The Era of Mac Malware Immunity Is Over
|Photo composite by SecurityNewsDaily|
You know you've finally arrived as a software platform when hackers start gunning for you.
Such is the predicament that Apple's success has brought: Sophisticated malware has started to appear that's directed specifically at Apple machines.
For years, security experts predicted that as Apple gained market share, cybercriminals would turn their attention from Windows machines toward Mac attacks. Now it appears to really be happening.
Apple's Mac OS X operating system now enjoys a market share of more than 15 percent in the U.S., according to Swedish Web-monitoring service Pingdom.
Coincidentally, in a 2008 paper written for the IEEE Computer Society, Cloudmark researcher Adam O'Donnell predicted that when Apple's market share reached a "tipping point" of roughly 16 percent, then hackers would begin targeting those systems.
According to other experts, that prediction now appears to be coming true.
"We are now seeing Mac-specific malware that we hadn't seen before," said Michael Sutton, vice president of security research at Sunnyvale, Calif.-based security company Zscaler.
In the past few weeks there have been examples such as MacDefender, a fake antivirus program that hijacked the name of a legitimate security program in an attempt to trick Mac users into divulging credit card numbers.
Such "fake AV" malware for Macs has arisen in the past, but much more troubling was the nearly simultaneous appearance of the first available do-it-yourself crimeware kit aimed specifically at Macs.
Dubbed the Weyland-Yutani botkit (and named after the fictional corporation from the "Alien" movies), it is being sold on underground forums, with the promise of an iPad version to come.
Such crimeware kits have been commonly sold in the black market for Windows machines. They are generally used to create Trojans or find access to infected systems for later exploitation.
Once the hacker gains control of enough machines — usually numbering in the thousands — he can create a botnet army of "zombie" machines, which can then be used to attack specific sites.
Some of the malware that claims to provide antivirus software runs like a modern-day con game, complete with telephone support with real people answering customers' questions for the bogus software.
It's a lucrative business, Sutton said, because the virus and malware writers can sell access to thousands of infected machines on the open market.
Renting out such hacked networks can make the "owners" millions of dollars. It's today's version of a digital hired gun.
Supply and demand
While Apple advocates have argued for years that Macs were inherently more secure, most experts say that the hackers simply follow the market.
So now there are viruses aimed at smartphones, for example, because tens of millions of them — tiny, powerful computers — are in use around the world.
Smartphones are also more attractive because they are constantly connected to the Internet. By the time an infection is discovered, the attackers have made their money with fraudulent charges and moved on.
Furthermore, because the computing world is no longer singularly dominated by Microsoft Windows, "we're seeing more Web-based attacks that are platform agnostic," said Zscaler's Sutton.
That means fraudulent websites are designed to infect any computer that inadvertently visits the site, whether it be a Windows or Mac OS X computer running any of a half-dozen Web browsers.
The popularity of Apple's iPhone and iPad has had a "halo effect" that attracts both consumers and criminals to the platform, so Mac owners should keep their browsers up to date and be more cautious.
Still, much of the computing world, and especially the corporate enterprise side, relies on Microsoft Windows.
"So the Apple malware is still small compared to what we see on the PC side," noted Sutton.
But it may be not for long.