– Man holding Mac courtesy of Shutterstock –
There isn’t a lot of Mac malware.
Most cybercrooks, we have to assume, are making so much money from infected Windows computers that they haven’t had to worry about supporting other platforms, such as OS X.
But that’s only most, not all cybercrooks.
Mac malware does indeed exist, and it should be no surprise that Mac crooks have a similar MO (modus operandi) to their counterparts in Windows-based cybercrime.
Here are some examples we’ve seen over the years where the Windows malware “playbook” has been followed, in some cases extremely effectively, on OS X:
- 2012: Java-based exploit. The Flashback malware was injected onto your Mac via an unpatched Java bug. Flashback was a bot, or zombie, meaning that crooks could remotely send it instructions to help them commit further cybercrime. Estimates suggest that more than 600,000 Macs ended up infected, supposedly including “274 from Cupertino.”
- 2013: Word-based exploit. SophosLabs reported on attackers using an exploitable bug in Microsoft Word for Mac to target Chinese minority groups. If you opened a booby-trapped document, disguised as some sort of political commentary, the crooks got control of your Mac via zombie malware called OSX/Agent-AADL.
- 2014: Fake “undelivered item” documents. If you opened the bogus PDF file, really an application in disguise, you could end up infected with a data-stealing Trojan called OSX/LaoShu-A. Amongst other things, this one would find files such as documents, spreadsheets, presentations and archives…and send them to the crooks.
Researchers at BAE just reported on a Mac bot known as OSX/Agent-ANTU that was allegedly distributed in a novel way.
The crooks used a security hole in a controversial Mac security and cleanup utility called MacKeeper.
MacKeeper quickly patched the hole after it became known, but until you received the update you were at risk of a Remote Code Execution (RCE) hole.
Unfortunately, according to BAE, some crooks struck while the iron was hot.
The crooks sent unpatched MacKeeper users to a web page that tricked their Macs into downloading the OSX/Agent-ANTU malware.
Ironically, the downloader used a fake malware report to justify any MacKeeper popup that might ask you for your administrative password, thus giving the malware system-wide powers.
As in the OSX/LaoShu case mentioned above, the malware included not only a downloader component to let the crooks install what they wanted, but also an upload function handy for stealing files.
What to do?
If you have MacKeeper, and intend to keep on using it, make sure it’s up-to-date.
Of course, if you don’t have MacKeeper, that alone doesn’t make you immune from infection by OSX/Agent-ANTU, or any other Mac malware, for that matter.
Also, don’t assume that Mac malware always needs an administrator prompt before it can do anything harmful.
Consider ransomware, for example: that sort of malware generally leaves your system files and applications well alone, even if it does have administrator access, so that you can still get online easily to pay the unscrambling fee.
But ransomware, while it’s running under your account, can nevertheless scramble all your data files – the ones that really matter!
So, if you haven’t yet crossed the bridge and become a Mac anti-virus user, now would be a good time to give it a go.
Sophos Anti-Virus for Mac Home Edition
Want to keep an eye out for malware, however the crooks deliver it, and to avoid other threats to your beloved Mac?
Sophos Anti-Virus for Mac Home Edition is 100% free (email address required), with no expiry and no time limit on updates.
Sophos for Mac stops threats for Windows too, so it also protects non-Mac users you share files with.
Choose from blocking viruses in real time (on-access virus prevention), scanning at scheduled times, or running a check whenever you want.
9 comments on “Security hole in MacKeeper used to shove malware onto Macs”
I keep downloading it and the removing it. Half the time it never gets thru scanning my files or it “messes” up my computer. Apple suggested that I uninstall it. I hate being without an antivirus but it just doesn’t do work right on my iMac (mid 2013) or my Mac mini (mid 2011). Nor did it on my mid 2007 iMac.
If you want an anti-virus, why not try Sophos? The link is above and it’s free.
Have used Sophos off and on for yrs. Gave it up and am now using Norton. I have a Mac. Sophos wasn’t reliable for me.
Interesting that all the exploits mentioned were problems with 3rd party software. Nothing mentioned was a OS X security hole per se.
Most (but not all) exploits on any platform target third party software that’s likely to be on your system. It makes the attack harder to defend against, and as with the MacKeeper issue, it makes the odd behaviour more plausible, should you discover it.
Bundled software (such as Java and Adobe products) tend to be especially popular targets.
MacKeeper is not a virus.yes,my mac don’t infected.
Just get Avast. Who the hell uses MacKreeper anyway?
I have Mackeeper and i like so i use for a long time 3 years and never have a problem. It´s not Vírus !!!
The more you say it isn’t a virus they more inclined I am to think that MacKeeper is a virus.