Over the past year we have regularly covered new malware threats that have emerged for OS X, which included attacks like MacDefender, BlackHole RAT, Flashback, and Revir, among a number of others.While our coverage of these threats may make them appear significant, when looking at the overall Mac malware scene in review it's apparent that despite the increase in Mac malware prevalence, the threats for the Mac platform are still quite minimal. Additionally, data suggests Mac malware trends may not follow market share as many suspect it does.
When the MacDefender fake antivirus malware was making its rounds early last year, there was a daily cat-and-mouse game between the criminals developing the software and various malware detection companies, plus Apple with its XProtect routine that establishes its "Safe Downloads" list.
While MacDefender has been properly addressed and is no longer an issue, the latest cat-and-mouse game appears to be revolving around the recent Flashback malware that was found for OS X. Flashback is a Trojan horse that is distributed as a fake version of Adobe's Flash player program. When installed it will insert a payload … Read more
In the fight against malware, Apple's iOS outshines Android as a safer environment, but no mobile device is free from risk, says a new report from McAfee (PDF).
Apple has so far done a good job of securing its devices, according to the report, noting that there have been no known cases of malware affecting iPhones, at least those that haven't been jailbroken. One reason iOS is more secure is because Apple restricts the way users can download apps.
As with many modern operating systems, OS X is relatively difficult to infect with self-propagating malware attacks like viruses or worms, so malware developers have resorted to social engineering and trickery, with Trojan horse programs being the main mode of attack on home computer systems.
A Trojan horse is a piece of maliciously crafted software that is disguised as a legitimate software package, but which when installed by an unsuspecting user will corrupt files, break down system security measures, or send personal information to external servers among other malicious activity.
Malware generally is distributed via underground Web sites, though in … Read more
Malware targeted toward Android devices continues to surge, says a new report from McAfee, pushing 2011 to become the busiest year in history for both mobile and general malware.
The amount of malware infecting Android devices during the third quarter grew almost 37 percent from the second quarter, according to McAfee's Third-Quarter Threats Report (PDF). Android's growing demand among consumers has made it an increasingly ripe and inviting target for cybercriminals.
How inviting? Almost all new mobile malware over the third quarter was aimed squarely at Android. Legacy software being what it is, though, among all mobile platforms, … Read more
One of the latest trojan horse malware attempts on OS X is a bitcoin mining and data stealing bot called "DevilRobber" that uses the system's parallel processing capabilities of systems (the GPU and CPU) to run Bitcoin mining operations to rapidly generate Bitcoins (an experimental digital currency).
All malware is expected to be altered, refined, and otherwise updated, and recently security firm F-Secure has reported it found another variant of the DevilRobber Trojan roaming around pirated software networks.
The original DevilRobber was being distributed in pirated versions of the popular program Graphic Converter, and in similar form … Read more
Android tops the charts in mobile malware, largely due to the failure of Google's Android Market to properly review apps before they hit the marketplace, says a new report from Juniper Networks.
In a blog post yesterday, Juniper found that Android malware has soared 472 percent since this past July. In particular, October and November have seen the fastest rise in Android malware since Google unveiled its mobile platform, according to Juniper's Global Threat Center.
The number of Android malware samples collected in October rose 110 percent over September and 171 percent over those collected up to July. … Read more
Researchers have figured out one way the Stuxnet-like Duqu Trojan is infecting computers--via a Word document that exploits a previously unknown Windows kernel bug.
The installer file is a Microsoft Word document that exploits the kernel vulnerabilty, which allows code to be executed on the infected system, Symantec said in a post on its site. There may be other infection methods used by other Duqu variants that have not been uncovered yet, Kevin Haley, a director with Symantec Security Response, told CNET.
Microsoft is working on a fix, according to Jerry Bryant, group manager for response communications at Microsoft Trustworthy … Read more
Another day, another Trojan. The malware bot called "Tsunami" that has been developed for Linux systems since around 2002 has been found on OS X.
The malware (OSX/Tsunami.A) is a minimal threat, and like other Trojans and backdoors for OS X requires you to manually install it. While it is almost irrelevant to most users, it is out there and has the potential to cause harm for some.
The malware is an IRC bot, which is a program that connects to Internet Relay Chat (IRC) network servers and channels, where it can be controlled as a … Read more
The latest malware scam that has been found for OS X is a fairly obscure installer program that is being disguised as an Adobe Flash Player installer. It was first discovered in late September.
This Trojan horse is a minimal threat. It works by installing a payload executable file on the system and then configures environmental variables on the system so that the payload will be launched when certain applications are opened. The payload then communicates with a remote server in an apparent attempt to steal personal information.
The initial version of the malware installed the payload in various locations … Read more