New malware attacks Mac OS X users through Apple Safari browser

245

Comments

  • Reply 21 of 94
    polar315polar315 Posts: 76member
    Not all Mac users are going to be knowledgeable on it. My wife was using ours and called me as she was not sure what was going on but, was suspicious on it. Took a quick look and figured this was not a legit so killed it off.
  • Reply 22 of 94
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by Gatorguy View Post


    Nope. A key would be out of the question. But why?



    Because I'm aware that nefarious people exist, and that not everyone that wants to talk to me means no harm.



    Many Apple user's don't know that when it comes to their Apple product. They assume they're automatically protected by Apple's systems. So why not trust the guy at the door? Every user already knows he can't hurt you.



    And there's the difference.



    As mstone pointed out, someone could come to your door impersonating a police officer or home security system maintenance worker. So there's little difference.



    Really, you can only go so far in protecting people who are naive enough to believe that everyone who knocks on their door (or every installer that asks for a password) is genuine without questioning things first. You can display warnings over and over again (as Windows has resorted to doing), but there's always people who are going to fall prey to social engineering because they simply don't want to stop and think about things.
  • Reply 23 of 94
    gatorguygatorguy Posts: 24,176member
    A link for those that want to claim this is nothing to worry about.

    https://discussions.apple.com/thread/3029144



    Pretty sure this is intended to work the same as the WindowsDefender scam. It hijacks some settings, making it difficult to use your Apple device. Attempting to manually remove the malware is pretty darn difficult on a Windows machine. Some early posts say the same for MacDefender. But the purveyor of the malware gives you the option to pay $25 (I think) to buy their malware removal tool, giving you back your device.



    It's a nasty little trojan that requires a lot of skill and patience to remove on a Windows machine. But I think it's on it's third go-round there, so I'd expect it to be a tougher removal than on an Apple computer.



    Wait for the next version.
  • Reply 24 of 94
    quevarquevar Posts: 101member
    Is the following attack also newsworthy?



    Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /

    What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....
  • Reply 25 of 94
    gatorguygatorguy Posts: 24,176member
  • Reply 26 of 94
    mstonemstone Posts: 11,510member
    Quote:
    Originally Posted by Quevar View Post


    Is the following attack also newsworthy?



    Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /

    What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....



    What possible advantage would an attacker gain from you deleting everything from your computer? They want to install things not delete things.
  • Reply 27 of 94
    While I get that a number of the posters here are (rightly so) are being cautious this is essentially a social hack - the user has to allow access in order for it to work. That hackers are getting more clever about how they do this is a given. However anti-malware utilities are not the be-all end all in protection as anyone experienced in technology will confirm. I have cleaned far too many Windows machines with various anti-virus/anti-malware utilities installed that were hopelessly compromised regardless. You cannot protect everyone absolutely securely. Traffic and safety laws are a good complementary example of this. If everyone follows the rules you will have significantly fewer traffic issues and accidents. However you cannot, practically speaking, MAKE everyone follow the rules 100% of the time.



    Likewise doing things like using a regular (non-admin) account on your Mac/Win machine, leaving the default secure settings intact or enhancing them, encrypting your hard drive (AND remembering your 16 character random encryption password), running the firewall, and being continually suspicious of unsolicited install requests as a day-to-day model is smart. But not everyone is. Conversely, to make statements like"someone somewhere will do this and that will demonstrate how insecure the MacOS platform really is" is purely specious. Of course they will. Just because someone is clueless, incautious or uninformed, doesn't make the platform less secure - it makes THEIR machine less secure.



    SO stop crying the sky is falling - it isn't. People will be incautious, obtuse or uninformed and will learn (hopefully) from their mistake. This doesn't mean that everyone on Macs should run out and rush-install anti-virus/anti-malware to prevent this sort of thing from happening. And you, as a Mac-savvy friend, SHOULD be providing them with the ability to be a smarter user, by recommending they switch to using a non-admin account for daily use, to refuse unsolicited downloads, and all the other things we know to do to maintain a reasonably secure and well-run Mac. You cannot keep fools from being fools, you cannot legislate commonsense, and you can't keep bad things from happening. Just because a hacker produces a redirect and a download that could possibly compromise a machine running MacOS doesn't mean the platform is compromised - this is a constant part of the environment that is the risk of being internet connected.
  • Reply 28 of 94
    matrix07matrix07 Posts: 1,993member
    Quote:
    Originally Posted by mstone View Post


    Upon installation, the application adds itself to the user’s Login Items, so it will relaunch each time the user logs in or starts up their computer. The application itself cannot be quit easily, as there is no Dock icon.



    (One thing to point out is that, in the past, these types of sites—very common vectors of Windows malware—only delivered Windows .exe applications. The fact that such a site is providing a Mac rogue antivirus is new, and extremely rare. While the site itself still shows a fake Windows screen, the rogue antivirus itself is a well-designed Mac application.)



    This application is very well designed, and looks professional. There are a number of different screens, and the grammar and spelling are correct, the buttons are attractive, and the overall look and feel of the program give it a professional look. It will occasionally display alerts, telling users that viruses are found:



    MAC Defender also opens web pages for pornographic web sites in the user’s web browser every few minutes. This is most likely to make users think that they are infected by a virus, and that paying for MAC Defender will relieve them of the problem.



