back to article Mac spyware infiltrates popular download sites

A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday. Dubbed OSX/OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Linux

    Right

    So now all fanbois can finally shut up about how wonderfully secure they're platform is, right?

    Lol. Of course they won't. They're Appletards and don't have a function to shut up because Apple didn't think they'd need that ability so didn't provide it.

    1. Maliciously Crafted Packet

      Coincidence?

      Google dumps Windows for security reasons.

      Employees can only use Linux or Mac OS X.

      Later that day new OS X malware announced.

      Go figure.

    2. Dalvik
      Alert

      It is more secure

      I am an Apple user, and like any computer system we are all well aware there are security risks no matter how secure or stable you may feel your operating system is.

      The thing I always come back to is:

      Microsoft has been well aware of issues with their OS for many years, and in most cases they are still there today. They just don't seem to take security seriously.

      Apple takes feedback and actively improve the system and removing risks as they are found.

      Why would I load MS Windows just to be plagued with bugs that are 4+ years old, when I can load a MORE secure OS (MACOS X) today?

      1. MDR

        Apple takes security seriously

        ... so is that why the Safari "carpet bombing" flaw is unfixed?

    3. Anonymous Coward
      FAIL

      Social Engineering

      Typical Winfag not getting the facts right.

      This is a social engineering attack. The user must authorise the installation of the malware* by supplying it their password. If you granted software access to your Linux root password, do you expect the inherent security of that OS would protect you? No OS can guard against user stupidity.

      * the malware disguises itself as market research software, which you have to install if you want the stupid screensaver or whatever it was you downloaded from one of the compromised sites

      1. DryBones
        Stop

        Pot, meet Kettle

        This is actually how the majority of attacks work these days. Something you didn't want gets put in with something you did, both go in. Oh hey, the computer got pwned. Cooler heads have been saying for years that it's a case of which target will give a miscreant more bang for their buck. Once it becomes worth it, attacks on OSes other than Windows will pick up, and they will get through. Period. It's just a matter of finding the right packaging.

        Put down the Kool Aid, and step away from the keyboard.

      2. Doogs

        Re: Social Engineering

        So what you're saying is that Microsoft make stupid software, but Apple have stupid users?

      3. Anonymous Coward
        Troll

        Winfag?

        Winfag?

        Grow up. When exactly did it become acceptable again to use 'fag' and 'gay' as slurs? If you're over 14 years old you should be ashamed.

        1. chr0m4t1c
          Stop

          If my memory is correct

          The term "gay" started to enter the mainstream as an insult around about four years ago, although it has been in use on the street for some time prior to that.

          I can't see how one section of society who sequestered the word from its original meaning of happy or merry into meaning homosexual can complain when another section of society does the same thing to them.

          Living languages have a tendency to evolve meaning over time.

          I this case I think the original poster is using the term in an "enforced" situation rather than voluntary. Again, because one section of the community uses a word one way it doesn't mean that another section's use is any less valid.

          I'm reminded of a story that the late great Humphrey Littelton told about when he was being interviewed on American prime time TV:

          "I made the mistake of saying that I was Lord Carrington's fag when I was at Eton. Coast to coast on network television. Liberace was on the phone before I left the stage."

          In case you don't know, in this case "fag" is roughly the equivalent of "dogsbody" or "skivvy". In much of the UK "fag" is a slang word for cigarette.

          So, time to take a less blinkered view of the world.

          1. Anonymous Coward
            Stop

            Streetwise

            Lol, 'on the streets'. Ha, looking at your post history can I suggest you've never been near 'the streets'.

            In the case in point, 'fag' was not being used to describe a 'dogsbody, skivvy or cigarette'. Time to be a bit less pretentious, and don't ever let us catch you using the word 'sequestered' in a Reg comment ever again.

  2. Rob Beard
    Linux

    As a Linux loving 'freetard' I'd laugh...

    ...but I know all too well that it could hapen to folks on Linux too. I guess the usual advice should be heeded, make sure you have security updates installed and run a decent anti-virus package (last Anti-Virus package I looked at on the Mac was McAfee Anti-Virus, or was it called Virex? Ahh can't remember, it's been such a long time).

    Rob

    1. Macka

      Wrong focus

      The first thing to note is that this isn't a virus it's a Trojan; and you're right, any OS can get infected with one of these. The real story here is not that someone's written a nasty Trojan, but its method of delivery. If Intego are to be believed then Softpedia, MacUpdate, and VersionTracker are inserting malware into downloads of otherwise sane and safe software. So either they've been hacked, or they have become hives of scum and villainy who will sell your systems down the river for a silver penny or three from a dodgy sponsor. THAT is the real story. Not that Intego want you to think about that, they just want you to get frightened into buying their product.

      1. ElReg!comments!Pierre
        Troll

        Focus

        Title: «wrong focus»

        First line: «The first thing to note is that this isn't a virus it's a Trojan»

        Wow. Bang on.

  3. blackworx
    Jobs Halo

    Let the Reg-bashing commence

    Why oh why oh why must the Reg continue to publish these rabidly anti-Apple stories? Not a day has gone by recently without you lot laying into Apple for one reason or another.

    As for the so-called "substance" of this story... Everyone knows that Apple users are inherently more intelligent than the Microsoft users^H^H^H^H^H bottom-feeders and therefore malware is simply a non-issue. I ask you - screensavers?! Ha! What self-respecting Mac user is going to be downloading *spit* screensavers?

    Do your research better next time Reg before you start spouting that anti-Apple vitriol, at least get a quote from Apple's PR department for BALANCE. Sheesh. Just cos you don't get invited to their parties doesn't mean you're allowed to go around spreading LIES.

    I hereby cancel my subscription.

    Yours disgustedly etc. etc.

    1. Nightkiller

      Please.

      The last place I would expect a BALANCED response if from the manufacturers' PR Department. Counterbalancing your rant about ElReg's bias cannot be countered with a rant from Apple.

      Your statement reeks of naivete or simple kneejerk defensiveness.

      1. Red Bren
        Happy

        @Nightkiller

        Psst, I don't think Blackworx is really an apple fanboi...

        Posted from my (currently uncompromised) macbook.

        1. blackworx
          Happy

          Lol

          Seems I disproved my own point about wintards being less reactionary/having a better sense of humour.

    2. Anonymous Coward
      Anonymous Coward

      Why?

      Because you get amusing comments like yours, of course!

    3. Anonymous Coward
      Linux

      Screensavers?

      > screensavers?! Ha! What self-respecting Mac user is going to be downloading *spit*

      > screensavers?

      Oh, I don't know. The very same group who bought After Dark when it was first released?

      1. Mike Flugennock

        Big difference...

        ...between paying actual money to an actual reputable developer for a product guaranteed to be free of skeezeware, and clicking on a strange download link promising me a REELY K3WL SCREENSAVER!!!!111!!111!!!

    4. sandman
      Happy

      Nice

      Good use of sarcasm - sadly a bit subtle for some commentards.

    5. Mike Flugennock
      Thumb Up

      Seriously, man...

      ...I honestly only remember a bare handful of times in my entire online life -- going back to when I hung out on local BBSs in the late '80s -- when I _downloaded_ a screen saver for my Mac; it was always from a known local board, and usually my local MUG board. Almost everything else I had was cheap, simple, elegant stuff that I _bought_ from known, reputable outfits,

      I sure as hell wasn't logging onto strange ftp sites and willy-nilly downloading every goddamn' screensaver posted there. Even waaaaayyy back then, I had the common sense to look the hell out for that shit.

  4. Anonymous Coward
    Welcome

    Let me be the first to say

    I, for one, welcome our new Virii-writing Mac overlords, and welcome them to the Walled Garden that is Apple.

    Because there's no Viruses on a Mac....

    1. Danington the Third
      Flame

      Virii

      it's viruses. Virii might be an STD, it ceertainly sounds like one.

      1. ElReg!comments!Pierre
        Flame

        Viruses

        It's virus. Viruses might be a STD, it certainly etc... but a virus-writing overlord is an overlord who writes viruses. A cigarette smoker smokes cigarettes, a truck driver drives trucks, a document processing system processes documents, etc.

        I for one welcome our $FUNNY_HAHA_PUN overlords.

  5. Trevor_Pott Gold badge
    Unhappy

    Anti-malware for OSX

    It exists. For the love of $deity, USE IT. (I am getting so sick of cleaning Macs...)

    Welcome to the big time boys; after years of slogging in obscurity, Microsoft ****ed the pooch and gave Mac an opening. Because Jobs is no one's fool he took advantage of this and the end result is that as a platform, Mac is finally relevant. Relevancy bears a cost; and that cost is being a valid target.

