If their "Mac security solutions" are installed on 1/100,000 of total active Macs, the one tenth of that makes 1/1,000,000 of total active Macs.
While I get what you're trying to say, your math is wrong.
If 1 in 1,000 people surveyed had the malware then you'd have 1,000 out of 1,000,000 and so on. As long as the 1,000 is a representative sample of all users, then you can extrapolate the entire infection rate from that sample.
What you're implying is that only users of Kaspersky products are seeing this malware.
That said, the title is incorrect. It implies that 10% of the entire Mac user base has an infected computer, when Kaspersky is saying that 10% of users will see this attack show up. There's a big difference between an attempted attack (extremely common) and a successful installation of malware (far less common).
One type of malware that the Shlayer Trojan installs is a Safari Extension and the Mac does ask if you are sure that you want to use it. However, while macOS is warning that this is an unrecognized extension, Shlayer is overlaying that message with a fake dialog box saying that the installation is complete.
Users see an "Okay" button and click it, but in reality they are clicking a Trust button that macOS was actually displaying. They are telling the Mac that it is okay to install this software, so it does.
Left: what the user sees. Right: what the Mac is actually displaying (Source: Kaspersky)
An application should never, ever be allowed to layer a window or dialog box over the top (i.e. a higher z-order) of a system notification. Even that company in Redmond figured this out (back in Vista IIRC).
I hate that garbage like this exists and that there’s seemingly no way to totally stop it. Even legit websites can harbor this crap. Detail-oriented technical people like myself usually see these tricks for what they are, but how are average, non-technical users expected to cope when computers are already so overwhelming for them?
Exactly. My MIL is constantly in need of help with her computer because of stuff like this. "My computer TOLD ME I needed to update!" is what I usually hear. Like you said, how is she or others like her supposed to know if something is legitimate or not? She certainly isn't new to computers. Her first Mac was a Bondi Blue iMac, she has worked remotely almost every day for the last 5 years, etc. But these sorts of things get her, seemingly every time.
So... a Russian owned computer security company is throwing out red flags and fear mongering to push sales of its software...
Sure...
No financial gain for that kinda BS...
Just having GateKeeper enabled will help thwart such crap from infecting a Mac. Considering the tech savvy level of the average user, GateKeeper will catch it before it's a problem. No need to waste money on Putinerskry software. Another clickbait article.
I guess I'm not one of the one in ten. I removed flash years ago and have closed all pages saying I needed to update Flash. But it would be nice to know of a way to check for the virus.
Malwarebytes is plenty good, even the free version.
I guess I'm not one of the one in ten. I removed flash years ago and have closed all pages saying I needed to update Flash. But it would be nice to know of a way to check for the virus.
Malwarebytes is plenty good, even the free version.
I though the free version expires after 14 day, am I wrong?
If their "Mac security solutions" are installed on 1/100,000 of total active Macs, the one tenth of that makes 1/1,000,000 of total active Macs.
While I get what you're trying to say, your math is wrong.
If 1 in 1,000 people surveyed had the malware then you'd have 1,000 out of 1,000,000 and so on. As long as the 1,000 is a representative sample of all users, then you can extrapolate the entire infection rate from that sample.
What you're implying is that only users of Kaspersky products are seeing this malware.
That said, the title is incorrect. It implies that 10% of the entire Mac user base has an infected computer, when Kaspersky is saying that 10% of users will see this attack show up. There's a big difference between an attempted attack (extremely common) and a successful installation of malware (far less common).
Yes I mean exactly that.
The point is, one can't extrapolate the entire infection rate from that very very specific and and tiny sample made of Kaspersky Mac users. Kaspersky or any anti-virus tool is not a common utility on the Mac platform. When you buy a new Mac no one will suggest to buy an anti-virus alongside, as it is common in the PC world. If there exist some Mac user base who take Kaspersky into serious they must have very serious reasons to do so: either they belong to some corporation/institution under continuous targeted attacks, or they are that kind of users who don't have afraid of frequently visiting the dark fringes of the Internet such as unregulated porn sites or piracy sites. Those are not representative samples of the totality of active Mac users, neither are Windows switchers who install those by habit.
Besides, macOS Catalina prevents unsolicited downloads by requesting permission from users for every site. As long as Catalina installation rate increases, that malware issue will become more and more marginal on the Mac platform.
