."

      • Convert
      • 8 years ago

      No, it isn’t. This is the same thing you hear from most other technology companies, it’s called [i<]marketing[/i<]. Their statement is technically correct. It isn't Apple's duty to clean up infections, let alone ones the user permitted to be installed. There are plenty of built in defenses in MacOSX. Windows has them too, they are just circumvented. AppleCare has not been instructed to lie about the infection. They have been told not to confirm or deny that the user is infected. It makes sense if you've ever worked in this field. They want to take a hands off approach and there is no point in training support staff to know all of the signs of infection of all the variants in order to give an informed answer. AppleCare has no obligation to be the town crier for infections. I don't call Microsoft and ask them if I'm infected with Backdoor.AntiLam.20.Q or not. What if they get it wrong? Now I can try to hold them liable. Sure, Apple could play the good Samaritan and maybe make a detection tool or even a removal tool but that sets an expectation for Apple to do it again next time. On top of that it would then be expected to monitor for new variants and update the tools in a timely fashion. Judging by some of the comments, OSX is about to be up to it's eyeballs in infections soon, so it's best Apple is taking this stance now. I'm sorry WaltC, I don't know you personally (obviously), but your posts are usually as retarded as they are long. I haven't used the free Macbook I got in years and the only Apple product I find worth buying is their iPod shuffle (and only certain generations of it), nothing else. I dislike their users more than Linux fanatics. I think their commercials along with just about all their other marketing drivel to be scummy. But you know what? That's the game, those are the rules, take your ball and go home.

        • cynan
        • 8 years ago

        I agree with [s<]Apple[/s<] Convert (j/k) The one thing that you can't really argue about when pitting Microsoft vs Apple, is that Apple is WAAAYYYY more competent when it comes to marketing their product. Sure, perhaps when they've claimed that OS X has been more secure than Windows they've let people think that it was because their OS was much more secure (even though it's been largely due to the fact that they have been much smaller malware targets and very little to do with OS X itself), but they've never come right out and said it as far as I recall. They're just better (very good in fact) at playing the marketing game... And in stark contrast to Microsoft, who seems to be able to do very little right marketing wise, regardless of how much they spend on it (remember those Seinfeld commercials a couple of years ago? Yikes...) [i<]Edit:[/i<] And I'm also no Apple fanboi: I even take a bit of silly pride in the fact that I don't own a single apple product..

          • Meadows
          • 8 years ago

          They *have* to excel at marketing, for how else could they make people buy stuff so atrociously priced?

            • Convert
            • 8 years ago

            I’m sure it’s been posted elsewhere already: Warning, language [url<]http://www.youtube.com/watch?v=kTfy96gb2KI&feature=player_embedded[/url<]

        • KoolAidMan
        • 8 years ago

        [quote<]I don't know you personally (obviously), but your posts are usually as retarded as they are long.[/quote<] Sums up WaltC's posts perfectly. Brevity is the soul of wit, and he has neither. Lots of tired prattling demagogary and one-dimensional thinking though, oh man does he deliver with that.

        • Deijya
        • 8 years ago

        Do you also agree with the US Government’s “Don’t Ask, Don’t Tell” policy?

        “They have been told not to confirm or deny that the user is infected.”

        Oh, and there is a point in training the support staff. Otherwise we can’t call them geniuses, Genius. :]

    • jstern
    • 8 years ago

    This Mac report is funny [url<]http://www.cnn.com/2011/TECH/gaming.gadgets/05/19/apple.religion/index.html?hpt=C1[/url<] I don't think it would matter whether gets bombard with viruses and Trojans, they have to many loyal fans. Which reminds me of a mac guy giving a passionate speech about being brand loyal, as if that was somehow an admirable thing. I would not be loyal to any corporation. If somebody puts out a better product, I'll check that out.

    • RtFusion
    • 8 years ago

    Not a big surprise here. Ever since Macs have been growing in popularity, I’ve come across articles saying that exploits, malware, trojans, whathaveyou; are also on the rise on finding themselves on OS X. I don’t ever recall Apple ever releasing any big updates, service packs, or anything to address these growing problems (someone can enlighten me?). With Microsoft, you always get the latest updates almost all the time for potential breaks in Windows.

    And ever since getting Windows 7, I don’t recall getting any serious infections from viruses, trojans, or malware breaking my system. Avast (free) and Windows Defender usually catch them before I do (like when I try to extract some trainer for a game, Windows won’t let me extract the files at all because its infected, although I do scan every I download anyway with Avast).

    I just hope Apple gets on the train on releasing SPs and updates on a regular basis to protect OS X; no OS is immune to anything. But after seeing Apple being quiet on these issues with threats on the past few years, I don’t think that will happen any time soon. Ultimately, it is really the user who is the first firewall, they are the ones who has control on what they install and what they do with those programs. I remember being stupid enough to install fake scanners, adware, going to sketchy sites and clicking on “Accept” or “OK” without a second thought, etc on my old XP machine (back when I almost knew nothing about computers) despite having Norton AntiVirus and Spybot Search & Destroy installed, XP would just cripple with the crap I installed without really knowing what it was doing to my system because many of these programs played on my fear that I may get infected and these program promising me to protect against those threats or promise me better performance for my machine.

    Its too bad that ever since Apple set out its campaign that OS X is immune to these types of threats is ingrained in the public’s mind when they want to go out and purchase computers. Some people who purchase Macs may get that false feeling of full security just because of the promises made by Apple about OS X and therefore they don’t have to do any preventative measures to protect their PC; the “It just works” mentality.

    I’m actually kinda glad the Windows was and still is a big target for threats, it just makes Microsoft that much better at rolling out updates and eventually more hardened OS releases by applying what they learn from user experiences with these threats; thus making it harder for programmers to write viruses, trojans, malware, to attack Windows.

    Anyone willing to bet on some zero-day exploit to be found on OS X sometime this year or the next?

    • Convert
    • 8 years ago

    I’m not one to defend Apple but this is kind of silly, you have to allow the program to continue installing and input your credentials.

    I don’t even know of a Windows infection that requires this, I’m not sure if they exist. That would be one polite piece of malware to ask for permission to infect your PC.

      • KoolAidMan
      • 8 years ago

      [quote<]I don't even know of a Windows infection that requires this, I'm not sure if they exist.[/quote<] That is how most malware is transmitted these days. Viruses in Windows are pretty much a thing of the past now that executing programs as admin requires user authorization. UAC in Windows Vista and 7 addressed the issue of self-executing malware (aka - viruses). Viruses weren't really a problem with OS X or any unix type operating system because its security model requires users to manually elevate admin rights in order to run an application. So yeah, malware now relies on tricking users into running them, Windows included since there are so many Windows 7 and Vista machines out there.

        • glynor
        • 8 years ago

        Not true.

        Many new pieces of Malware exploit buffer overflows in components like Flash, or exploits in JavaScript, and don’t trigger UAC as they get installed. Even if they do, they certainly don’t run you through a blatant installation process that you can cancel at any point.

        Is there stuff like this on Windows? Sure. They’re less potent, but they exist. But most malware that is actually successful on Windows is [i<]nothing[/i<] like this thing. You have to actually walk through an installer process, like a normal package file, clicking Next, Next, entering your password, and then clicking "Finish". And, if you don't use Safari, or DO use Safari but have the absurd "Open 'Safe' Files Automatically" option disabled (as is strongly recommended by basically everyone I've ever heard from), then you'd never even see this thing, much less be prompted to enter your password or install the files from the image it downloads. These people are clueless, and are being socially engineered and duped into thinking they should install this thing. It isn't exactly crafty to anyone with a medium degree of computer savvy.

          • glynor
          • 8 years ago

          On top of that, removing this thing appears to be trivially easy:

          1. You kill the process using Activity Monitor.
          2. You remove the item from the Login Items System Preferences panel (which doesn’t contain hundreds of system processes, just a handful of user ones).
          3. You delete the files from the Applications folder.

          Done.

          • KoolAidMan
          • 8 years ago

          You’re right, I totally forgot to mention Flash and Java security holes.

