Latest Mac Malware Attack Is a Wake-Up Call for OS X Users

Mac users were once relatively insulated from malware attacks, if only because their OS platform didn't attract the attention of criminals. But now a spike in security threats is making it clear that the bad guys are no longer ignoring Apple's OS X.
Image may contain File Electronics Computer Screen Monitor Display and Lcd Screen
OS X users may need to start arming their computers with antivirus software like their PC counterparts.Image: Brian X. Chen/Wired

Mac users were once relatively insulated from malware attacks, if only because their OS platform didn't attract the attention of criminals. But now a spike in security threats is making it clear that the bad guys are no longer ignoring Apple's OS X.

The latest Mac security threat, a variant of the "LuckyCat" attack, takes advantage of an exploit in Microsoft Word documents, giving a remote attacker the ability to plunder infected systems, and steal data by hand.

It's an exploit that's been around for almost three years now, and is completely preventable if you keep your system up to snuff with security updates. The fact that it's only now getting widespread publicity indicates how historically lackadaisical Mac users have been toward security -- and that this attitude needs to change.

"I think this is a wake-up call that people running OS X need to start patching and updating their systems more," Marcus Carey, a security researcher with vulnerability management firm Rapid7, told Wired. "Patching is the number one thing anyone can do to protect their computer."

In the past, malicious attacks on the Mac platform have been few and far between. More than 90 percent of the desktop market share used to go to Windows, so that's where cybercriminals focused their time. But in recent months, OS X adoption has been rising, and similarly the number of threats (like last year's MacDefender trojan horse) have been rising.

"The OS X platform has always been as potentially hacked and compromised as any other platform, but it just hasn't been targeted until now," Dave Marcus, director of advanced research and threat intelligence with McAfee Labs, told Wired.

‬"The OS X platform has always been as potentially hacked and compromised as any other platform, but it just hasn’t been targeted until now." -- Dave Marcus, McAfee‪The Flashback Trojan gained notoriety earlier this month for infecting upwards of 650,000 Macs. Flashback used a Java-based security flaw to install itself onto systems, but Apple patched and issued a security update for it last week. (Public service announcement: Update your Mac right now, if you haven't already).

But cybercriminals haven't invented new, twisted ways of creeping into your MacBook.

"The interesting thing about the exploits over the past few days is that the bad guys are using the same techinques on a Mac as they'd use on a PC or tablet," Marcus said. "They're using rigged documents and websites, Java exploits -- very much mimicking the methodology used in the PC world."

Carey noted that cross-platform programs like Microsoft Office, Adobe PDF products, Java, and Flash are likely to continue to be targets for malicious coders since they can get more bang for the buck, utilizing a single vulnerability that affects Mac and Windows users alike.

And Peter James, a spokesperson with Mac antivirus software company Intego, said now that cybercriminals have seen that these techniques work so well, we'll be seeing more of them.

"With the Mac Defender trojan and Flashback, it’s clear these attacks will continue," James said. "Someone has peeked inside a door and seen that they can actually work. It may not get worse, but it’s not going to get better."

If you're serious about Mac OS X security, we recommend these tips from Kaspersky Lab expert Costin Raiu. But for most of us, adding some antivirus software and staying abreast of system updates should be more than enough to stay protected.