Many were alarmed when Topher Kessler released a blog post talking about the “first” viral malware compromising Macs. According to the post, the malware’s name is “Clampzok.A”.
This virus is capable of propagating and altering binary files on infected systems. He further added that the malware’s code was originally released in 2006 and was written in assembly code to primarily infect Windows and Linux operating systems. He insists that this is the first ever Mac threat ever discovered.
But he’s wrong. Mac threats have existed since 1982, as shown in this Mac virus timeline. In 1982, a fellow named Rich Skrenta created the “Elk Cloner virus”, which can infect the boot sector of any Apple II computer. Additionally, an ESET datasheet traces all the significant Mac threats they found from 2004 to 2012.
Mac threats aren’t really a new breed of threats; they’re just not as voluminous as Windows threats. This is because malware writers don’t see any value in creating Mac malware, since only a small portion of the population owns a Mac.
According to a Sophos’ 2013 threat report, most malware writers find it more profitable to attack Windows than Mac because only a small community uses the Apple product. In fact, one of the new features of OS X Mountain Lion is whitelisting, which prevents Mac users from downloading malicious apps that can harm their machines.
To further illustrate, here are 3 Mac threat categories that will wipe off your obsolete perceptions of Mac malware:
Also called as “parasite software”, “scumware”, “junkware”, and “thiefware”, spyware is a type of malware capable of stealing private information, of tracking and recording conversations over IM APPS, and of patching web browsers and network applications to search for user’s personal account information and passwords. Typically, spyware is downloaded together with software freely offered in the web.
In 2012, 600,000 Macs were infected by the spyware Flashback trojan. A botnet that exploits a Java flaw found in Mac OS X machines, Flashback is capable of monitoring an infected machine’s network traffic to steal usernames and passwords.
Worm and virus are often interchangeably used, but they’re not really synonymous. A worm is a type of malware that automatically replicates itself in infected computers. A virus, in the meantime, doesn’t automatically copy itself—a user has to execute a certain command to trigger replication.
A worm is capable of damaging output, decreasing computer performance and consuming internal disk and memory. There are also occasions in which it deposits a trojan capable of turning infected computer into a botnet.
In 2006, the OSX.Leap.A worm was found. This Mac worm spreads via the iChat instant messaging application and forwards itself as a file called “latestpics.tgz” to the contacts on infected users’ buddy list. Opening a “latestpics.tgz” file will show a hoax JPEG graphic icon that looks harmless.
#3 DNS changers
DNS changers alter an infected system’s network settings to redirect internet traffic to a malicious URL. It usually poses as legitimate downloadable software or application updates for Mac OS X 10.6 Snow Leopard and QuickTime player.
In 2009, OSX/Jahlav.A was detected by security engineers. This malware is capable of redirecting domain name system requests to malicious servers and websites. This Trojan carries a payload that disguises itself as a video software crack keygen that typically uses the following names: QuickTime.dmg, MacTubePlayer.dmg and crack_photoshop.dmg.
Evidently, malware targeting Mac is old news. And as more and more businesses and government agencies show a preference for Mac over Windows, your Mac gets more and more vulnerable to cyber-attacks everyday.
In fact, trusted analyst Frank Gillette reported in a blog post that almost half of enterprises with 1,000 employees or more are installing Macs, and are planning to increase the number of Macs they issue in 2012 by 52%.
With this, it’s inevitable to see an increase in the number of Mac threats in the near future—malware that target not only Apple desktops but also mobile business phones.
Have you been a victim of Mac Malware ?
Image Credit: Luc