    For systems administrators, it is now that the really hard work begins; convincing all those Mac users that their nice period of obscurity is over, and it’s time to start learning some basic desktop security principals just like all the Windows users have to.

    If I get one more worm-ridden Mac in from some user who smugly states “that’s impossible; Macs don’t get viruses” I think I might just compress into a microsingularity and evaporate.

    1. Barry Lane 1

      @Trevor Pott

      If you get one more worm-ridden Mac? Is that what you tell your customers, that their Macs are riddled with malware? Sounds like you should simply point them towards the Disk Utility or Disk Warrior.

      Some of us Mac types who don't like passing on any nasty surprises they receive from their PC drone colleagues, have been using anti-virus software for years. We are not smug, we are not naive and we do not buy computers that have to be tinkered with endlessly to make them work properly.

      That is all.

      1. Trevor_Pott Gold badge

        @Barry Lane 1

        I know Mac users who actually run anti-malware apps on their Macs...strangely these are also the kind of people who never get any malware. They are too alert to do things like download some trojan and execute it.

        Most people whom I see with Macs use them because they don't have the first clue about computers, but someone told them, (with chest thumping confidence) that Macs simply can't get viruses, so they would /never/ have to worry.

        This translates into smugness and then incredulity when faced with the actual evidence of it.

        Personally, I'd prefer to never have to deal with the things at all, but...friends and family, eh? Not seen that many infected copies of Windows 7 lately though. The excptiong being some nasty strain of fake AV software that i think is related to the crud I've been seeing pop up on these Macs recently. It looks like the same crap, and seems to defy virtually every defence you can toss at it.

        Also; Macs don’t get “riddled with Malware.” Windows systems get “riddled with Malware.” When a Windows system get a virus there is a flashpoint about 0.3 seconds later as it downloads a bunch of friends, and your system suddenly has somewhere ein the neighbourhood of a thousand infected files and at least 15 variants of different terrible viruses.

        When a Mac gets a virus it’s a VERY different story. Current Trojans present themselves as something delicious to their users. They then execute this for whatever reason, and it barks at them for privilege elevation. Wanting to execute whatever it is that is in the package, the user agrees…and seconds later this doohicky has functionally rooted the Mac. It then goes on to download something very singular; a fake antivirus or an IRCbot.

        I find more Macs infected with IRC command and control nodes than anything else. Yes; Mac infections tend to require user interaction. Drive by downloads do happen on Macs, but they are ****ing RARE.

        Macs are *NOT* immune to malware; and they are gaining market share at a fast enough rate that they are starting to become huge targets for the kind of Malware Trojan scams that Windows users are inured against. Mac users tend to think it can’t happen to them and most of them simply can’t conceive of it…until it hits them.

        Ask me this time last year how many infected Macs I had seen, and I would have said one, maybe two in my entire career. Now I am seeing one every other week. There was a ceremony held a month back when I added, for the first time, a suite of Mac anti-malware tools and install CDs to my CD binder for the first time.

        This is moving out of the shadows and into the mainstream now.

        I hope you guys are ready for it.

        1. Mike Flugennock
          Thumb Up

          Thanks a ton...!

          This is probably THE best reply on this thread so far. I've been using MacOS almost exclusively since 1985, and when I saw the first Mac exploit appear in the wild around 1988 or '89, I knew that I should keep a current set of anti-malware tools for that very-rare occasion that I'd actually need them and f'cripesake, _don't_do_stupid_shit_.

          (Anybody here remember that old Ren&Stimpy episode, the one with Stimpy and the "History Eraser Button"? It was so shiny, so red, so candy-like, that poor old Stimpy just couldn't resist.)

      2. Dan 55 Silver badge
        FAIL

        @Barry Lane 1

        Neither Disk Utility nor Disk Warrior are antivirus programs.

        If you take an absence of warnings from these two programs as proof that you're not passing on nasty surprises, then you might be mistaken.

        1. Barry Lane 1

          @Barry Lane 1

          Hi Dan 55.

          I know they're not antivirus apps, but I do know that my Intego VirusBarrier is. I was simply suggesting that most people's problem with Macs stems from no one telling them where their copy of the Disk Utility is stored.

          I always have my trusty Disk Warrior with me, too, as an additional guarantee (for want of a better word) of Mac loveliness.

