We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Apple cracks down on adware

Posted on February 13th, 2015 at 7:25 AM EST

Apple has used the XProtect anti-malware protection in Mac OS X to block a few pieces of adware in the past. Yesterday, they cracked down on adware again, adding a slew of new items to XProtect’s signatures, used for identifying and blocking malicious apps. Three are updated signatures, while one is for adware never before blocked by XProtect.
Read the rest of this entry »


Downlite adware blocked by Apple

Posted on November 21st, 2014 at 7:24 AM EST

Macs infected with the Downlite adware have been prevented from accessing my AdwareMedic site and portions of The Safe Mac for several weeks now. (See Adware blocking AdwareMedic downloads!.) This appears to have been done in an attempt to prevent people from removing this adware from their Macs. Fortunately, this also may have led to Downlite’s demise: it is now identified as malware by Apple!
Read the rest of this entry »


The unchecked growth of Mac adware

Posted on August 18th, 2014 at 2:40 PM EDT

Adware was unheard of on the Mac just a couple years ago. The first Mac adware appeared in 2012, and it was the only one to appear that year. Since then, adware has seen an exponential rise that promises to bring the Mac down to the same state as Windows, where adware infections are very common. Most people just want to know how to get rid of adware, but the questions we need to be asking are what is causing this sudden growth, and why is it being allowed to grow unchecked?
Read the rest of this entry »


New NetWeird variants added to XProtect

Posted on March 28th, 2014 at 9:42 PM EDT

Yesterday, I wrote about some new NetWeird trojans that were not detected by XProtect. Less than 36 hours later, XProtect has been updated to version 2047, and now blocks those samples.
Read the rest of this entry »


New NetWeird variant in the wild

Posted on March 27th, 2014 at 9:10 AM EDT

Since early February, I’ve seen several reports of a new variant of the NetWeird malware. In all cases, this malware was detected by Dr. Web, and was detected as Backdoor.Wirenet.2, as opposed to the earlier Wirenet.1 variant that first appeared back in 2012. It would appear that this malware is still in active development, and the news is bad on all fronts.
Read the rest of this entry »

1 Comment

Missing malware added to XProtect

Posted on March 14th, 2014 at 9:47 AM EDT

Last week, I wrote about a number of malware samples I had discovered that were not detected by XProtect. Immediately after posting that article, I submitted those samples to Apple. Yesterday, they were finally added to XProtect, when XProtect was updated to version 2046. This, and other developments over the past week, are both encouraging and upsetting, for a variety of reasons.
Read the rest of this entry »


Time to re-evaluate safety of Mac OS X

Posted on March 5th, 2014 at 11:07 AM EST

My Mac Malware Guide has, for some time, made the claim that a properly up-to-date Mac OS X system cannot be infected by any known malware. This was true at one point, with some provisos, when that text was originally written. However, recent cases of malware that has failed to be blocked by the XProtect anti-malware system in Mac OS X prompted me to do a re-evaluation of this statement. What I found was profoundly disappointing, leaving me wishing that I could take those words back.
Read the rest of this entry »


CoinThief may be older than thought

Posted on February 14th, 2014 at 8:43 PM EST

Monday saw the announcement of a new set of Bitcoin-stealing trojans, which have been named CoinThief. These applications – named BitVanity, StealthBit, Bitcoin Ticker and LItecoin Ticker – were distributed through a variety of sites starting in December of last year. However, another variant of this malware has been uploaded to VirusTotal that may have been in distribution since late April or early May of 2013. Worse, although the other variants are now blocked by XProtect, this new variant is not!
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Apple blocks Flash following security update

Posted on February 5th, 2014 at 9:36 AM EST

Apple has updated the XProtect security system in Mac OS X to block all versions of Adobe Flash Player prior to This was done in response to a critical security update released by Adobe, fixing a vulnerability that was being exploited in the wild. Users of Chrome should have their Flash plugin updated automatically. Users of other browsers, with Flash installed in the system, may have Flash updated automatically or may need to install an update manually, depending on the settings.
Read the rest of this entry »


How does your Mac NOT protect you?

Posted on October 25th, 2013 at 11:33 AM EDT

I spend a lot of time telling people about how their Mac protect them from malware. I have even written an entire section on the topic in my Mac Malware Guide. So it may be a bit surprising that I seem to be suddenly turning around and saying the opposite.  That’s not the case, though. The Mac still protects you just as I have said… but it’s also important to keep in mind where the holes in those defenses are. Just as a house isn’t secure if the owner is unaware that the back door is unlocked, neither is a Mac safe if the owner isn’t aware of the holes in its security.
Read the rest of this entry »