Things that happen every four years: Olympic Games, Presidential elections, and now new Mac ransomware Security bods are sounding the alarm following the discovery of a rare brand-new strain of Mac ransomware. Known as EvilQuest, the software nasty was spotted spreading via Russian piracy and torrent sites. The team at infosec outfit Malwarebytes told The Register on Tuesday the malware is the first new piece of macOS …
Seriously? It’s not a virus. And if you don’t know the difference between the various types of malware that might affect your computer, you’re probably in the wrong business. But don’t worry - MacDonalds are beginning to open up again and I’m sure that they’ll snap you up.
Besides, there are viruses for the Mac. Not many, but they do exist. As far as I’m aware, there are no worms though (another thing for you to look up) - and whilst I’m prepared to be proved wrong on that, I really hope that I’m not.
As for trojans (which is what this is, ultimately), well yes. Lots. They rely on human fallibility, and it’s not really possible to defend against that.
There are/were viruses for Macs _prior to OS X_, but none since. And even in the old days the top malware were worms and trojans. No more worms, either, but lots and lots and lots of trojans. The cure for trjoans is the same as it ever was: don't launch them. That means don't go to dodgy Russian sites and download pirated versions of apps, you're just begging for trouble. If someone were to get an infected installer into a legit site, such as Apple's store, or, in this case, the site of Little Snitch's dev, then there'd be a real problem. But if you have to go and hunt down the malware yourself, well, think of it as evolution in action.
I hope that you're right, but I don't think that that's entirely true - and especially not when you take into account proofs of concept which, of course, can become very real threats when they leave the lab.
Viruses like Macarena or Clapzok.A, Safari-get or OSX/Pirrit.
The thing to remember about Viruses though is that they still require human interaction to spread, whether that's the deliberate execution of an infected program, or the insertion of infected media. This is in contrast to a worm which can spread through a network without any human intervention beyond turning the computer on - and there really are no (known) worms which affect Apple devices.
Whether these continue to work on modern macOS like Catalina is, of course, debatable.
"Yes but I thought "Macs don't get viruses"?"
I think you may be thinking about claims made about Chromebooks. They even feature in advertising for the Chromebook.
The first Mac virus I recall seeing was nVir in 1987. Then John Norstadt's Disinfectant appeared as the first anti-Malware software that I had seen. Graham Cluley has documented the history of Mac malware. It's worth a read. I haven't seen anyone other than the terminally clueless state that Macs don't get viruses. Although with OSX the scope for viruses to propagate has been severely curtailed and proofs of concept often require a lot of user compliance to give the virus the permissions it needs to infect system files.
As someone else has said, malware that runs in userspace is more of an issue. Ransomware, crypto-currency miners, Trojans etc only need user permissions to do their stuff. If you can execute code on your computer then malware can execute on your computer. The only effective way to stop it is to make it a pain to use your computer.
And Little Snitch is an inspired “horse” as it needs to be granted low level system access to install. Though I’m surprised people who recognise the value of LN are naive enough to download a pirated version. Perhaps the ransomware author realises they’re targeting cheapskates and £40 is all they’re likely to get...
LS is expensive, also intrusive with its modal pop-ups. Hard to stomach paying that much for something that's such a PITA, keep hoping someone will come up with something that doesn't interrupt everything to fret about a connection issue that can wait.
Radio Silence is okay but not granular and not as useful as a tool. If only there were something in between...
I saw nVIR in the wild, and Scores and SevenDust and the AutoStart Worm and many others, all prior to OS X's arrival. Since OS X, I've seen two trojans, just two. Both were laughably easy to detect, one being the infamous Office 2004 fake installer. This was a trojan shared on places like eDonkey which was 122 kB in size; Office 2004 was 660 MB plus. The fake installer was supposed to open a back door on MS's site and download Office direct from MS, that was supposed to be how it was so small. What it did was delete your home directory and possibly other directories and files.In my opinion anyone stupid enough to fall for that pitch, well,...
@nvir
Back in the early noughties we had an older mac in the lab which was a common computer and slow. I had cause to stick a zip drive in it and when I inserted said disc into my Tower I was told it was infected. Knowing where it had just been I took the Norton CD and had a look at the common computer. It was absolutely riddled with nvir, it was pretty much everywhere.
A good long clean later and it was running fairly quickly again. So it slowed computers down a bit. Big deal.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
