Even Apple had to admit it: Mac Defender is real malware for the Mac.

Originally published 05/25/2011 at lubbockonline.com

 

Mac now has real malware. First announced May 2nd by Intego, it's similar to numerous fake anti-virus and anti-malware programs on the Windows side. As far as danger, it's a standard scam to get your credit card number and other identifying information. Unlike some other trojan software it doesn't do anything to your computer or the data on it.

 

Apple spent 3 weeks seemingly ignoring the problem, but on Monday they added a knowledgebase article on avoiding or removing the malware. They are also preparing an OS update that will explicitly warn if a user downloads Mac Defender or one of it's variants. They haven't said what versions of Mac OS will be getting the update, but hopefully they will cover all the affected OS's, not just OS X 10.5 and 10.6.

Warning a user that they're downloading malware is all well and good, but as time goes on and the list of malware grows that could become pretty unwieldy. Hopefully now that there is a piece of malware for OS X that is real, widespread, and effective at what it does Apple will pay more attention to the reality that, like all other software, OS X is not bulletproof and needs serious attention paid to security.

Welcome to the world of dangerous malware, OS X

We have another piece of malware for MacOS X. Once again, it had a few moments of fame, but is a dud because it doesn't actually do anything. But there is a difference this time, and that difference makes OSX/Koobface.A potentially a serious threat to Mac users.

Until now all of the malware created for OS X has been distributed through relatively limited channels. Compared to Facebook and Twitter, extremely limited channels. A few porn sites and a couple of infected pirated programs add up to next to no traction for Mac malware. But a variant of a successful Windows trojan written in Java so it attacks all the major computing platforms and spreads through Facebook and/or Twitter and you have malware gold. The only thing that prevented a major outbreak of MacOS malware was what appears to be a bug in the malware that prevents it from downloading the files that would infect the computer.

This piece of malware suffers from the same weakness any Mac malware has - the user has to ok the install. You hope that Mac users wouldn't be that careless, but the truth is Mac users are people, and a lot of people hit those dialogs without thinking.

With somewhere around 600,000,000 users on Facebook there should be about 60,000,000 Mac users. If only 10% of them allowed the trojan to be installed that would be 6 MILLION infected Mac's. Plus all the infected Windows computers since it's a cross platform piece of malware. All it will take is a bug fix and OSX/Koobface.A will be the first successful piece of OS X malware.

But even if it does get fixed you and I don't have to be victims. Don't click on links posted to your wall or twitter feed without verifying their authenticity. Don't authorize any installations that you don't initiate yourself.

It always feels like there should be a third item in the list. But those two will probably be enough. Until someone finds and uses an OS X exploit that allows privilege escalation.

If you want more details about all the things OSX/Koobface.A will do once it's fixed, check out Intego's writeup.

Mac OS X Trojan - real, but broken

It's the real deal, but broken, so it's mostly harmless for now. But when I say broken, I mean fixable. So at any moment it may become dangerous. If you receive an update saying something to the affect of:

 

Are you in this video?

 

Don't click on it.

This is a variant of the koobface trojan written in java. That means it will also affect Windows and *nix variants.

Yes, fellow Apple fans, we've now seen a how a real, potentially serious trojan for OS X can be done.