    2. Mike Flugennock

      THANK you SO much, man...

      I've been a Mac fan since The Beginning, but since 1989ish, I've not been so foolish as to think that the whole "security through obscurity" thing was a smart way to go.

      Remember, fellow Mac freaks: LittleSnitch is your friend.

  6. Blain Hamon
    Boffin

    Random letters and numbers

    As of this posting, the malware is no longer listed on either Version Tracker or Softpedia, but is still on MacUpdate. What's more, apple.com/downloads itself has two 7art screensavers (I sent feedback to Apple pointing this out).

    This hasn't been the first Mac malware, but it may be the first in a long while to successfully be indirectly distributed by reputable names. What happens next will be very interesting, in terms of security on the Mac.

  7. J 3
    Pirate

    Why did it take so long?

    Well, probably it didn't really, who knows.

    But I don't buy this "small target" logic. Macs have been around forever and they are NOT, and have never been, in negligible numbers. Among some demographics Macs is nearly all that had been used for a couple of decades.

    For worms, it makes more sense that a small installed base is a problem. For trojan horse, not so much, I suspect. After all, you go looking for a Mac version of a program, right? The audience comes to you, not the other way around like in a worm. And of course trojan horses don't depend on the (in)security of the platform, since the user is actively (if inadvertently) installing it. That's why I don't understand why there aren't news of much more trojans for Mac.

    So yeah, even if it is a much smaller target than Windows running machines, it is still a lot of Mac machines. And belonging to people more likely wealthier than average -- given the cost of the Mac ecosystem in general compared with the stripped down cheap PCs most people buy.

    That's why I don't buy this excuse.

    1. DryBones
      Coffee/keyboard

      Re: Small Target

      Here, give this link a whirl.

      http://gs.statcounter.com/#os-ww-monthly-200905-201006-bar

      I'm estimating, but it appears that MacOS makes up around 6% of all operating systems in use. That's a little more than 1 in 20 computers is a Mac. Call all the others besides Windows including Mac... oh, 9% perhaps. I don't know about you, but I wouldn't write to reach 10% of the available market, if I want to make money. Hint 1: Criminals want to make a lot, fast and easy. Hint 2: Even if Mac folks are considered wealthier, the credit cards that are targeted generally have a lot more limit on them than the average Joe has disposeable income. Hint 3: Why expand to Mac when they're still working on getting market penetration on the Windows machines that make up the majority?

      Mobile things look a bit better...

      http://gs.statcounter.com/#mobile_os-ww-monthly-200905-201006-bar

      32% for the iPhoneOS, which doesn't multitask that well and has things compartmentalized, plus there's the advantage of centralized acquisition and removal to allow fast and global response to poisoned applications, thereby limiting infections to a matter of hours unless a way for the app to cripple the OS's app revocation/removal can be found. Thus popularity is offset by the short life of the exploit. Again, decreased motivation to put in the time to make it work.

  8. Anonymous Coward
    Unhappy

    What a day!

    At last we have our very own malware. I feel so proud that the platform has reached enough people to make it worthwhile for the scumbags to make it a viable target!

    Seriously though, when are Apple going to stop this cods-wallop that OSX is inherently secure? Mac users are brought up to believe that the platform is safe and they can go about their business in blissful ignorance of the nasties that lurk out there.

    I came from DOS, through Windows to Mac, I have had my share of nasties over the years and so I am very careful about what I run and how, but the biggest security threat will come from those brainwashed by Jobs' PR army to make them believe they cannot be harmed.

    It was a great platform once, but now as the popularity grows and we leave Jobs' Garden of Eden, it will only spur Jobs to turn the OSX platform into something locked down like the iPhone/iPad. We will have no control over what we can and cannot run without having first bought our apps from the online app store.

    It's coming, mark my words...

  9. Matthew 17

    it's in warez though

    If you download warez, hit the install button and enter your root password to install it then you are taking a gamble that the software hasn't been altered.

    Not really a security issue if the user deliberately bypasses it.

    1. Anonymous Coward
      Boffin

      Thing is

      This isn't warez. It's distributed on what's purported to be freeware that does something useful.

  10. ratfox
    Go

    Better jump to Linux, then

    It's going to be a while before anybody deems it interesting enough to hack...

    Then FreeBSD, then... BeOS?

