Evolution of Mac malware

Written by: Gina on 13 March 2012

It is true that Mac infections are rare; however, it surely doesn't mean they don't exist. Macs can be hacked and have been infected already. These days it doesn't seem absolutely safe to keep Mac without any security tool within. There are so many hints you can notice on computer if your system is infected.

Starting with the OSX/Leap worm in 2006, Mac infections and viruses evolved and it looks like hackers are invading Mac system's more by creating various malware including DNS changers, backdoors, scareware, and spyware.

Most of the threats come from plug-ins and add-ons, like for browsers, which are usually distributed outside official app stores. "If its not in the Mac App or App stores, just don't download it," comments Jamz Yaneza, a threat research manager at Trend Micro. However, hackers may use Apple's store for their malicious intentions in the future as well.

Here are the most dangerous Mac viruses:

1. Infected iChat Hides First Mac Worm (2006)

OSX/Leap was a Trojan-worm combo that spread through Apple's iChat instant messaging system. Fake message appeared in your chat friend window stating it maintains pictures of the then-upcoming Mac OS X Leopard. Once installed, worm infects opened programs with malicious code.

2. Fake Codec Rewards Porn Seekers With Rootkits (2007-2009)

OSX/DNSChanger, OSX/RSPlug, and OSX/Jahlav were Zlob Trojans that evolved from PCs to Macs. These Trojans pretended to be a video codecs that were supposedly needed to watch porn videos. Once active, they'd change a system's Domain Name Server (DNS) settings to modify traffic to malicious websites.

3. Fake Mac Sweeper (2008)

OSX/MacSweeper was the first rogue Mac protection tool. It pretended being legitimate protection program that was able to clean Mac infections.

4. Rogue iWork and Adobe Photoshop Install Backdoors, Spyware (2009)

OSX/Krowi was designed and parted free in rogue versions of iWork '09 and Adobe Photoshop for Mac which was waiting information from a remote control center after it connected users to control server. Another backdoor, called OSX/Hellrts, also showed itself in pirated versions of iPhoto. Both malicious programs leaved a backdoor for hackers that may enter user's Mac without typing a password.

5. Another Fake Codec Packs Spyware (2010)

OSX/OpinionSpy was discovered. It was a variant of Windows spyware from 2008 and the first major piece of spyware on OS X that was found. Such rogue program appeared and unwary users were entering their user names and passwords in a prompt disguised as a legitimate tool. OSX/OpinionSpy was maintaining IM conversations, email addresses, browsing history, usernames/passwords, and bank account details.

6. Rogue applications evolves (2011)

Last year researchers have found more fake security scanners that were able to get into users' Macs. Those were: Mac Defender, Mac Protector and Mac Security. All mentioned rogues were well designed and think of because it was very difficult to remove from Mac user's computer.

7. 'Flashback' Lives On (2011-2012)

OSX/Flashback already has 14 variants. Malware uses Java flaws to enter a user's computer when they click into a malicious link. It seeks to get usernames and passwords for entering more personal data like credit card or bank account information.

Share on: