Mac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X.
Despite the growth of Mac malware in the last 12 months, many users are still not protecting themselves from the threat. This is despite there now being industrial-strength free Mac anti-virus software available.
Our friends at F-Secure blogged today that they had noticed a new variant of the Flashback backdoor Trojan – which poses as an update to Adobe Flash – disables XProtect.
XProtect isn’t really comparable to a real anti-virus product on your Mac, but it does provide a limited amount of protection.
The fact that Mac malware is now being written to prevent XProtect from updating itself with new security definitions underlines that cybercriminals are keen to infect Apple computers because of the potential financial rewards.
The good news is that Sophos’s Mac anti-virus products (including our free anti-virus for Mac home users) has been detecting the malware as a member of the OSX/FlshPlyr malware family since October 12th.
The SHA1 checksum for this Mac malware sample is 627813f62ed32dfe083df8e6b04ad5b28300912d.
Update: An earlier version of this article claimed that Mac OS X’s built-in virus protection was not detecting this malware. We are happy to confirm that our test results were incorrect, and Mac OS X can detect this malware when downloaded. Read this article for more insight as to the differences between XProtect and a full anti-virus product.
Clearly the Mac malware authors are not resting on their laurels. Maybe if you have a Mac you shouldn’t be too laid back about the genuine threat that exists also?
If you need any further convincing – maybe you should check out our short history of Mac malware (which, after today, needs updating.. sigh).
15 comments on “Mac malware evolves – time for Apple users to wake up”
No matter what OS one has, installing an anti-virus program is important. Although Windows will continue to have a larger share of viruses, Macs also can have them. With cross-platform trojans and viruses on the rise, people need to be more vigilant as ever to protect their systems. People also need to be careful of where they go and what they download. Going to torrent sites and file sharing sites are places where you can get infected, and and even certain website can also have files that have a trojan hidden on them. Avoid going to torrent sites and file sharing sites, because you’ll never know what you’re getting. The keygen programs also have a virus hidden, so think twice before torrenting. Obtain software only from reputable sources and as for Flash, go to Adobe.com and download from there. However, some Mac viruses require physical access to the machine, and if the user took steps to make to lock out the system, then the chances of infection is null.
I always had an AV on my Mac but moved to Sophos AV for Mac about a year ago when I started reading the Naked Security blog. I was impressed that it also detected Windows malware on my MacBook Pro that I knowingly had for admin tasks and troubleshooting.
There is no safe OS… Not Windows, not Linux, not Unix, not Mac OS X, no one… it’s all a matter of:
1) How spread and what market share an OS has (to be under the spotlight of the bad guys)
2) User behaviour – you can add whatever protection to a computer, at the end, it’s the user’s action that will count (click on an improper link, enter an improper website, share his password with someone, click ‘Ok’/’Next’/’Yes’/Go-ahead-don’t-bother-me type of messages and so on). The more you add protection and security, the more you jail the person, to the point he/she can’t do anything…
Problem is deeper… great consciousness and security education has to be promoted… more and more non-savvy people are using computers…
I agree with all Jon said above.
Any chance you can do a comparison on the CPU cycles and memory usage of this Trojan compared to your AV product? At this point, I'm not sure which to pump for…
I think it's unfair that Mac users get Sophos AV for free. I like Sophos as I've been following the Naked Security blog, right back till it was just the 3 or 4 seperate blogs by Graham et all, yet I choose to run Windows and have to pay if I want Sophos protection.
Unless I am missing something major here, why can a PC user not get a free AV as well? I trust Sophos more than I do AVG….
An envious heart is a sure path to unhappiness. If you're happy with Sophos AV, then isn't that enough? How does it benefit you to make yourself UNhappy because of someone else's good fortune? How would it benefit you in any way whatsoever if Mac users had to pay for Sophos AV?
For what it's worth, I would gladly pay for Sophos Anti-Virus for Mac. Nevertheless, I don't think it's the least bit unfair to me or anyone else that it's free. After all, I have become a Sophos advocate as a result, promoting their software and the NakedSecurity blog to everyone I know.
