We’ve recently reported about a blackhat SEO campaign that targeted not only Windows users, but Mac users as well. It’s just a few weeks after that, but the role of Mac users as potential victims in the threat landscape has been increasingly established, as more and more threats targeting Mac users are being found.
FAKEAV for Mac
The first case that got the attention of the security industry was a rogue antivirus called Mac Defender, which is detected as OSX_FAKEDEF.M. The said malware reportedly affected a large number of Mac users. Other variants of rogue antivirus software made especially for Mac followed, bearing different names such as Mac Security (detected as OSX_FAKEAV.A) and MacProtector. One variant was even found spreading through Facebook (detected as OSX_DEFMA.B).
Mac Defender and its variants aren’t the first rogue antivirus seen targeting Mac users. In 2008, scareware applications called MacSweeper and iMunizator were seen, both having the same standard routines as any rogue antivirus.
This time around, however, it seems that the number of variants are increasing exponentially and affecting more and more users. As a course of action, Apple issued an update to their operating systems to prevent Mac Defender from executing.
Solution Strategy
According to Trend Micro Researcher Joey Costoya, the solution provided by Apple is not limited to MacDefender, but also covers Mac malware starting from 2009. However, “scanning technology” implemented by Apple can be easily circumvented, leaving Apple with the hard choice of either continuously updating its pattern file to cover the latest rogue antivirus affecting Mac, or admit the fact that they are now constantly targeted by these rogue antivirus, that Mac is not as secure as before, and their users are now reliant to traditional security vendors for security.
A large number of variants of this rogue antivirus were found in just a short period of time and this trend is predicted to continue. Mac is not malware-proof. Not only from FakeAV but also from backdoors like OSX_MUSMINIM.A. As my colleague Rik Ferguson commented, the Apple user base is largely unprepared, and their systems largely unprotected. This chain of events puts a large task for Apple to take upon, as the “invulnerability” of their system is being put to the test, and the security of their users on the line.
Leave a reply
