For Malware Developers, Mac Moves From Safe Zone To Target Zone

Growth of mobile devices, shortage of strong defenses make Apple look appetizing to authors of malicious code

Security experts werent all that surprised when they discovered
Mac Defender
, a fake antivirus package that actually carries malware, on the Macintosh platform last month. After all, the MacOS platform is becoming a lot more popular, particularly in the mobile world.
But when a
new version
of MacDefender appeared last week -- just a few weeks after the first version had appeared -- many experts turned their heads. The rapid evolution of new malicious code, long a mainstay of Windows malware, apparently is now becoming a reality in the Mac world as well.
Over the Memorial Day weekend, Apple issued a
security update
that promises to remove all versions of Mac Defender. But experts say the race between malware developers and Apple system defenders has only just begun.
For a long time, Apple users have had a false sense of security that the Mac couldnt get malware, notes Andy Hayter, anti-malcode manager at ICSA Labs, which does security product testing and certification. The antivirus vendors havent been focused on it, because there wasnt much activity. But apparently, the Mac has now reached critical mass.
With the growing use of Apple devices such as the iPhone and the iPad in the mobile world -- and with the growing diversity of browsers and applications in the Windows world -- the Mac is beginning to look like just another fertile target for malware authors, experts say.
We have certainly seen the exploit kit scripts become more complex as the Windows world has begun serious fragmentation on the browser side, says Chris Larsen, senior malware researcher at Blue Coat Systems, which makes network security and anti-malware tools.
Malware authors are finding that with the evolution of browsers such as Chrome, Opera, and Firefox, writing a new exploit is no longer a Windows-based, one-size-fits-all proposition, Larsen observes. The bad guys are in a mode where they need to manage a wide variety of exploits anyway, so adding Mac and Linux attacks isnt as big a leap as it used to be.
In fact, from a malware writers perspective, there might actually be more commonality among some Mac and mobile application environments than there is currently in Windows, notes Neil Daswani, CTO of Dasient Inc., an anti-malware service provider. The open source browser engine
Webkit
, which has become increasingly popular in the last year or two, provides a common point of attack on multiple environments, including the Mac.
WebKit is the engine behind Safari, and its used on the iPhone as well, Daswani observes. Its also the engine for Chrome and Android, which makes it a great starting point [for writing malware].
In a
blog last week
, McAfee researcher Craig Schmugar posted a chart that shows dozens of new and unique Mac OS X malicious binaries appearing during the month of May, outnumbering all of the Mac-based malware detected in the previous four months of the year.
Is this merely a short-term blip on the radar or the beginnings of a trend for Mac threats? Time will tell, Schmugar writes. However, rogue security programs in general are generating revenues of hundreds of millions of dollars a year for the bad guys, a powerful incentive. Furthermore, ZDNet estimates that 60,000-125,000 customers have called Apple support this month about such malware. Of course, only a fraction of those infected would actually pick up the phone, so the problem is likely much larger.
Phil Blank, a security analyst at Javelin Strategy & Research, says the growth of Mac-based malware is just one example of the multi-dimensional approach that attackers are adopting toward new exploits.
We see cybercriminals gathering knowledge and then using it to create new and better attacks, Blank says. The Sony attacks were a good example -- the bad guys got in and stole the login and password information, then they went back and used that data to launch more exploits. You can expect more attacks that are multidimensional, and the Mac will be one part of that.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
For Malware Developers, Mac Moves From Safe Zone To Target Zone