Security Researchers: Malware on Mac Is A Very Real Threat



Remember the days when Mac owners chuckled as Windows users swatted swarm after swarm of malware, confident in the old saw about ‘security through obscurity’? Well, one side-effect of Apple’s growing popularity is the Mac is becoming a more visible target for malicious hackers — and they’re already building Trojans aimed at your machine.

“You get a few points up, and like we are seeing now, you will start seeing malware,” Adam O’Donnell says. Before becoming part of SourceFire, in 2008 O’Donnel predicted Macs would see more attacks when Apple’s marketshare hit 16 percent. Recently, security researchers discovered a kit to build Trojans for the Mac OS X operating system.

The report is “quite disturbing news since Mac OS previously to some degree had been spared from the increasing amount of malware which had haunted Windows-based systems for years,” said Peter Krause, a partner in the security firm CSIS which discovered the Weyland-Yutani Bot kit being sold. (The name comes from the corporation in the movie ‘Alien.’)

The kit signals malware attacks against Macs now makes financial sense to hackers. “It just becomes economically viable to do it, so you start seeing these attacks becoming more common,” O’Donnell said. By building a kit, malware attacks – such as those by criminals seeking your private information – can be quickly scaled to huge numbers of victims.

Ironically, it is the inability of PC security software to catch all attacks that have saved the Mac from earlier assault. O’Donnel’s paper to the IEEE predicted if PC security caught 80 percent of malware, it would require Apple to gain 16 percent of the market. However, if PC security caught 90 percent of attacks, the Cupertino, Calif. company needed just 6 percent marketshare. M

The fear is that with the growing use of mobile devices, malicious hackers may soon move from the computer to the handset. The jump may not happen soon due to handsets being such a different platform than PCs or Macs.


  • Jamie Lynn Blair

    Ok, so how do we fight it? Last time I installed an anti-virus program my computer was pretty much useless

  • John T

    Never use an account with admin-level authority on a day-to-day basis, avoid Flash and Java if you can, think very carefully before entering admin username and password when prompted (especially when it occurs and you are caught off guard), avoid porn sites (LOL), don’t download things from warez sites promising free copies of MS Office for Mac and the like, and make sure to run Software Update regularly (especially fro security related updates). While the Mac App Store would likely be more safe than buying software on the web from a source you don’t know, reviews from trusted sources (ex. Cult Of Mac, MacWorld, MacLife, etc) should drastically reduce the chances of purchasing malware.

  • prof_peabody

    This article is complete BS. The argument about OS share reduces to a “security through obscurity” argument that has been disproven over and over again. This is just security companies selling their wares through FUD and any dumb-ass blog that reprints it is foolishly buying into the game.

    Gruber wrote a recent piece called “Wolf” which lists incidents of essentially this exact same statement being made about the Mac from blog after blog, year after year, for about a decade! Every time the Mac OS share ticks up it’s trotted out as fact, and yet it’s pure garbage.

    Even if you get malware on a Mac, it’s literally a one click fix in Safari (“reset Safari”), or a one click fix in Word (delete “”).

  • Hampus

    I’m not a Mac user, future one I think but not yet…

    When you say admin-level account do you mean a normal account with admin rights or something like a root account in linux?

    Just wondering because with an account with admin rights you would have to enter your password for any admin activity right?

  • Deocliciano Okssipin Vieira

    If you share files with windows users use an antiVirus, if not just do not install nothing from people you do not trust.


    Companies want to sell their good, and places like COM want to sell space to those same companies.

    Who lose?
    The consumer!

  • alvarotvv

    Instead of writing 1000+ words about why this article makes not much sense. Why better now read what Gruber wrote about this very same topic a few days ago.

    People have been trying “scare” and play down the security of the Mac since almost a decade ago. It just gets updated every now and then.

  • Rigogibson

    So the music file I just downloaded and had to enter in my password to install may be a problem?? Just kidding, I, along with most other users of the OS aren’t that stupid, but once they create apps that launch and install themselves, I’ll pay more attention to something like this.

  • Alexander530

    I wonder if the government is doing anything to track these malicious hackers. It seems like these hackers are just freely doing whatever they want.

  • Elfaki

    Something like the end of the world… :P

  • Figurative

    If the “security thru obscurity” idea is correct then please explain why versions of Mac OS prior to Mac OS X constantly had viruses? Furthermore, the lack of viruses in the Mac world has been SO publicized that surely people have tried just to gain bragging rights. Gruber’s article is spot on and we’ll revisit this meme a year from now with no real threats to the Mac having happened.

  • ithacaindy

     The point of the article and the IEEE paper was that Mac owners who rely *only* on the security-through-obscurity mantra are seeing the ‘birds coming home to roost.’ Of course, the Mac OS is inherently superior to Windows. However, as Apple’s profile increases, its value as a security target also increases. At least follow simple security measures to reduce your risk.

  • Apple Mac Repairs

    I have never regularly used any anti virus software on a mac, I have down loaded free programs from time to time when I read an article like this, but touch wood i have never seen any malware on my computers. I do however agree that if your in business and you are forwarding mails you have received  to pc users or even amc users who may forward them to PC users then it a good idea. So with that in mind Ive just downloaded Clamsav and am scanning the mail folder so far it says its detected three suspect mails, Ill update when its finished. The truth is though they are the sort of mails that I would never consider forwarding in the first place, I just haven’t deleted them yet.

  • Apple Mac Repairs

     Well that would appear to be a waste of time as Clamsav picked out six mails Ebay Paypal and linkedin! Dont know that i believe that!
    Infection names were Phishing-485 and heuristics.Phishing.SpoofedDomain so I think im clean

  • Thetechx

    I think what we are missing here is that malicious hackers target gullible people 90% of time. Also just because there’s potential for something doesn’t mean it will happen, but just because I’m smart enough to not get hit by a car that doesn’t mean I’m going to stand in the middle of the highway with my arms outstretched. The idea here is that most Mac users tend to ignore setting up there security settings. Some don’t know firewall is disabled out of box and are ignorant of protection. For now I’d say at least make sure your security settings are locked down and maybe considers a lightweight av.

    Knowledge is power and every Mac user needs to be educated on the subject. I am a Mac user and Linux user and windows user…though I lean toward Mac over the past few years. The market share argument is very valid to the type of hackers “black hat” kind that arent looking to compromise the most amount of machines for financial gain. Now I agree unix os’s are built into the kernel whereas windows utilizes the registry which the different builds make a difference, but that doesn’t mean it CAN’T be done. Contrary to popular opinion Mac has had infections in past and they have since. Yes I know they haven’t made it as widespread as windows malware.

    The key takeaway here is to just be educated and not live in a vacuum and pretend it can’t happen because then you become the victim because your too ignorant to be looking for it.

  • Pawn

     Unfortunately you are incorrect. Until Lion, Macs are inherently inferior to Windows. Apple has copied Microsoft with some things like ASLR, but did a poor job of it. This is one reason why Macs go down in the PWN2OWN challenge every year. I can’t wait for Lion for this reason.

  • Pawn

     There are actually multiple levels of user accounts in Unix/Linux and as such OS X. The root account is disabled from general use by default in OS X. You have to actually enable it.
    He means an account with Admin rights.
    It is possible to use an account with non-admin rights and then whenever any admin activity is required just use the admin username and password that you set up to do whatever is needed. This is much safer and actually makes you think about what you are doing.
    Although it doesn’t seem as though it should, just running in admin mode makes you more at risk because not every admin event causes the window to pop up.

  • Bob

    Show me ONE single SYMPTOM from a “virus” or “malware” on OSX *WITHOUT* the user running an installer, and inputting their admin password. You won’t be able to find any. Their hasn’t been a single SYMPTOM from any of these “threats” EVER on OSX. Anyone can install a program to f**k up their computer – duh! I can also willingly shoot myself in the foot! Should I walk around with bullet proof shoes to prevent myself from shooting myself in the foot? I know, I know … I’m getting really philosophical here. But isn’t philosophy what this issue is really about? People *think* their are threats to Macs, however the only threats have been things that would be considered a comical self inflicting wound. Again, show me ONE symptom that has appeared on OSX without the user going through a full blown installer.

    What did the MacDefender program even do to the OS? NOTHING! OOOHHHH NOOO it put a startup item in my startup items list!!!! OMG!?!!?! Ok lemme start this serious virus removal by removing the startup item! OK done…that was friggin hard!!!

    If I really gave a rats behind about some self inflicted wound that I did to myself such as MacDefender, all I would have to do is boot off my Leopard disk and run an “Archive and install” which would leave my user folder and applications intact while completely rebuilding the OS. All better, and without any noticeable change! Too bad rebuilding your computer on Windows isn’t as easy as that! Poor Windows users =[ . So let it be known that even in the case of the laughable “Macapolipse”, all the Mac users will need to do is boot off the OSX Boot DVD and run an “Archive and install”. Sounds scary!

     Their aren’t any current threats to OSX other then the user’s stupidity. I don’t like to resort to insults, but when people act like these lame-duck attacks are anything Mac users should be worried about – it’s insulting to the truth. As I said before, when ONE person can show ONE symptom from an attack without running an installer and entering your admin password – then I’ll give two s**ts about what these ignorant fear mongering n00bs say about Macs.