        • Convert
        • 8 years ago

        That’s not exactly what I meant but I see what you mean. I was talking more about the install procedure, UAC [i<]might[/i<] prompt you but that's the extent, you don't get a fancy install wizard. That's why I said I don't think there are any infections that actually send you through install prompts. Though I can't argue they don't exist, I haven't seen every infection ever created.

          • KoolAidMan
          • 8 years ago

          [quote<]That's why I said I don't think there are any infections that actually send you through install prompts.[/quote<] Those are actually a good chunk of the successful ones on Windows these days. There's a reason they're called "trojans" 🙂

    • HisDivineOrder
    • 8 years ago

    Hahaha, did Apple really think it was never going to happen? That their security was so good, their OS was so foolproof, that it would never come to pass that as their ship grew bigger and bigger and their user base more and more arrogant that eventually they would not be targeted?

    Honestly, hubris so insane was inevitably going to be targeted.

    • ShadowTiger
    • 8 years ago

    Simple supply and demand…

    • blastdoor
    • 8 years ago

    Looks like Apple has picked the right time to introduce what will become the final solution for fighting malware — the Mac App Store.

    In the future there will be two kinds of Mac users — those that run under the default configuration that only allows Mac App Store apps to be installed and those that run under a “pro” configuration where knowledgeable users can install software not found in the App Store.

    Ultimately curation is the only way to kill trojans.

      • sweatshopking
      • 8 years ago

      “Looks like Apple has picked the right time to introduce what will become the final solution for fighting malware — the Mac App Store.

      In the future there will be one kind of Mac user – those who play in the garden, just like iOS. they’re going to switch to a “jailbreak and die” system.”

      fixed it for you. 😛

    • glacius555
    • 8 years ago

    Wait, what? Almost every comment has quite many “+” today?

      • KoolAidMan
      • 8 years ago

      Shocking, I know. PC fanboys/Apple-haters everywhere are rejoicing. Such a sad waste of time.

      * Posted from the uber gaming rig I put together myself.

    • mikehodges2
    • 8 years ago

    Meh. TUAW has a pretty good article on it. You have to jump through a few hoops for it to install, and they only mention it affecting Safari…I use Chrome on both my mac and pc anyway.

    Bit shitty of Apple to deny its existence though. At least point people to TUAW or something, so they can (quite easily) remove it themselves!

    [url=http://www.tuaw.com/2011/05/19/macdefender-malware-protection-and-removal-guide/<]Here[/url<] if anyone needs it.

      • kuraegomon
      • 8 years ago

      The problem isn’t this specific exploit, because the existence of the toolkit makes it really easy to swap in alternate (drive-by) exploits – which do exist.

      The fact that someone’s bothered to implement the toolkit is actually more disturbing. It means that the _really_ skilled black hats are doing the math, and realizing that the increased market share (and probably more importantly, the relative affluence of the Apple demographic) of MacOS now make it worth their while to do this kind of work.

    • jstern
    • 8 years ago

    Just read about it on a Mac site. I’ve never seen the fanboys so smug. They’re blaming it on new to Mac stupid Windows users who are less tech savvy than them, and saying that it’s not a virus, but a trojan.

      • khands
      • 8 years ago

      They’re technically correct on the last part but people got “virus” stuck in the mainstream vocab instead of “malware”, the average person doesn’t know the difference.

        • jstern
        • 8 years ago

        The reason why I mentioned that is because they would consider any type of malware on a PC to = a virus, but not vice versa.

        Malware, trojans, etc on a PC = Virus

        Malware, trojans, etc on a Mac != Virus

      • KoolAidMan
      • 8 years ago

      Virus != Trojan. Viruses are not a problem on OS X, but any operating system can be hurt by malware that the user executes as admin/root.

        • NeelyCam
        • 8 years ago

        And who cares what it’s technically called if it f*cks up your computer all the same?

        Bottom line: Macs are now f*cked just like Windows PCs. Welcome to the party – step down from your high Trojan Horse.

