The state of Mac virus, 2016

Yes, Macs are not free from viruses. There are viruses since the beginning. Patrick Wardle of Objective-See has written a post with the last significant malware for MacOS, including links to download them and study them (warning: we strongly advise against doing so).

The myth that a Mac is invulnerable to viruses is just that, a myth, although it is undeniable that there are far fewer viruses available, and that it is harder to be installed without the user’s consent. That’s the most difficult part for a hacker: while on Windows, it was enough to run the virus to let it wreaked havoc, on macOS any software has to ask for your consent before doing anything. In recent years especially, users must explicitly authorize any application which is downloaded outside of the Mac App Store. Hackers can get away with authorizations anyway, but these are other steps that the malware has to overcome.

This security feature, in particular, is the reason why lately malware developers spend more and more resources to disguise their malicious software like actual and harmless applications. Developers of the first known ransomware for macOS, KeRanger, went to great lengths to have you infected: they hacked the site of a popular BitTorrent software, Transmission, and replaced the download link for the legitimate installer with a fake link that pointed to their malware.

Other examples are based on classic schemes, although applied very thoroughly: like recreating a forgotten software and use it as a backdoor for audio and video, so that the user installs what she thinks is a legitimate application. Then the worm creates a backdoor and captures audio & video.

FakeFileOpener is more insidious because it sneaks in from the banner that leads the user to install some (fake) security programs. Once installed, it can be recognized by the operating system as the default program to open a large number of documents: in this way it is never in operation continuously, and it is harder to identify. Its purpose is to install additional adware applications.

The post of Wardle is rich in examples and analysis. We recommend at least reading it, and to be always on the alert. Also, have an updated anti-virus that can detect malware and ransomware is a very good idea: we have reviewed different types of antiviruses at this page.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *