back to article DIY crimekit brings advanced malware to Mac OSX

A crimeware kit discovered over the weekend promises to bring a flood of advanced malware that steals passwords and other sensitive data from computers running Mac OS X. The kit is being advertised as the Weyland-Yutani Bot in underground crime websites, where it's being sold for $1,000. The first ever crimeware kit for the Mac …


This topic is closed for new posts.
  1. karlp

    And yet....

    This isn't a "drive-by" attack, there is outright social engineering involved to get someone to run this app, and as we all know once you can convince a user to run a program, all bets are off.

    Furthermore, once it is on a system, to remove it all you do is kill the task and delete the program right there in applications.

    I have no doubt that something truly nasty for OSX is coming someday, but this still isn't it.

    1. LINCARD1000
      Jobs Horns


      Manual installation may be required, but your average, not hugely IT literate Mac user is likely to realize how to uninstall it or even realize that the "anti-malware" software is actually responsible...?

      I suspect not.

    2. Anonymous Coward

      Kill the task?

      Again, a little social engineering will make this extremely difficult. If such malware on a Windows box will spoof the name of a legit process to make hunting for it a needle in the haystack, I can't see how that cannot be done with Macs.

      Again, in the end it's all PEBCAK. If the end user is properly educated, then this can be averted.

      1. This post has been deleted by its author

        1. Anonymous Coward

          At least Mac users chose their OS

          as opposed to Windows users who do not get their OS by choice, they believe it is the PC so I would give Mac users an edge here over Windows users.

          1. Kay Burley ate my hamster

            I use both

            I know how to do pretty much anything in Windows (10 years IT support) but would need to look up how to kill a task in OSX, its not something I have needed to know. So if I don't know it will less technical users?

            Also PC's are available with Linux installed, Macs have a choice of OSX or OSX...

            1. Sean Baggaley 1

              @Kay Burley ate my hamster:

              There are multiple methods for killing tasks and apps on Macs:

              1. Applications --> Utilities --> Activity Monitor. This is a full-on task manager, with a fancy GUI.

              2. OPT+CMD+ESC (the Mac equivalent of CTRL+ALT+DEL) brings up an app killer. (It only lists apps, but it's quick and easy to remember.)

              3. Apple Menu -> Force Quit... (brings up the same box as 2, above.)

              I work with a lot of beta-grade software and, believe me, buggy software can crash OS X just as easily as it can crash Windows 7. (I run both.)

            2. CmdrX3

              and for the more adventurous...

              We also have the ability to use OSX on our PC as well. I have it, I just don't use it. I get to the desktop at which point I say now what.

          2. Anonymous Coward

            Oh about the coat

            The coat ALWAYS gets the down vote.

          3. Ammaross Danan

            Just a note

            "At least Mac users chose their OS"

            Mac users get OSX. PC users get Windows. The choice of OS is what hardware you buy. Then there are the free-thinkers than can install Linux (or other OS) on either set of hardware just the same.

            However, the difference is the cost of such hardware. The Core i7 system punted at the Apple Store costs a fair amount more than the Windows-laden Core i7 system punted at the local shop, even though the internals are (roughly) the same. It just depends on whether you want a white computer or an assorted-color/style one and don't mind having Windows (hopefully 7 at least) on it.

  2. Anonymous Coward
    Anonymous Coward

    Hmmm... Curious noise....

    The sound of a million Ivory towers crumbling.

    1. HollyHopDrive

      Nope... that's the sound of...

      .... wishful thinking on your part.

      If you run untrusted or software from a dubious source then expect this kind of thing. It requires the user to install something. Social engineering aimed at a mac audience.

      Nothing to see here. Move on....

      1. Steve Evans


        You mean you trust users?!!!

        You only need to see the number of people repeatedly being taken in by the "See who viewed you profile" and the topical "See Bin Laden execution" link worm on facebook to see that users of any platform are:

        1) Stupid

        2) Don't learn even if you explain it to them with a length of 4 by 2.

