Attack vector Mac OS X

Attack vector Mac OS X
3 Dec 11

As the Mac has become more popular, we are seeing more forms and variants of malware available for the platform. The main focus of the attacks is not so much in the software itself as it is in the people using it, a wetware attack, if you will. This does not mean that the software is impervious to attack, but rather that it is sufficiently difficult for a lot of malware creators that it is easier to target the user instead of the system. Make no assumptions about the superiority of Apple's software, it's still made by humans and ever so often a more or less serious flaw is discovered in their software.

OS X remained virtually unaffected from most forms of malware for a number of years, having the odd blip of suspicious code here and there, but not more. I would surmise that it was several factors that led this to happen.

In the early days of Mac OS X there weren't really that many users. Even today if we compare the amount of people using OS X, even Windows XP is by far more common and widespread. Since it was both statistically unlikely that the user would have it as well as that many malware makers were already very familiar with Windows, made the Mac a much less interesting target for attack.

As the number of Mac users have increased greatly in the last 5 years, the situation has changed. Given the knowledge most windows users have and in some cases the lack of knowledge, a new opportunity has arisen. Now there are a ton of "normal users" who have been conditioned for many years to have certain ideas about how a computer behaves and what it needs to function. These people won't be able to tell a real dialog box from a fake one on a website and they are more likely to enter their administrator password when prompted to do so. While the system itself has a very strong secure foundation, the bad guys just exploit the one true weakness: the user!

More people on a platform means it's more tempting to "mine" that potential gold and make a profit from it. We shouldn't kid ourselves into believing that the Mac is now huge, since a PC is far more likely to be running any variant of Windows than Mac OS X. But the numbers are great enough to attract attention from the darker recesses of the Internet.

One misconception is that it's a virus outbreak that's next on the security agenda for the Mac, but I highly doubt that. While there are indeed lots of new viruses discovered every day, viruses are not as much in the future as other, more modern threats. Trojans for instance.

A version of Pixelmator was recently discovered to contain a rather nasty payload called DevilRobber. In fact the download didn't contain Pixelmator at all, just the malware. After duping the user into running the fake program, DevilRobber would be installed and hidden in the background of your system. Particularly nasty is the fact that this particular malware not only uses your computing power to create bitcoins, but also to steal any bitcoin information already on your machine as well as a keystroke logger. Say goodbye to your passwords as soon as you have typed them! They're now on their way to the malware creator.

Trusting the source of the download is critical nowadays and downloading pirate copies of software is not a good option. This is not the first time this has happened either, as pirate copies of iWork has been found to contain Trojans in the past. Expect this to be frequent in the future to come, if the recent past is any indication of things.

Security is reality and we must all take responsibility for how we use our computers, regardless of what kind, be it laptop, desktop, smartphone or tablet. Nothing matters unless we can trust our devices and we take the necessary steps to stay safe!

My quick and easy advice to everyone who uses a computer, no matter the brand and what software you are using, is to download software only from trusted sources and think twice about giving away your administrative password. Common sense will take you far, you should exercise that ability as much as you possibly can.


Robert Falck

Robert is a freelance tech journalist from Sweden. You can follow his posts here on Bagel Tech and on his site or you can follow him on twitter @streakmachine.


Robert Falck


Leave a comment:

* Required.