That seems like pretty smart marketing to me, and I'd prefer to use the products of a smart company rather than a boneheaded one. What's more, it's a perfect example of free enterprise at its finest—a win-win relationship in which an enlightened producer assumes responsibility for educating its customers.
Besides, Sophos AV for Mac is free to YOU as well. The fact that you're not using a system that can run it is YOUR choice, not Sophos'.
Once Mac's start seeing worms, 100% automated, no interaction (download, webpage accessed, email linked, etc) beyond being connected to a network required, type of viruses…. then I will consider running a 3rd party antivirus on my Mac.
However for the basic users that aren't savvy (or experienced) enough to be safe with selecting their downloads (eg. my grandparents or ones shared with youth), I would consider installing an antivirus on their Mac.
I thank God that the company Sophos created Sophos AV for Macs. This is a great company that knows what they are doing and they also have this great security blog that is very informative and has entries every day. Graham knows what he is talking about and I find his entries here everyday very informative.
Keep up the good work Sophos.
Keep up the good work Graham.
You and this company are providing an important service to us Mac users and are doing your best to keep us safe from potential danger out there on the web.
Thank you Sophos and Graham.
This is the first time since I've been using macs (since 1994) that a successful attack has been launched on my machine. In spite of statements to the contrary, this Adobe flashback-c does look like a geniune upgrade and only a gut instinct kept me from downloading it. (Ithink) But I'm still not sure if I did download it by mistake. Since then, I installed the OS Lion 10.7.2 upgrade and I am wondering if that upgrade took care of this flashback-c or not. Anyone know?
Since I recently got a Macintosh, I'm glad to see Sophos keeping up with the articles about computer security. Am I happy the antivirus is free for my Mac? Yes. Yet I still own a windows PC so I'm still stumped as to how Apple got theirs free when Windows couldn't.
You can get AVG Free for Windows.
I find AVG to be too much of a resource hog now… it was good once. I switched some time back to Avast and have been pleased with it. I have a Mac as well and was happy to find that Sophos has a solution for that. That it is free is a bonus and I thank them.
While I would welcome a free Windows antivirus product from Sophos, I don't expect one. There are a number of free offerings for the platform.
I'm happy with what they have done: they recognized a need for the Mac platform and stepped up to the plate & provided a solution and I commend them for that.
It's funny, I see posts like this rather often, but yet when I talk to Mac people, they are offended when I advise them to get some sort of Anti-Virus, or Malware protection. I work in Tech support for a small ISP, so we frequently have to deal with people getting viruses, and I have even seen a few infected Macs, but people never believe me when I tell them, they get angry, telling me that "I have a Mac, I CAN'T get viruses!" While it is true that there are far less viruses, and malware for the Mac, that doesn't mean they aren't out there, and I wish more people would wake up to that fact.
The ignorant ones get offended because you are telling them to do some thing they feel they don't need to do. The one who know better get offend because you assumed they were in the first group.
No unprotected system is safe from trojans because they exploit the system's greatest weakness, the user. This has been true from day one. This is what make the title of the article so erroneous. It is not a malware evolution it the same old problem in a new wrapper.
Beyond that most AV software is pretty reactive; it usually depends on predetermined definitions to detect, prevent, and/correct issues. This means by the time you have the definition it's already has had a small window to infect you and you'll be cleaning up if it did anyway. This does not mean leave said window open but at the same time take any sensationalist articles designed to sell software with a grain of salt.
I personally layer my protection. I use some common sense dealing in with downloading and installing stuff (going directly to a trusted source paying attention to things like "does the installer look right"), having regularly updated AV and security software that works well (preferably something that doesn't hog resources or cost a lot of money). To be honest my primary reason for doing so is that I'm more concerned about my Mac setup being a carrier of malware to my Windows setup but I also do it because it's good policy and protects the Mac as well.
They might get angry because the fact is there are currently NO Mac viruses for OSX in the wild. There's a few trojan/scam malware examples around which require Mac users to install them, either thru scare (popup) screens on certain sites, telling them their computer is infected or by being maliciously bundled within pirated software. However, trojans are not viruses. That said, it's cool to feel doubly-safe, especially after experiences with previous Windows OS's. User common sense has always been a handy tool to have and is not platform-specific.