        Combine something like that with an exploit and away you go!

        As the old saying goes, remember that 50% of the population are of below average intelligence.

  3. Anonymous Coward
    Paris Hilton

    I pray...

    That El Reg will not have this problem. --Or any of my websites. I use both mac and PC (mostly mac), and all the porn i browse, I haven't one caught anything nasty. ...Makes me want to watch Southpark S12-E06 Over Logging What ever happened to the days of social engineering over the phone? On another unreleated note... I still use for the reg's address

    I feel I should start over again..

    WOOOO! Let me type my password in to install this program.

    --Little snitch wants to know if you want x-program to connect to <allow> <deny>

    ...come to think of it, I should warn my tech-retarded brother not to click on allow.

    Paris; because, everyone needs to start from the beginning every now and again.

  4. Volker Hett

    Let's see

    Reports about a Virus by somebody selling Antivirus Software are interesting, but may be somewhat exaggerate.

    A trojan is quite possible, but not that much of a problem, just take care and check what you run on your computer.

  5. Jess


    Is this another vulnerability that depends on javascript?

    1. Volker Hett

      not really a vulnerability

      more like a trojan, the file is downloaded and finder unzips it, then it asks if it shall be installed.

      First question, did I download it myself? No!

      Second question, should I answer yes? NO!

      Easy to avoid, isn't it? Windows, Linux or OS X, some common sense should be applied.

  6. Mickey Finn

    Yeah Right...

    Did anyone notice that this report originated in Kapersky Labs in house magazine?

  7. Scott Mckenzie

    Once more... have to type in your user name and password to run it.

    It's still a million miles from Windows where one click and you're done, without even knowing it.

    Most Mac users I know are sensible enough to not run as administrator either so an immediate second defence.

    Must be a slow news day...

    1. ElReg!comments!Pierre

      Re: a million miles from Windows

      How's life in 1992 mate?

      1. This post has been deleted by its author

  8. Anonymous Coward

    Social Engineering Never works....

    ..I mean, just look at Facebook, a beacon of light of users not clicking on any old shit.

  9. mrh2


    To install anything on a Mac you have to choose to start the installation running and type in a password. Then, the first time you run the software Mac OS warns you it was a file downloaded from a website and asks you to confirm you want to run it.

    You'd have to be pretty dense to accidentally do all.

    1. Riccardo Spagni
      Thumb Up


      AGREED - every time I open anything that I downloaded from a legitimate, trusted source, it complains that the software was downloaded from the Interwebz yesterday and am I *SURE* I want to run this. If the software runs and wants to do anything out of the sandbox (say, make permanent changes) I'm asked to put in my user name and password. Admittedly, wrapping it into a legitimate install of bogusware will catch a user unawares, but I suppose Apple circumvents that process a little with the Mac App Store that seems to be all the rage.

      1. Volker Hett

        Some software is signed.

        Just like the MD5 hashes in Linux repos.

        IMHO a good idea and I can stand the extra clicks.

  10. phuzz Silver badge


    Apparently there's a lot of mac users out there who are sensible enough not to install random programs.

    I have not met any of these, could someone please point me at them?

    Joking aside, I'd say that the ratio of tech-savvy users to, er, the type of person who will click on any banner ad is about the same among my windows using and OSX using friends/family. so I'd expect this crime kit to be about as effective on apple users as it is on windows.

    1. This post has been deleted by its author

  11. Anonymous Coward

    No reason to worry

    A Mac user will probably take one look and go PAH I have a Mac, virus only affect windows and simply ignore it.

    Btw I am joking (But I guess I will be flamed so I'll be a coward today)

  12. Anonymous Coward

    If I manage to trick you into formatting your system partition,

    then the OS has no fault. Let's be clear on that. People, please remember the story of the real Trojan horse, one of the oldest social engineering tricks fully documented in the history.

  13. Daniel B.


    So I should expect Aliens to burst out of my Mac any minute now.

    1. This post has been deleted by its author

This topic is closed for new posts.

Other stories you might like