          • KoolAidMan
          • 8 years ago

          Never had malware issues on my Windows PCs, don’t expect to have them on my Mac either. I don’t execute files I don’t know, do you? Malware can mostly be addressed by users not authorizing applications they don’t know about or that are unverified.

            • NeelyCam
            • 8 years ago

            I don’t, and I have antivirus/antispyware crap on to try to protect me from whatever webpages I might end up on, along with some weak hardware firewall on my router.

            But I’m talking about mainstream users who stopped updating their antivirus software because the free 30-day license expired to the Norton bloatware that came with their PC (or the poor Macolytes that never had anything in the first place).

    • Meadows
    • 8 years ago

    I love this.

      • srg86
      • 8 years ago

      Agreed. Reading all of this has made my day.

        • KoolAidMan
        • 8 years ago

        [url<]http://wtfhub.com/wp-content/uploads/2010/11/forever-alone-guy-painting.jpg[/url<]

    • glynor
    • 8 years ago

    Gruber had the absolute best take on this “new threat”, if you haven’t seen it: [url<]http://daringfireball.net/2011/05/wolf[/url<] What is interesting is that this particular piece of malware actually targets user's perception that they MIGHT be vulnerable (it is a "fake" anti-virus scam, like are all-too-common on Windows). Unfortunately, even though it can't get installed without the user accepting it and entering their admin password, history has shown that plenty of users will just enter their password into any box that asks for it without a second thought.

    • kamikaziechameleon
    • 8 years ago

    As predicted, lol HA H AH AHA HA

    • sweatshopking
    • 8 years ago

    did you crazies see this?: [url<]http://blogs.computerworld.com/18306/brain_scans_hint_at_why_apple_fanbois_are_more_loyal_than_windows_fans_its_the_power_of_religion[/url<] this will change nothing.

      • kuraegomon
      • 8 years ago

      Yep – the secret to the RDF, revealed at last.

      • NeelyCam
      • 8 years ago

      You know, not to be a bash-apple-party-pooper, but that probably applies to AMD/Intel/NVidia/ARM/BMW/YouNameIt fanatics as well.

        • willmore
        • 8 years ago

        That was my thought when I saw that article.

    • Neutronbeam
    • 8 years ago

    If people can afford a Mac, they can afford this

    [url<]http://buy.norton.com/estore/mf/productDetails/slotNo/16/sourcePageType/Category/categoryCode/Macintosh_Sub_Category/productShortName/norton-internet-security-mac/productSkuCode/14551955/priceGroupId/1000000/[/url<]

      • glynor
      • 8 years ago

      Amusingly, that product “defends” the Mac almost entirely against Windows viruses. It is primarily useful for enterprise use, to help detect threats that wouldn’t have actually ever hurt the OSX users, but might impact the Windows machines at the same site.

      PS. That said… I wouldn’t even begin to suggest that Mac OSX is invulnerable. Some of the reason they haven’t had much of a real virus problem is the architecture, but the vast majority of it is the market share and the simple fact that to write an OSX virus, you probably have to learn a whole new language (Objective C).

      Things like this are certainly bound to happen occasionally as the Mac gets more and more popular. The truth is, though, that [i<]for today[/i<] you ARE much safer (particularly from "spyware" and other "not quite virus-like" malware) on OSX than you are on Windows. To most consumers... The details of "why" are totally irrelevant.

        • Neutronbeam
        • 8 years ago

        I never said it would actually help any Mac users, only that they could afford it ;->

    • 5150
    • 8 years ago

    I. Cannot. Wait.

    Is it too early to start smashing this in the face of the Macolytes at work?

      • moshpit
      • 8 years ago

      Security through obscurity is my favorite jab at mactards. Now that they’re less obscure, they’re less secure. Lazy security for the lose!

    • StuG
    • 8 years ago

    I’m not going to lie, as much as the PC world hates the Mac world I’m surprised this hasn’t already happened. The people that program malware and viruses love to hit stupid consumers that buy outdated or inferior virus protection. I feel that infecting the most pompous, non-thrifty, and arrogant people in the god damned computer industry would make a lot of sense.