This is a good article and good information, but I absolutely don't trust Kaspersky. It's a Russian company with ties to election hacking. Although their software itself might do a good job with detecting viruses, I'm not convinced that they're not also monitoring our behavior, or at least setting things up to do so. If you look in the Android play store or the Apple store, you see around a dozen Kaspersky apps, all of which require access to your system. Even if you use just two or three of them, Kaspersky could have access to everything you do including your camera your microphone, even keystrokes. I'm just not convinced that they're not setting this up while millions of us use their software. They have the capability to mine incredible amounts of intimate and private data about us. Kaspersky applications are banned by the Pentagon. That should raise flags.
MacOS, iOS, WatchOS and iPadOS. Keep all Malware, anti-virus, porn sites and security apps well away from your equipment. For 40 years Apple computers and some Apple ancillary tech have passed through my hands and I have never yet seen a single byte of malicious code.
So... a Russian owned computer security company is throwing out red flags and fear mongering to push sales of its software...
Sure...
No financial gain for that kinda BS...
Just having GateKeeper enabled will help thwart such crap from infecting a Mac. Considering the tech savvy level of the average user, GateKeeper will catch it before it's a problem. No need to waste money on Putinerskry software. Another clickbait article.
So do you have any evidence to refute what was presented?
One type of malware or scam I see from time to time is various emails asking you to reset your password to some site. All of those go straight to the trash.
I got one from "Facebook" the other day.
Unfortunately for the scumbags, I've never even had a Facebook account.
A lot of the malware or scams seem to be coming from illiterate people who are not very bright and also not very fluent in English.
A friend of mine got an email from "Apple" last year, telling them to reset their password, and they asked me to take a look at the email, and the grammar was a total joke.
(1) Apple would never send out any emails asking people to reset their password (2) Apple would never hire monkeys who can't even write in English
The dead give away that an email asking to reset your password or that your account has been disabled or that there's a problem with your CC number, etc., is fake is that the email addresses you with, "Dear (company name) Customer" or Dear (your email address). Companies like Apple, Netflix, Amazon, PayPal, eBay, your bank, etc. knows your real name and will always address you using your real name or the name you use for your account. They will never send you an email concerning official matter, that addresses you with a generic term that can apply to anyone that has an account with them.
If their "Mac security solutions" are installed on 1/100,000 of total active Macs, the one tenth of that makes 1/1,000,000 of total active Macs.
While I get what you're trying to say, your math is wrong.
If 1 in 1,000 people surveyed had the malware then you'd have 1,000 out of 1,000,000 and so on. As long as the 1,000 is a representative sample of all users, then you can extrapolate the entire infection rate from that sample.
What you're implying is that only users of Kaspersky products are seeing this malware.
That said, the title is incorrect. It implies that 10% of the entire Mac user base has an infected computer, when Kaspersky is saying that 10% of users will see this attack show up. There's a big difference between an attempted attack (extremely common) and a successful installation of malware (far less common).
Almost Correct. I do think its probable that “only users of Kaspersky products are seeing this malware” because they do not represent a representative sample (of Mac users). Because a real Mac user knows that a virus scanner on a Mac is nonsense, so they are probably susceptible to nonsense like Flash and look at all the wrong internet places.
I work in Mac Tech support. This is complete rubbish. In the last year in the hundreds of Macs that I support it has appeared once. this is just anti virus sales pitch.
When I see a similar message (rarely), I do the following: 1. Immediately quit Safari and avoid the website for a few days - suspect the malware is present in ads within normally safe sites. 2. Disconnect internet cable (I rarely enable Wi-Fi). 3. Relaunch Safari (with no internet connection). 4. Click Safari --> Preferences --> Privacy --> Manage Website Data --> Press Remove All --> Press Done and close popup window. 5. Close Safari. 6. Launch system preferences and clear all downloads in Flash Player and Java (will be glad to see the former gone in 10.16.x). 7. Power cycle cable modem. 8. Restart Mac. 9. Run an antivirus... scan (I've used various products over the years Norton, McAfee, Sophos...) I prefer ones that have anti-ransomware abilities. Some of these will prevent opening websites known to have malware (and may catch things that have yet to be seen by Apple protective code). Some depend on catching suspicious behavior rather than specific virus... signatures; most are updated more frequently than Apple's protective code. 10. If need be, access the site for several days using a backup Chromebook. Suspect I could load Chrome or Firefox on the Mac, and use those for the site that seems to have infected ads. I assume the bad actors target one browser at a time. Each browser has its unpatched weaknesses. Different code may be needed to compromise different web browsers.