    1. Anonymous Coward
      Anonymous Coward

      You're right

      Linux is not an interesting target for pirates. After all, it only runs, what, a mere 75% of the web-accessible servers on the planet? Most routers too. Definitely of no interest whatsoever.

  11. windywoo
    Troll

    But it's not a virus

    So Mac users must be safe. Because OSX is inherently safer than Windows, always.

  12. Anonymous Coward
    Linux

    How to get `infected' on a Mac

    The user accesses compromised sites, downloads and installs malware using the admin or root password.

  13. twunt

    Not Warez

    Matthew - unfortunately those are legitimate download sites.

    I expect the rogue downloads will be removed pretty soon though, if not already.

  14. Anonymous Coward
    Anonymous Coward

    How come...

    ...that Apple users are perceived as the wealthier end of the market (and have to be to afford Macs) and thus their bank accounts would be fatter, are there not a whole lot more accounts of Mac trojans stealing bank account details?

    And seeing as how so many musicians and artists also use Macs, how come there are not lots of stories of Macs being hacked and the contents copied?

  15. SlabMan

    Summary of the comments

    If history is any guide, the comments will follow this pattern:

    Ha-ha fanbois, the Mac is not secure.

    Ha-ha Mac-haters, yes it is.

    No it isn't.

    Yes it is.

    Etc...

  16. Franklin
    Alert

    Fascinating

    Outside of religion and politics, it's hard to imagine any subject that people get more emotionally upset about. You'd think that people's self-worth was staked out on the issue of what computer they use. It's weird, and more than a little sad.

    On the topic of Apple malware: Of course it exists. It has existed for a very long time. Both the Apple fanbois and the neurotic haterz are partly right; OS X is inherently more secure, and a harder malware target, than Windows, and it's also a less appetizing target in terms of sheer numbers.

    This malware, like other Mac malware, is exploiting the largest security hole in any operating system: the user's brain. As with other malware, it is ineffective and can not spread unless it is intentionally downloaded and intentionally installed with an administration password.

    That is not a reflection on the security of the operating system, or lack thereof; if I can persuade a person to intentionally download a bit of software and intentionally give that bit of software administration privileges, I will pwn the box no matter what it's running. Linux, Windows, Solaris, BSD, makes no difference. The neurotic haterz who clamor "See! See! See! This is proof that OS X is exactly as insecure as Windows! See! See! See!" are just flat-out wrong.

    And, yes, there are fewer OS X installs than Windows installs, so if a vulnerability appears in either OS X or Windows and would take roughly the same amount of effort to exploit on either platform, most malware writers who are in it for the money are going to go for the fatter target. This isn't rocket science, and the fanbois who say market share is totally irrelevant are as deluded as the neurotic haterz who claim there's no difference at all in the security profile of Windows and OS X.

  17. ArmanX
    Alert

    Re: How come...

    Simple; even if your Mac users are wealthy, I doubt they will be ten times wealthier than Windows users. Since there are roughly ten times more Windows users than Mac users, you'll get ten times as many suckers than with Mac, which means ten times the cash flow.

    Besides, it's not the amount of money in the bank that marks a target. Most malware either spreads spam or joins a zombie net, rather than stealing info. And those that do steal info probably won't empty your bank account, but rather hijack your identity and run up a bunch of credit cards...

  18. FARfetched
    Unhappy

    Hm…

    Interesting how it's one particular vendor of OSX anti-virus software that's behind these breathless announcements. A few more details would be nice, besides "INSTALL OUR PRODUCT BEFORE IT'S TOO LATE!!!!"

    Ah, a quick Google turns up some more practical information: http://osxdaily.com/2010/06/01/spyware-on-the-mac/

    With slightly more effort, I found a couple links to 7fart [sic] screensavers which claim, "You can also easily uninstall PremierOpinion later from Application/ PremierOpinion folder." Would I trust such a statement? Heh.

  19. Phil Rigby
    WTF?

    Just how many are there?

    Doesn't matter how easily a Mac can be owned. Compare the number of malware packages/virii on Windows to the amount on OS X. The ratio would be, ooh, maybe 500:1 or so in favor of Windows?

    Of course there's going to be nasty code around - but there's a damn sight less than with the popular OS of choice.

  20. Far Canals
    Happy

    Of course

    Everyone knows that apples get worms. It's worse when you only find half a worm though.

Page:

This topic is closed for new posts.

Other stories you might like