OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

The unchecked growth of Mac adware

Posted on August 18th, 2014 at 2:40 PM EDT

Adware was unheard of on the Mac just a couple years ago. The first Mac adware appeared in 2012, and it was the only one to appear that year. Since then, adware has seen an exponential rise that promises to bring the Mac down to the same state as Windows, where adware infections are very common. Most people just want to know how to get rid of adware, but the questions we need to be asking are what is causing this sudden growth, and why is it being allowed to grow unchecked?
Read the rest of this entry »

58 Comments

Time to re-evaluate safety of Mac OS X

Posted on March 5th, 2014 at 11:07 AM EDT

My Mac Malware Guide has, for some time, made the claim that a properly up-to-date Mac OS X system cannot be infected by any known malware. This was true at one point, with some provisos, when that text was originally written. However, recent cases of malware that has failed to be blocked by the XProtect anti-malware system in Mac OS X prompted me to do a re-evaluation of this statement. What I found was profoundly disappointing, leaving me wishing that I could take those words back.
Read the rest of this entry »

9 Comments

New CoinThief malware discovered

Posted on February 10th, 2014 at 10:32 AM EDT

A new Mac trojan, named OSX/CoinThief.A by SecureMac, has been discovered. This malware is designed to steal Bitcoins from infected machines, and is disguised as an app intended to be used for sending and receiving Bitcoin payments. Although the average user is not likely to be affected by this, it has cost at least one user around $12,000 in lost Bitcoins, according to SecureMac.
Read the rest of this entry »

1 Comment

How does your Mac NOT protect you?

Posted on October 25th, 2013 at 11:33 AM EDT

I spend a lot of time telling people about how their Mac protect them from malware. I have even written an entire section on the topic in my Mac Malware Guide. So it may be a bit surprising that I seem to be suddenly turning around and saying the opposite.  That’s not the case, though. The Mac still protects you just as I have said… but it’s also important to keep in mind where the holes in those defenses are. Just as a house isn’t secure if the owner is unaware that the back door is unlocked, neither is a Mac safe if the owner isn’t aware of the holes in its security.
Read the rest of this entry »

10 Comments

Invisible malware

Posted on October 15th, 2013 at 11:08 AM EDT

There has been a bit of talk in the security industry about a recent blog post by Daniel Pistelli, who reported on a technique that could be used to create what some are calling “invisible” malware. This technique does represent a bit of a problem to the anti-virus industry. However, it’s important to understand the full context of how Mac OS X protects against malware, and to recognize that this technique means very little to Mac users in the current malware climate.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

New Mac malware discovered: OSX/Leverage

Posted on September 17th, 2013 at 5:21 PM EDT

Intego announced the discovery of a new trojan today, which they are calling OSX/Leverage. According to Intego’s observations, it would appear that this malware has some association with the Syrian Electronic Army. What is still unknown is exactly what its goal is, who it is being sent to and how. Like other similar malware that has appeared recently, though, it’s probably being used in targeted attacks on specific individuals or groups.
Read the rest of this entry »

9 Comments

New signed malware called Janicab

Posted on July 15th, 2013 at 2:27 PM EDT

F-Secure announced the discovery today of a new trojan, which they have named Janicab. This malware makes use of a familiar old trick – disguising an application as a document to trick the user into opening it – but applies a couple newer twists. At this time, the built in defenses in Mac OS X will allow this trojan to run without much in the way of warnings, so users are advised to be on their guard.
Read the rest of this entry »

11 Comments

Proof-of-concept Mac OS X virus announced

Posted on June 4th, 2013 at 3:41 PM EDT

In 2006, a malware researcher going by the name JPanic created a proof-of-concept virus capable of infecting Windows and Linux machines called Capzloq Tekniq. JPanic has now updated this proof-of-concept, and as part of the update, it is now capable of infecting Macs.
Read the rest of this entry »

7 Comments

New Mac spyware found at freedom conference

Posted on May 17th, 2013 at 6:42 AM EDT

F-Secure announced yesterday the discovery of a new piece of Mac malware, which was discovered at the annual Oslo Freedom Forum on a freedom of speech activist’s computer. This malware, which they are calling OSX/KitM.A, appears to take screenshots about every 20 seconds, and presumably (though they did not say this outright) uploads them to a remote server. Most interestingly, this malware is signed with an Apple Developer ID!
Read the rest of this entry »

14 Comments

What is Gatekeeper?

Posted on March 18th, 2013 at 12:57 PM EDT

With the recent news coverage of the Pintsized malware, which infected high-profile targets like Facebook, Apple and Microsoft, much has been said in passing about Gatekeeper. Specifically, a number of news reports have mentioned how Pintsized was able to get past Gatekeeper. Unfortunately, these reports have mentioned this fact without any real understanding of what it means, and this has left many Mac users concerned. Although there is an important message hidden in that information, it’s not as dire as it sounds in a news blurb. So, what exactly is Gatekeeper, and what do we need to know about it?
Read the rest of this entry »

5 Comments