Would take similar actions on ANY computer or web browser that displayed such a message. Received a lot of phishing emails over the holidays that were supposedly from banks, Netflix and Apple. Sent these to abuse@xyz (where xyz is the company's website). Only problem I had was with Netflix, who responded back to use phishing@Netflix). Bank was the only one to respond with a specific confirmation. Nada from the others. These attempted attacks seem to peak around holidays (maybe the bad actors assume some folks will be more likely to click on links due to higher intake of alcohol during the holidays). Good idea to copy these to the company they are imitating. If you clicked on a a phishing email, be SURE to change your password if you logged onto a site that can charge you money or has sensitive data.
No matter what protections are built into an operating system or web browser, it is a constant cat and mouse game. The white hats will build a better mouse trap, and the black hats will build a better mouse.
Comments
Like Kaspersky & Malware Bytes.
The point is, one can't extrapolate the entire infection rate from that very very specific and and tiny sample made of Kaspersky Mac users. Kaspersky or any anti-virus tool is not a common utility on the Mac platform. When you buy a new Mac no one will suggest to buy an anti-virus alongside, as it is common in the PC world. If there exist some Mac user base who take Kaspersky into serious they must have very serious reasons to do so: either they belong to some corporation/institution under continuous targeted attacks, or they are that kind of users who don't have afraid of frequently visiting the dark fringes of the Internet such as unregulated porn sites or piracy sites. Those are not representative samples of the totality of active Mac users, neither are Windows switchers who install those by habit.
Besides, macOS Catalina prevents unsolicited downloads by requesting permission from users for every site. As long as Catalina installation rate increases, that malware issue will become more and more marginal on the Mac platform.
I do think its probable that “only users of Kaspersky products are seeing this malware” because they do not represent a representative sample (of Mac users). Because a real Mac user knows that a virus scanner on a Mac is nonsense, so they are probably susceptible to nonsense like Flash and look at all the wrong internet places.
Do 10% of people really believe that's a legit window to click with??? Can't they tell it's in the browser?
1. Immediately quit Safari and avoid the website for a few days - suspect the malware is present in ads within normally safe sites.
2. Disconnect internet cable (I rarely enable Wi-Fi).
3. Relaunch Safari (with no internet connection).
4. Click Safari --> Preferences --> Privacy --> Manage Website Data --> Press Remove All --> Press Done and close popup window.
5. Close Safari.
6. Launch system preferences and clear all downloads in Flash Player and Java (will be glad to see the former gone in 10.16.x).
7. Power cycle cable modem.
8. Restart Mac.
9. Run an antivirus... scan (I've used various products over the years Norton, McAfee, Sophos...) I prefer ones that have anti-ransomware abilities. Some of these will prevent opening websites known to have malware (and may catch things that have yet to be seen by Apple protective code). Some depend on catching suspicious behavior rather than specific virus... signatures; most are updated more frequently than Apple's protective code.
10. If need be, access the site for several days using a backup Chromebook. Suspect I could load Chrome or Firefox on the Mac, and use those for the site that seems to have infected ads. I assume the bad actors target one browser at a time. Each browser has its unpatched weaknesses. Different code may be needed to compromise different web browsers.
Would take similar actions on ANY computer or web browser that displayed such a message. Received a lot of phishing emails over the holidays that were supposedly from banks, Netflix and Apple. Sent these to abuse@xyz (where xyz is the company's website). Only problem I had was with Netflix, who responded back to use phishing@Netflix). Bank was the only one to respond with a specific confirmation. Nada from the others. These attempted attacks seem to peak around holidays (maybe the bad actors assume some folks will be more likely to click on links due to higher intake of alcohol during the holidays). Good idea to copy these to the company they are imitating. If you clicked on a a phishing email, be SURE to change your password if you logged onto a site that can charge you money or has sensitive data.
No matter what protections are built into an operating system or web browser, it is a constant cat and mouse game. The white hats will build a better mouse trap, and the black hats will build a better mouse.