Skip to comments.Mac malware scam grows legs – MacGuard needs no password
Posted on 05/27/2011 7:14:04 AM PDT by for-q-clinton
The once relatively virus-free Apple Mac ecosystem has been tainted forever by a nasty malware scam and you sense an age of innocence has ended. Its a deadly shock to that ecosystem because now a second variant bug has arrived that requires no password.
The malware first manifested itself when Mac users noticed ads for a product called Mac Defender that promised to protect them against malware and viruses. However, it turned out Mac Defender was actually a piece of malware that becomes active on a desktop after a user is suckered into entering a password, and floods the screen with pop-up pornography sites.
Since then a number of variants MacGuard, MacSecurity and MacProtector - have arrived.
According to security firm Intego, the goal of this fake antivirus software is to trick users into providing their credit card numbers to supposedly clean out infected files on their Macs.
New variant requires no passwords
Intego has discovered a new variant of this malware that functions slightly differently. It comes in two parts.
The first part is a downloader, a tool that, after installation, downloads a payload from a web server. As with the Mac Defender malware variants, this installation package, called avSetup.pkg, is downloaded automatically when a user visits a specially crafted website.
If Safari's "Open safe files after downloading" option is checked, the package will open Apple's Installer, and the user will see a standard installation screen.
If not, users may see the downloaded ZIP archive and double-click it out of curiosity, not remembering what they downloaded, then double-click the installation package. In either case, the Mac OS X Installer will launch.
Unlike the previous variants of this fake antivirus, no administrator's password is required to install this programme. Since any user can install software in the Applications folder, a password is not needed, Intego said in a warning note.
This package installs an application - the downloader - named avRunner, which then launches automatically. At the same time, the installation package deletes itself from the user's Mac, so no traces of the original installer are left behind.
The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application's Resources folder. (The IP address is hidden using a simple form of steganography.) Intego VirusBarrier X6s Anti-Spyware feature detects this operation:
Intego considers that the risk for this new variant to be medium, in part because the SEO poisoning has been very efficient in leading Mac users to booby-trapped pages, but also because no password is required to install this variant.
But I thought they promised this was only possible on windows, so I bought a mac to be "secure".
And to think people paid a premium for this.
A better article on the latest mac virus.
Another thread on the latest Mac Virus/malware. I wonder how they are going to spin this one?
I’m the farthest thing from a Mac fanboi, but I think this isn’t indicative of anything other than a shift in the social computing sphere. Apple has an increasing market share, and haxX0rs are going to tailor exploits more for those machines.
Also count on M$ coming out in the coming months to say something along the lines of, “See, Win 7 IS more secure,” when in reality it’s just that more people are wise to schemes on Win machines. Mac users have heretofore thought they were immune or less likely to have problems, but with this new batch of malware, they’re going to have to wise up like the Windoze users have over the last 15 years.
For the record, I’m a Linux fanboi.
By that, he means: an age of willful and smug naivete.
Completely agree. I’ve been saying it for years, but the macbots told me...no never. Besides any virus will need to be installed with the admin password.
Clearly that it no longer the case.
I know...this *should* shut up the annoying macbots. But I’m sure the most annoying will spin this away as if it is a non-issue. But all those issues where a windows user ran porn.exe for free porn and got a virus...well those are legit dings against windows.
Even with this virus, MACs are million times better than those cheap HPs.
It seems like most of the big tech blogs are ignoring this bit of news.
Apparently Apple hasn’t supplied them with sufficient talking points to pass on to the fan base to try to talk this one under the rug.
Now that OSX won’t be ablet o claim virus/malware free and users don’t need to worry about it...how will they market their product to security concerned users?
“Switch to OSX soon before it gets too popular and then our security will be no better than windows. The sooner you switch the longer you’ll enjoy limited security by hiding out with the minority.”
I’ve noticed that. The Apple threads are always silent until their leaders tell them what to think. Happens every time OSX is the first machine cracked at the Pwn2Own contest. A couple days or weeks pass and then they get their marching orders and finally those threads start getting replies. But even then they are pretty dead because most users are left scratching their heads and saying WTF! it was still the first one hacked 3 years in a row!
Last years excuse was the guy that hacked it was a genius NASA dude. The rest of the world isn’t as smart as him, so users have nothing to worry about.
Right, compare a $1800 laptop to a $500 laptop. That’s a good comparison.
I have to be very amused when viruses and malware on Macs are described as something new.
The fact is that in the old days, there were more viruses on Macs then on PCs. This was before the World Wide Web was invented, and e-mail attachments were virtually unknown. The viruses spread by floppy diskette exchanges, BBSes, and college networks.
There were at least half a dozen useful Mac anti-virus software packages, (Virex, Interferon being two of the biggies). We admins received our Virex upgrades via snail-mail (how’s that for quaint?)
WDEF, Word Macro viruses (an equal opportunity employer), nVir, all had their day.
So, the real long term Mac fanboys (and I still like Macs just fine) know that viruses can hit a Mac.
NOW, I would say that the difference between Windows and Macs/Linux/Unix/Solaris etc. is not so much in file structures or user permissions.
It is ActiveX. Microsoft wants the computers to do a LOT more automatically without a lot user interaction. The same tool that makes this happen in IE greatly increases the ease and variety of attacks that can be made on it.
1800? it cost more than that. These computers are perfect. You don’t get them for free.
My favorite excuse was that they hacked the Mac first because you win the machine you break, so they naturally went for the one that they really wanted the most.
Yep...prior to OS X macs were a mess. Crashing all the time, virus prone, and just garbage. Macbots think time began with OS X...the earlier OS’s don’t count. But they love to ding Windows XP, 2000, 9x, etc. But that’s like comparing OS 9 to XP, but instead they stack the latest and greatest OS X against XP. They need to compare windows 7 to OS X. And the past 3 years OS X was the first machine hacked in the pwn2Own contest.
That was some funny stuff. Sad thing is many macbots believed it!
They will lie. They are Apple. Al Gore sits on their board. They will charge everyone for an ‘upgrade’ when the freeware community they are stealing from fixes this issue.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.