04.09.13

False security: Mac users are exposed.

Mac users have always been (and remain) safe for the most part as they use computers with an operating system immune to hacking and viruses, and rightly so, OSX is one of the most secure operating systems available on the market. But it was the security of Mac users and their immunity to viruses that expose them to attacks via social networks, phishing sites, and cross platform software like Java and Adobe Flash.

The simple fact repeats like a mantra in recent years that some viruses go out for a particular operating system depends on its popularity and nothing else. Economic viability in developing virus is the main cause that affects the amount of viruses coming out for an operating system. There is no bulletproof system.

Viruses attacking Mac have been around since the early 80’s. They infected mainly through floppy disks like viruses for MS-DOS at the time, and have evolved and proliferated during the 90’s mainly in macro vulnerabilities in Microsoft Office for Mac.

The OSX that came out for Mac in 2002, was a completely new operating system, and included strong encryption kernel and user permissions that made it a lot more secure, so I will not treat viruses of the past and concentrate on more meaningful viruses and attacks on OSX from recent years. With the return to life of Apple and its takeover of the smartphone and tablet market in the middle of the last decade, also started an exponential annual number raise of users of Mac’s computers and laptops.

The last time Apple announced publicly on the number of users on a Mac and OSX around the world was the summer of 2011, and it then was 66 million users. According to Apple introduction graph, we can assume a conservative estimate that the number of users on OSX currently has at least 80 million users, and those numbers do not escape the notice of hacker crime families engaged in the development of viruses and scams.

With a significant increase in the number of viruses for OSX in recent years, and the number of security updates releases by Apple each year, the company had to change last summer’s statement on its web site that “there is no viruses on OSX and Windows have a lot” to a more softened statement that “OSX helps keep you safe”.

Actually Apple refused over the years to allow security companies to develop anti-virus for Macs. Today, there are over 20 security software for OSX which has been approved by Apple.

With the increase in popularity, a Proof of concept released in 2004 that showed how you can infect OSX by using a MP3 impersonation and exploit a vulnerability in iTunes. That same year first malware for OSX was released called Opener AKA Renepo, allowing hackers to plant Shell Script that boots the system and neutralizes the firewall and the security of the operating system, allowing them to backdoor access and the option to download a variety of Spyware tools that can be used to crack and steal passwords and applications data.

You can see by the malware author’s statement that it is script based that does not contain an elements of Dropper or Injector designed to activate malware, a topic which has hackers concentrated since.

Authors of malware and hackers began to apply the methods of social engineering in 2006, when it first came out, the OSX worm called Leap spread itself through OSX built-in application called iChat Messanger Client, using a message “the earliest screenshots of Leopard Mac OSX 10.5 “. The pictures were actually attached to the message using Unix Executable Icon with JPG image. The worm used the Spotlight file search service to infect all files in the system.

In 2007 a malware called Jahalav AKA RSPlug was released, which was involved in phishing that was trying to steal passwords.

2008 brought other Mac malware trends that were usually found on the Windows operating system – The fake anti-virus software and software intimidation Rogue Scareware AKA iMunizator and MacSweeper.

2009 and 2010 released several families of Trojans and spyware designed to steal information and passwords, and allow backdoor access to the system. During those years, the common methods to infect the user was by asking to install a codec to watch videos on malicious sites, loopholes in JAVA and Adobe Flash and using of security holes in Microsoft Office for Mac.

2011 released a large number of families of malware and backdoor tools, most notable of which is the malware Fake Antivirus, which until today is the malware that apparently caught the largest number of Mac users, and is known for a variety of names that change with each version, the best known version is called MacDefender. The malware was distributed when it used fake search results to get users to the landing page that allows the attack. Its recent versions is known to infect OSX systems even if the user click Cancel or Remove All to close the browser, and even if the Force Quit option is used.

The malware that made most headlines in 2011 was Flashback, that infected more than 600,000 users by pretending to install Flash Player through a loophole in Java, enabling the download of additional malware components to the infected computer. However, its main action was a combination of adding the attacked computer to the biggest botnet of Mac known until today.
JAVA exploit number CVE-2012-0507 allowed malware to operate without the need of typing the administrator password or any other action by the user.

2012 brought more Malware, Trojan, Spyware and Backdoor directed against variations of Lion and Mountain Lion of OSX.
A new loophole was exposed in EFI Bios that exists in any Mac from recent years.

2013 started when Apple admitted that its Macs at the company headquarters were attacked by hackers and were infected with a virus, and other companies were hit as well. Virus used a loophole in JAVA, of course, and distributed itself in Apple’s case through the website developer for the iPhone. This was the largest corporate Mac attack until now, and clues indicated that the government of China was involved in the attack and that the aim was stealing data.

Another clue to the severity of the attack was unprecedented speed with which Oracle released a security update – Just a week after. The attack also caused Oracle to cancel their decision to stop releasing updates for Java 6 by the end of February.

The events of recent years show that Mac users cannot remain indifferent and must apply the concepts of information security that exist for many years for the PC users. But the situation on the ground is still the vast majority of Mac users are sure there are no viruses or any threats that may harm them. This situation makes them more vulnerable – despite the OSX operating system is very safe, there is still a significant number of viruses that could tempt users to allow them the permission and then can do damage just like in Windows. We also saw new viruses that do not require permissions or actions from the user. Number of viruses and threats for OSX is still negligible compared to Windows, but low awareness may cause much more wide distribution of each family of viruses.

What are the security recommendations for Mac users?
First and above all stay alert while surfing the web, social networks and emails, for anything suspicious – especially requests from applications to type the administrator password.
Disable Java on OSX and the built-in Safari browser, unless it is necessary to work.
Do not update Java, Flash or codec that appear in unfamiliar sites. Do this deliberately only on the official websites of the companies.
Install antivirus software and perform weekly scans.