Apple – Listen to Us, Before It’s Too Late!

Which is better – Mac or PC?

By now the eternal debate will have come on to the radars of even the most non-geeky types, and those who still don’t have a position on it – normally a passionate and unwavering one – are fast becoming extinct. Last week of course the ongoing debate was seriously influenced by news of the Flashfake botnet for Mac OS X. It seems that cybercriminals are now joining the large numbers of users migrating from PC to Mac…

Why/what/who/how? Read on…

Unidentified cyber-dastards (we have some ideas as to who exactly, but that’s a subject for another time) have realized the potential of Mac computers – that is, in attacking them with malware – and consider the Mac market share now sufficiently large to warrant the hard work involved in creation of a “real” for-Mac Trojan. And in testing the results of their recent efforts they managed to infect around 700,000 Macs. In fact, these scoundrels have come up with a whole family of Flashfake Mac-Trojans, whose members closely resemble one another:

  • The latest versions of the Trojans infect Macs via a Java vulnerability. Malware is then installed on the system without the need for any user input, i.e., unnoticeably (practically in the same way as is done with Windows Trojans);
  • Luckily for Mac users – for now – the Trojan so far hasn’t done anything all that terrible. Instead, the incident resembles more a malware technologies’ training session – the test-drive of a malware-prototype – than a genuine full-blown attack with awful consequences. Ominous is the fact that the malware is able to upgrade itself: the functionality of the Trojan can suddenly and considerably change;
  • Nevertheless, we have already observed that there are various sophisticated features contained in the Trojan, for example use of “inject code” – found in the more advanced Win-Trojans;
  • And again, as many as 700,000 Macs have been infected. That’s quite a quantity. By far not every Win-Trojan achieves such a high number of infections.

And so it has come to pass: In April 2012 the world of operating systems underwent a fundamental change – Macs proved themselves to be not as invincible as normally made out.

But this has long been expected. It’s been discussed already for many years – a “quiet” infection and a global Mac-malware epidemic.

How is it technically possible?

Because, in terms of security, Mac OS X actually differs little from Windows. That surprise some of you? The differences come in the “innards” of the two systems – but those don’t matter all that much from the security point of view.

Why have there been no serious outbreaks earlier?

Because the cyber-villains are like a lot of folks – lazy if left to their own devices (pun not intended!). They also need some time to get up to speed. But that’s what they’ve finally got round to doing. The result is that Mac OS X has become the center of attention for many a cyber-criminal, and Apple has thus got a bit (lot) of a situation on its hands.

And there’s no use (Apple and the Apple users’ community) harping on about superior OS architecture in the form of admin privileges/root access, or about the tried, tested and super-secure App Store, either. Neither helped out when it came to Flashfake, after all.

What we have to remember is that in any software there will be vulnerabilities. And those vulnerabilities eventually being exploited for criminal ends is a just a question of time, or, looking at it another way, a matter of market share. Cybercrime is a business. And business always follows the money – to where it’s easiest to make. Simple. Business will hardly find something with just a two to three per cent market share interesting. But five to seven per cent – for Mac OS X – and it’s already worth taking notice of. Indeed, it looks like this new increased market share represents the reaching of a critical mass, persuading the cyber-baddies to put some effort into attacking Macs.

How come hundreds of thousands of Macs were infected all at once?

Because the majority of users of Macs believe that their cherished Apple computers are totally infallible, immune to ill-intentioned penetration, and so simply don’t bother with anti-malware software.

But if you dig deeper, the reason for the Flashfake epidemic is hardly down to the naivety or slackness of Mac users. Apple itself for many years now has been cloaking users in a false sense of security concerning Mac OS (I think just about everyone has seen this series of vids). All this time Apple has ignored the oft-repeated warnings of IT security experts and continued to pull the wool over its customers’ eyes. I get the impression that even Apple itself started believing its own hype that its comps are invulnerable. And in the wake of Flashfake I think it’s still in shock and can’t really take in what’s happened. What else could explain why Apple didn’t patch the critical vulnerability for two months? Or why Apple released its removal tool a week after AV vendors did? Or why it stayed mostly silent on the issue?