    • Mentawl
    • 8 years ago

    “AppleCare”…except when it’s something that we assured you was impossible before. Then it’s -your- problem!

    /sarcasm

    • kuraegomon
    • 8 years ago

    Apple doesn’t want to “set the expectation to customers that we will be able to remove all malware in the future.” – ARE YOU FREAKING KIDDING ME?!?!? A huge part of your entire sales platform is that you provide a simple, trouble-free experience for your sheep – er, excuse me, I mean zealots – nonono, I _really_ mean customers – and now that the wolf has shown up, the sheepdog’s only going to provide best-effort service? Really?

    If I’d been in Jobs’ shoes, I’d have made _damned_ sure that I had the absolute best, sharpest, most proactive security division and policies that all those inflated margins could buy. But noooo, that’s just way too obvious.

    I do feel sorry for the entry-level Mac users though – they have _no_ idea how much pain is in store for them.

      • Spotpuff
      • 8 years ago

      It will be a hilarious day when Mac users flock back to Windows because they have too many viruses.

        • khands
        • 8 years ago

        Actually, that will probably be the year of the linux desktop.

          • 5150
          • 8 years ago

          A guy at work was Linux, went Apple, and today said he’ll probably have to go back to Linux.

          • grantmeaname
          • 8 years ago

          They’ll flock to Ubuntu, which by then will look the exact same as Mac OS.

    • Welch
    • 8 years ago

    Ahaha, ohhh come on Geoff, you know you want to smile… AHHH There it is, I know you just smiled.

    I never understood why any OS developer could be so cocky as to think that their OS was untouchable. Its not even that their security was amazing or anything. Its how I explain it every-time I’m asked why “Macs are so much more secure”.

    You got 2 banks sitting right next to each other. Your a bank robber and you want to get the best bang for your buck, or is it buck for your bang :)? You can either go into Bank A which is a local bank who may have a few 100,000 or you can go into Bank B which has a few million floating around. Hmmmm, hard choice huh?

    Of course if your writing viruses, your going to for the numbers! When macs only make up what 13-15% now (Don’t quote me on that, I know they gained a bit of market share in recent years), why would you make a virus for those when you can make one for 80%+ of home systems?

    Great example of Apple getting what it deserves, just a shame they aren’t going to assist their customers who pay the extra Apple tax. Least they can do is help them through this 1 problem and make it clear that they don’t usually and will not usually offer this service.

      • sweatshopking
      • 8 years ago

      it’s like 5-8% not even close to 13%

    • lilbuddhaman
    • 8 years ago

    by Geoff Gasior (aka Captain Obvious)

    j/k interesting set of stories, but you’ll never beat the Steve Jobs Reality Distortion Field from convincing Apple users’ machines are perfect.

    • Buzzard44
    • 8 years ago

    Please, allow me to post a summary:

    Mac market share rises.

    Volume of malware targeting Mac rises.

      • anotherengineer
      • 8 years ago

      Indeed.

      Also Mac’s are quite a bit more expensive than a PC therefore Mac owner’s in general must have more income. Money sounds like a good reason to make malware also.

        • albundy
        • 8 years ago

        all the more reason to push a keylogger on their machine so bank credentials could be revealed.

        most of sales teams in our office use macbook pro’s…except for me an another co-worker. a few months ago i purchased two HP 8100 Elite’s with a corei7 870, with 4 monitors ( two for each of us) and an upgrade to 12GB of ddr3 ram and a discrete radeon hd4650 card. both of our PC setups ended up costing us less than 1 macbook pro. nuff said.

          • NeelyCam
          • 8 years ago

          Yeah, but you can’t get laid carrying an HP laptop.

            • indeego
            • 8 years ago

            Sure you can, that extra cash is always a hit with the ladies.

            Real men cover up/scratch off the logos on their computing devices anyway.

            • NeelyCam
            • 8 years ago

            lol good reply

      • Dissonance
      • 8 years ago

      Lemme fix that for you 😉

      Mac market share rises.
      DIY Mac malware kit released.
      Volume of malware targeting Mac rises.

Pin It on Pinterest

Share This