Mass Market Mac Malware Has Arrived!
Do you use a Mac? Have you heard about the Flashback trojan? If you answered “yes” to the first question and “no” to the second, listen up! Even if you answered “yes” to both questions, listen up anyway! Do you like alliteration? Then, perhaps you liked the title of this post.
If you follow many of the security prognosticators out there you’ve been hearing Paul Revere galloping through the streets of Boston yelling “Mac Malware is Coming! Mac Malware is Coming!” (or something like that) for a few years now. The theory certainly made sense. Adoption of the Mac platform was increasing both in the consumer and enterprise spaces. More affluent people, such as company executives, were buying Macs, partially under the auspices that they would be more secure from malware and identity theft. Both of these factors, however are a big part of the reason why Macs not being targeted would only have a very limited shelf life. A more widely adopted platform = more opportunities for cyber crime = a larger target for online criminals; a pretty simple equation that has proven to be true over and over again.
Up until this point we have seen relatively few malware variants targeting Macs. If you compare the number of malware variants targeting OS X to the Windows platform, it is kind of like comparing the size of the Earth to the size of the sun. There just is no comparison. When a new piece of Mac malware has made its way into the wild it has been big news, partly because of the rarity of the event (e.g. Mac Defender and MacSweeper, which were Mac branded fake AV products along the same lines of what criminals were using to infect Windows computers). The reality of these, however is that the actual number of machines infected by Mac malware has been relatively small.
The prevalence of the Flashback trojan, which steals usernames and passwords to popular web sites by monitoring your network traffic, is very large if you consider other Mac based infections to-date. At last count, according to this PC Mag article is that over 550,000 Macs are currently infected with this trojan. I’ve seen some other estimates that put the number at over 600,000. If you want to check whether or not your Mac is infected with Flashback and how to manually remove it, click here.
Flashback originally came onto the scene back in September by making itself look like a software installer for Adobe’s Flash Player. It has since evolved to now be built directly into malicious and compromised web pages. Flashback gets onto your system by exploiting a vulnerability in Java. Note that Java is NOT installed on OS X by default (for systems running the Lion version of the operating system), but since so many web pages and applications require Java to be installed, many systems are likely to have it anyway.
Apple has released an update to the Java framework which addresses the vulnerability exploited by Flashback. It is recommended that you test and install this update as soon as possible. Also, it is recommended that Java be disabled on computers that do not need to have it running as this will also prevent future malware exploits against it.