Anyway, after years of repeating the “Macs are safe” mantra, it’s no surprise that we get the following dismal picture:

// I think that in actual fact the situation is a lot worse – antivirus is installed on just three to five per cent of Macs – even after the Flashfake outbreak. Maybe it will grow this week?…

What bad stuff can we expect further?

The Flashfake outbreak is a signal – no, a (3-D!) Titanic-scale foghorn blast – to all members of the malware underground: “Yo, homies, here we’ve got 100 million naive users with Macs with holes in. Get to work!” I wouldn’t be surprised if hackers all around the world have already dashed off to the nearest Apple Store to get their grubby hands on some hardware and to hastily master its intricacies to come up with some malware for it. It’s very likely that soon there’ll be another unpleasant surprise for Mac owners, and thereafter such “surprises” will become the norm, much like the situation’s been for years with Windows. In fact, there’s already an example of this: just over a week since the Flashfake botnet discovery we’ve detected SabPub – a new Mac-Trojan that’s in the wild and being used in targeted attacks. Again, several vulnerabilities were exploited to infect Macs.

Overall, I’d say it’s possible to only guess at what’s really happening on the malware underground as concerns Macs at the mo. But what can’t be ruled out is that Flashfake could be just one of many Mac-botnets in existence; after all, Flashfake was uncovered only by chance. So what else is out there? I wouldn’t be surprised if soon some new “shocking details” will come to the surface…

And now I think is the perfect time to mention the younger brother of Mac OS X – iOS. And here it’s, like, totally – achtung, achtung!

With its iOS, Apple is continuing its hoodwinking policy as regards the invincibility of the platform. But unlike Mac OS, for iOS it’s impossible to develop anti-malware software! Yes, Apple gives third-party developers only a very limited, cut-down version of its software development kit, which in principle doesn’t permit protection against malware. And of course this is done “in the interests of security”. Paradoxical? You bet.

So, iOS:

First, Windows, Mac OS, iOS – it’s all software. Software written by human beings. Humans are known to make mistakes (and for something as sophisticated as an operating system, the likelihood of mistakes is 100%) and code vulnerabilities.

Second, around 300 million (!) devices like iPads and iPhones run on iOS. This is like flies to… you know :) Put decently, for the malware underground this number of users has massive rogue-business potential.

Third, when an epidemic occurs (and one will occur), the AV industry won’t be able to help in any way whatsoever! Even Apple won’t be able to help itself – infected devices may end up simply blocked, and the only solution could be to buy a new iPhone/iPad/iPod, or a total wipe with subsequent reinstallation of everything – everything recoverable, that is. But even that won’t be a panacea. So they’ll come up with a new operating system. Then what? Without protection, devices will always become vulnerable sooner or later and get Trojanized again and again! Actually, it’s likely that other, more dramatic scenarios will play out, but they’re not suitable for publication. I don’t want to go giving ideas to the cyber bad-guys.

I think it’s crystal clear that Apple needs to change its approach to the security of its operating systems, especially iOS. To continue with talk of invulnerability and ignore the problem at hand (Mac-malware) may be fatal for the company. It can only be prevented by Apple finally opening up and taking advice! All it has to do is ask!

P.S.: Who has a Mac and still isn’t aware – quickly get yourselves here for a check-up, and here to be cured (zip).

Comments 13 Leave a note

    Howard Almond

    This is all very true. Mac OS has been a safe haven for a long time, but has now reached a critical mass I guess. Of as much concern is iOS used on the iPad and iPhone, where there are a lot more users, and a high degree of vulnerability. Same goes though for Android.
    There is no easy answer.. but I’d hate to have antivirus programs running on mobile devices… there needs to be a radically different approach.


    “Same goes though for Android.”

    Except that I can (and do) run protection software on my Android device.


    The free security program for android runs in the background and is as unnoticeable as av /am is on any normal computer. It also allows for remote data wipe, and alarm if the phone is lost of stolen.

    Simon Edwards

    And as the bad guys queue up to buy new hardware, for research purposes, they increase Apple’s market share further. It is a vicious circle.


    Na horyzoncie jakby możliwość totalnego wirusa?

