Mac OS X, the new battlefield for trojans creators

Apple fans claim in a voice as a cry of triumph that their machines are more secure than Microsoft Windows machines until to the point they does not need to run an antivirus software for their protection and even they push the things dangerously far saying an antivirus for Mac will provoke more troubles than it helps. On the other side, the staff at Apple affirms the Mac OS X security high level is inherited from Unix and as a consequence it’s open source, the most important Mac OS X components are reviewed and improved by security experts worldwide. I can not stop to ask myself, how it is Mozilla Firefox more secure as an open source software? That does not stop hackers to hit and penetrate it from all directions.

The reality is a Mac is more secure than a Windows machine but that’s due to hackers lack of interest for Apple platform, since they has a market share of near 5%, very poor compared  with Windows with a market share of 95%. There are hot debates around these percentages, however them can vary with 1-2 % nothing more.

But the technology market can reserve surprises and we assist these days to an exponential growth of Apple products users number. The reverse of medal is the Macs become interesting for hackers too  now and the commom sense says it can not provide an undefeated security :  it’s somehow normal for a widely public used operating system, where the developers strives to fullfill the users expectations regarding the features and the ease of use. As a rule, almost always when an operating system is trying to be user friendly, it automatically becomes hackers friendly, the question is where the compromise point is estabilished.

In the past it was Trojan.OSX.Boonana.A, a multi-platform trojan using a Java applet to download and execute in background malware programs and very recently a new trojan able to infect Mac OS Xmachines was discovered, the Blackhole RAT or OSX/MusMinim-A how it is named by Sophos security vendor, who first dicovered it. RAT means Remote Administration Tool and can be a benign application used for example to remote troubleshooting computers what makes it to be a trojan is the hidden install characteristique and the absence of a graphical interface. Another feature of a RAT type trojan is the ability to inject itself into legitimate processes in order to deveive the antivirus detection and the stealth communications it initiates with the Command and Control server. This new created trojan, despite the fact it has similarities with DarkComet RAT, a native Windows trojan, seems to be in Beta stage as it admit itself displaying a message like this :

“I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.”

The OSX/MusMinim-A, once it infect a Mac, can run shell commands, pop-up different messages trying to scam the user to reveal its administrator password, it can to direct the user to open certain websites or to download and upload files to the infected machine.

The funny thing is the statement of the creator of the DarkComet RAT which states he has nothing to do with this new  unsophisticated  trojan, and his creation he’s working on it, a new Mac OSX trojan is much more evoluated and plenty of functionalities, icluding the ability to run shells commands without administrative privileges. The creation of trojans for Macs becomes a trend as we can see and we are expecting to see more and more malware for Apple systems. What is the conclusion? The Mac’s security can not be neglected anymore and maybe is a good idea to enumerate here a few security general recommandations :

Using an antivirus for your Mac OS installation is no more an exotic idea and must be take seriously in consideration. A few security vendors developed antivirus versions for Mac :

Kaspersky Antivirus for Mac;

* Bitdefender Antivirus for Mac and PC;

* Sophos Anti-Virus for Mac Home Edition this one is a free edition;

* Norton™ AntiVirus 11 for Mac® ;

* ClamXav free virus scanner for Mac OS X;

* VirusBarrier X6 able to scans also the Apple iPad for malware and malicious files. It contains also a two-way firewall, an anti-phishing module besides the anti-virus and anti-spyware;

* avast! Mac Edition ;

* PC Tools iAntiVirus™;

* McAfee VirusScan for Mac ;

* ProtectMac AntiVirus ;

Installing an antivirus is the “automated side” of a Mac protection against malware, the other side of the same importance or even bigger, is the “user side”. Like in the Windows based systems, the user behaviour is of the an utmost importance.

* Always install as quickly as possible all the Mac OS X updates, Apple has a very short response time to the new discovered threats ;

* Use the FileVault feature to encrypt your personal documents, using a strong Master Password containing letters and numbers;

* Secure your Keychain, preferrably using a different password than your administrative one. The Keychain is the zone where are stored your Internet passwords and other sensitive data;

* Don’t use for day-by-day work your administrative account, instead make a standard account, this will prevent the malware in the case of an infection to gain access the  system files;

* Never open suspicious email attachements, or click on promising banners and links offered by unverified sites. Very often a system infection occur when an innocent user clicks on links suposedly leading to porn video movies, scandalous videos or leading to a big money prize. The attackers try hard to make their traps as “user-attractive” as they can;

* Don’t download software from untrusted sites like warez forums or blogs;

I don’t want to be a “bad prophet” telling you that the day when the Mac’s security will be hardly tested by the malware is close, but always is good to know and to be prepared for worse. In fact, whether the user is the weakest joint in the security chain or an unknown operating system security flaw, there is not such thing as a 100% immune to the viruses operating system, the security and the defend is always built and maintained by the users, not somehow magically acquired.

Keep safe !

 

Posted in Thoughts.

Leave a Reply