Apple erases emerging Mac OS X trojan via malware definition update

Posted:
in macOS edited January 2014
Chinese malware targeting Mac users wasn't actually functional, but Apple has squashed the exploit anyway by delivering a malware definition update that flags the Trojan Horse as being malicious when users try to open it.



New malicious software reported by CNET this week has been added to Mac OS X's internal blacklist of known malware, erasing the threat even before its authors were able to get it to the point of actually functioning.



The described "Trojan-Dropper:OSX/Revir.A" was not yet functional, according to security software vendor F-Secure.



However, a report by MacRumors confirms that Apple has already distributed a new definition, which lets the operating system identify and warn users before they attempt to open it.







Apple only recently debuted the new malware definition feature in Mac OS X, and has since distributed definitions flagging new threats such as "MacDefender," a phony anti-virus program.



Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.



Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate. Apple's Mac App Store enables users to find and install apps without risking an inadvertent malware infection.



Apple's iOS platform is even more secure, requiring users to obtain all their software from the App Store while also setting up app-level security boundaries that prevent apps from touching users' documents (or other apps).



Apple plans to incorporate more App Store-style security for users in iCloud, which similarly segregates apps and their data, preventing rogue malware from accessing, erasing or modifying users' files in the cloud.

Comments

  • Reply 1 of 15
    Whew! I'm glad they erased the malware. Won't have to worry about that again.
  • Reply 2 of 15
    Quote:
    Originally Posted by bstring View Post


    Whew! I'm glad they erased the malware. Won't have to worry about that again.



    Apple didn't erase the malware, it just added definitions to its Mac OS X security management system, which warns you, that the application you are opening, may be some kind of malware.
  • Reply 3 of 15
    MacProMacPro Posts: 19,307member
    I love my walled garden
  • Reply 4 of 15
    Quote:
    Originally Posted by digitalclips View Post


    I love my walled garden



    I second that!
  • Reply 5 of 15
    Quote:
    Originally Posted by SixnaHalfFeet View Post


    I love my walled garden...I second that!



    I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.
  • Reply 6 of 15
    Quote:
    Originally Posted by jetlaw View Post


    I couldn't agree more. I often wonder how many of the Android fanboys who crow about openness are updating their blogs from their homes within a gated community.



    Or their parents' basements.
  • Reply 7 of 15
    Quote:
    Originally Posted by Napoleon_PhoneApart View Post


    Or their parents' basements.



    Or somebody's else Wi-Fi, them cheapskates!

    Done
  • Reply 8 of 15
    Quote:
    Originally Posted by Splash-reverse View Post


    Or somebody's else Wi-Fi, them cheapskates!

    Done



    Alright, you win.
  • Reply 9 of 15
    macrulezmacrulez Posts: 2,455member
    deleted
  • Reply 10 of 15
    Quote:
    Originally Posted by MacRulez View Post


    OS X != iOS.



    On Android, the user is provided notification of an app's capabilities before downloading. On OS X, you can download anything from anywhere and you have no way to know what it'll do once it's installed.



    Of course this is only temporary: later version of Lion will likely prevent the installation of any apps from outside of Apple's App Store.



    Until that happens, comparing OS X security to Android is not likely to be favorable..



    Well, you really had to trawl the internet to find an out of date bit of news, didn't you? That pwn2own event ran a Mac that had not had its software updated - a Security Update was released before the event but the organisers (for whatever reason) said they "didn't have enough time" to update the Mac used in the contest, even though the update arrived in plenty of time to be loaded (I mean, how long does an update take? Hardly any time at all.)
  • Reply 11 of 15
    Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...
  • Reply 12 of 15
    Quote:
    Originally Posted by SwissMac2 View Post


    Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...



    This article (as written) confuses me, and for this exact reason. I know that Safari has the ability to silently download a list of fraudulent web sites. You can turn this on/off in Preferences -> Security. I wasn't aware that OS X had a similar 'kill' capability.
  • Reply 13 of 15
    Quote:
    Originally Posted by SwissMac2 View Post


    Why does this new definition not show up in Software Update? If the definition files are not installed on my Mac, where are they and how does my Mac read them? If they are installed on my machine, how? I've never seen anything ask me to install anything and I'd be interested to find out how it works...



    You can force an update of the definitions by unchecking the box ?Automatically update safe downloads list? in the System Preferences Security pane > closing System Preferences > reopening the Security pane and _check_ the box again. Just remember to end up with it being checked.



    Or get the free Safe Download Version and it will tell you, though some recommend making a keychain backup as they've had problems - I've used it and it works fine with no problems:

    http://www.macobserver.com/tmo/artic...itions_update/
  • Reply 14 of 15
    I'm still confused - where is the AV software that uses the definitions file to identify malware threats? Is it in the Applications folder, the Utilities folder, or somewhere else? What is it called? Or does everything I run on my machine get checked by some software hosted at Apple? I'm still on Snow Leopard.
  • Reply 15 of 15
    Only 14 comments in this article? Hey, where are the Apple Fanboys?
Sign In or Register to comment.