    Attila Balazs

    Totally agree with you, Eugene. I would like to add one notice only, as a long-time Mac user. Anti-virus program on the Mac should be totally MAC OS X like. Transparent, simplest for the user. One button (it is on or off), and everything else should be done in the background. Off must be mean OFF (no still loaded AV or Firewall module remaining in the memory). Without popups, without database is too old messages. If found something, cure in the background without any message if possible. Would be a good idea to scan realtime all Time Machine requests, to keep clean everytime the backups. Later the AV product is able to restore these clean files if something is infected.
    The biggest difference between Windows and Mac, that if i open a Mac, i never get operating system and program popups and bubbles into my face, i can work immediately without these frustrating notices. Who first presents this interface, will win the Mac users sympathy, i think.


    Off should not mean OFF. Firewall should be running always. Why would you stop sending notifications like ‘Database is too old’, they should just follow the instructions of the program if they don’t want to be vulnerable.


    What’s the problem of Mac users? Too lazy to click some buttons? The firewall should always be running. Notifications like ‘Database is too old’ should remain. Just follow the instructions of the program if you don’t want to be vulnerable.


    might suggest that java is (and has been) a vulnerability on mac AND windows and was used to exploit for flashfake. i remove viruses for customers and java viruses have been the most common viruses for the last 6 months.

    any cross-platform technology becomes a target (much like adobe flash and reader). thus, the third-party software makers become the key downfall of any platform’s security.

    Attila Balazs

    No. This is the Windows approach. When i get “Database is too old” message, what can i do as the user? Connect my Machine to the internet? Or go to website, download manually the update files and install them? I will connect anyway my machine to the internet sometime, so this message is absolutely unnecessary. I don’t want to cherish my machine like a tamagochi, i want to use it. A good AV product should be transparent, do everything necessary in the background without user interaction and without messages. Especially on Mac, because on the Mac every software works this way.

    Attila Balazs

    Sorry Scott, this landed at bad place, i’d like to reply above! :)


    i dont like Mac OS or its PC or Laptop


    I don’t like A/V software and will avoid it as long as can. Back in the OS 9 days I used it and will use it again if it becomes necessary. Tonight I just had an unauthorized paypal transaction through Skype??? I suspect Skype is not encrypting the password and it may have been sniffed when I was at a public place. So many vulnerabilities!!!

Trackbacks 20

Some more general Apple security links « Mac Virus

Apple – Listen to Us, Before It’s Too Late! | Nota Bene – Computer Care

Neuer Mac-Trojaner: Statt dem Dadei Lama kommt der Bot-Spion | Der Computer-Oiger

Första angreppet mot Apple! Måste läsa! – Experts in Sales Outsourcing – Market Partner

Nu är det första större angreppet mot Mac ett faktum. – Experts in Sales Outsourcing – Market Partner

Utenti Apple nuovo obiettivo per il malware secondo Kaspersky – Linked Informatic

E dopo Flashback arriva Sabpab, Mac OS X sotto attacco » TechArena

Flashback Trojan Reduced to 140,000 Mac OS X Infections – Social Barrel

Kaspersky voorspelt doemscenario’s voor iOS | Tech-nieuws

When Will Apple ‘Get’ Security Religion? | Nota Bene

Doing The Homework. | Nota Bene

Quando Apple “adotterà” il culto della sicurezza? | Nota Bene

Quando é que a Apple vai levar a segurança a sério? | Nota Bene

¿Cuándo Apple Tendrá su Religión para la Seguridad? | Nota Bene

暗黒面のサイバー関連ニュース – 2014年6月30日付 | Nota Bene | Eugene Kaspersky Official Blog in Japanese

Ewolucja szkodliwego oprogramowania dla systemów OS X | Używamy słów, by uratować świat | Oficjalny blog Kaspersky Lab

Evolución del malware para OS X | Nota Bene | El blog oficial de Eugene Kaspersky en español

Mac OS Xマルウェアの進化 | Nota Bene | Eugene Kaspersky Official Blog in Japanese

Evoluciona el Malware en Mac OS X | Nota Bene | NOTAS, COMENTARIOS Y OPINIONES de Eugene Kaspersky – BLOG OFICIAL

L’évolution des malwares sous OS X | Nota Bene | Le blog officiel de Eugène Kaspersky en français.

Leave a note