Mac’s Aren’t Virus Free

Mac Viruses Increased Over 700% Last Year

According to the latest McAfee Labs Threats Report, macOS malware increased by 744% in 2016, with approximately 460,000 cases detected. In that context by itself, the figure is quite alarming. But upon delving deeper, macOS users need not be too concerned because there’s more to that number than meets the eye.

Mac Viruses

For starters, 460,000 is almost insignificant compared with the number of malware detected on Windows machines and devices; a number reaching into the hundreds of millions. Also, most of the macOS malware discovered resulted mainly from adware bundling. Meaning, Mac users were mostly just inconvenienced or irritated because their machines became exposed to ads. In terms of the machine itself, however, there was hardly any risk or danger involved at all. As your computer repair specialists in Billings, however, we want you to be safe with your devices.


Are all Mac viruses harmless?

The short answer: of course, not. While most of those detected were, there are also Mac malware that are truly harmful. For instance, there’s the Fruitfly malware that targeted Macs being used in biomedical research institutions. There’s also Word macro. Last year, there was the KeRanger malware. And last January, attackers hijacked Safari and the Apple Mail app, causing infected machines to crash.

More recently, researchers have come across what could be the first ever wide scale attack exclusively targeting Mac users: a malware dubbed OSX/Dok.


What is OSX/Dok and what does it do?

OSX/Dok is an undetectable malware that infects all versions of OS X and macOS. Why undetectable? Because it’s signed with a valid Apple developer certificate, which makes it invisible to majority of antivirus software and allows it to bypass Apples’s Gatekeeper security feature.

According to the Malware Research team of digital security company Check Point, OSX/Dok is mostly targeting macOS users in Europe and is being distributed through an email phishing campaign.

An example cited was a phishing email sent to a Mac user in Germany. The message reportedly prompts users to review inconsistencies in their tax returns, baiting them into running a malicious ZIP file.

IT Services in Billings

Once the malware is installed, it creates a pop-up window claiming it has discovered a security issue in the operating system, then asks for the user’s password so the available update can be installed as a fix for the issue. Once the password is given, full administrative access is granted to the malware, which then gives it the ability to install other malicious software.  It also installs a new root certificate in the system that enables it to use the Man in The Middle (MiTM) attack, impersonating any website the user attempts to browse, thereby allowing the attacker to read the user’s traffic and manipulate it as they please.

Once done with its attack, the malware supposedly deletes itself, making it even harder to detect.


Are Mac users no longer safe from virus and malware attacks?

Not necessarily. Although it’s still true that Mac users are less vulnerable to malware attacks compared with other PC users, this certainty is waning as there are now malware attacks directed solely towards Mac users. And like the OSX/Dok malware has proven, in spite of its superior security feature, a Mac is no longer completely immune from malicious attacks.

The weakness of the OSX/Dok malware is in its use of a valid Apple dev certificate. Because Apple can simply revoke its certificate to keep it from spreading further and affecting more Mac users. The fact that it was able to successfully launch its attack still speaks volumes, though.

As attackers become more sophisticated with their techniques, maybe Mac users (and all other PC users for that matter) should just become more vigilant. At the very least, users should not indiscriminately click links or download attachment in emails or messages coming from unknown and untrusted sources. And regardless of how legitimate-looking a site may be, inputting your system’s root password should always be done with extreme caution.


iDoctor Removes Viruses

If you do happen to get a virus (or malware, or spyware) on your computer, bring it to iDoctor!  We can clean things up and get your computer running the way it is supposed to be running.  Call 406-534-2547 or 406-206-3437 for more details.