    Clicking the Register button on the About screen takes users to a web page where they can purchase a license for the program: either a 1-year, 2-year, or lifetime license. Users are asked to provide a credit card number, and the web page used is not secure. The scam here is to charge users for a program that doesn’t do anything; the virus warnings presented are bogus, and after paying, they no longer display, so users think the program has done something useful. It is also possible that these credit card numbers, given via an unsecure web page, could be used for other purposes.



    I see. I got this malware from time to time. In Windows you didn't have to install anything. Just clicking the link and then boom! the browser will simulate Windows Defender page in Control Panel scanning virus and report your system got infected. This will scare us to buy their software. It freaked my wife out once thinking her notebook got infected. She almost bought the software. (luckily I was there.)
  • Reply 29 of 94
    auxioauxio Posts: 2,717member
    Quote:
    Originally Posted by Quevar View Post


    Is the following attack also newsworthy?



    Send an email that tell users that typing the following command into the terminal and then typing your password will make your computer three times faster: sudo rm -rf * /

    What's worse is that this one attacks both OS X, Linux, and Unix. Interestingly, iOS is completely immune to such attacks.....



    Not if you have it jailbroken and have a Terminal app installed. iOS is also UNIX at the core, it just goes the extra mile to prevent you from ever seeing that. You could construct a similar command on Windows too and/or tell people to reformat their C: drive.



    Regardless, the point is that all of these social engineering scenarios shouldn't be considered system security flaws IMO. Unfortunately, the very people they can prey upon will likely be convinced otherwise by the media.
  • Reply 30 of 94
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by fecklesstechguy View Post


    this is essentially a social hack - the user has to allow access in order for it to work. That hackers are getting more clever about how they do this is a given. However anti-malware utilities are not the be-all end all in protection as anyone experienced in technology will confirm. . .



    Conversely, to make statements like"someone somewhere will do this and that will demonstrate how insecure the MacOS platform really is" is purely specious. Of course they will. Just because someone is clueless, incautious or uninformed, doesn't make the platform less secure - it makes THEIR machine less secure. .



    Just because a hacker produces a redirect and a download that could possibly compromise a machine running MacOS doesn't mean the platform is compromised - this is a constant part of the environment that is the risk of being internet connected.



    What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.



    There are Windows malware programs that block this exact attack. Avast is one of those. I suspect that there are solutions for OS x too. Some browsers are also giving you a security alert, or blocking the malware before you're given the option to load it.



    Apparently denying that malware can find it's way into Apple devices just as well as Windows is more important than acknowledging that basic security software may be beneficial to many users of Apple devices.
  • Reply 31 of 94
    solipsismsolipsism Posts: 25,726member
    If security through obscurity is why Mac OS isn’t as affected as Windows then why isn’t iOS rife with viruses? Could it be the foundation for which the OS is based and the way the OS was designed to handle 3rd-party SW, not just some silly statement that black hat hackers aren’t concerned about the OS that is installed on ‘PCs’ that make up wealthier consumer buyers on average and account for ⅓ of all profits?
  • Reply 32 of 94
    gatorguygatorguy Posts: 24,176member
    Dunno. But the lack of serious issues until now isn't proof that the same security issues may not exist.



    While a bit over the top, this article notes another sneaky trojan may be on the way to Apple machines. Apparently a hacker "beta test" of a security flaw?

    http://www.dailytech.com/Sneaky+Troj...ticle21018.htm
  • Reply 33 of 94
    magicjmagicj Posts: 406member
    Word on what this malware actually does would be nice.
  • Reply 34 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Gatorguy View Post


    What you may not understand is this is exactly the same situation on a Windows machine. The malware doesn't load itself. It requires your acceptance.



    I was wondering, are there any cases of Macs being infected by software that doesn't require the user to give permission for it to install?
  • Reply 35 of 94
    gatorguygatorguy Posts: 24,176member
    See the links in post 24 and 26
  • Reply 36 of 94
    banchobancho Posts: 1,517member
    Quote:
    Originally Posted by magicj View Post


    I was wondering, are there any cases of Macs being infected by software that doesn't require the user to give permission for it to install?



    No, there aren't.
  • Reply 37 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Gatorguy View Post


    See the links in post 24 and 26



    Looked through those and it seemed like those users gave permission for the software to install. Did I miss something?
  • Reply 38 of 94
    gatorguygatorguy Posts: 24,176member
    Other than Safari security flaws used in drive-by attacks at a security conference I haven't seen mention of any in the wild. But I can't say as I've seen mention of one on a Windows7 platform either. Do a websearch. No idea.
  • Reply 39 of 94
    gatorguygatorguy Posts: 24,176member
    Quote:
    Originally Posted by magicj View Post


    Looked through those and it seemed like those users gave permission for the software to install. Did I miss something?



    No you didn't. As I posted earlier, this malware requires the same user intervention that it would on a Win7 machine. It's the same way Windows users get malware. IMO you should take the same precautions. But that's a personal choice.
  • Reply 40 of 94
    magicjmagicj Posts: 406member
    Quote:
    Originally Posted by Gatorguy View Post


    Other than Safari security flaws used in drive-by attacks at a security conference I haven't seen mention of any in the wild. But I can't say as I've seen mention of one on a Windows7 platform either. Do a websearch. No idea.



    Ok. I'm not personally too concerned about the situation on Windows, and wasn't trying to enter the "PCs vs Macs" debate. I was just checking the Mac situation.
Sign In or Register to comment.