Human Rights Groups Report that Mac Malware Continues to Rise

For many years Mac computers have been thought to be immune from malware threats, but as of late they have received surges in highly targeted malware attacks according to a unidentified human rights group.

Security researcher Seth Hardly, while attending the SecTor conference in Toronto last week, explained that a significant increase in new variants of targeted Mac malware was reported to a human rights organization that he and his University of Toronto's Citizen Lab research center plan to aid.

It is obvious that the Mac computer has a growing presence not only among individuals, but for many organizations. Hardy even iterates that if attackers want to target certain organizations they must seek a wider range of tools to attack Mac systems.

As evidence of an emergence of Mac malware on the market, we previously reported of instances of Mac-targeted malware just a couple months ago and earlier highlighted a warning for Mac OS X users about a Flashback Trojan. As Mac malware becomes a growing threat, there are several specific threats that are on the radar screen of security researchers.

In Hardy's findings of particular Mac-targeted threats, he uncovers 5 Mac malware samples in recent talks at the SecTor security conference. These Mac threats, some of which we have covered in previous news posts, could very well be an underlying precursor for future Mac malware threats.

The list of 5 targeted Mac malware samples Hardy revealed to his constituents is as follows (sourced from Forbes.com):

• Revir/IMuler: Citizen Lab first spotted Revir in May of 2011, but it's reappeared in infections throughout 2012, carried in spoofed emails with content crafted to appeal to specific recipients. The malware is capable of stealing files or sending screenshots of the target machine to a remote server. According to the antivirus firm F-Secure, the latest versions of Revier are also capable of evading detection by shutting off when it sees analysis tools running.
• Sabpab: Also known as Sabpub, Olyx, Lamadai, Lasyr, and other names, Sabpab was initially delivered using a vulnerability in Java to infect target machines. Like Revir/IMuler, it's capable of sending files or screenshots to its controllers, and Hardy says it's still being used in ongoing attacks.
• Maccontrol: The program, first spotted by antivirus firms Alienvault and Trend Micro, is often delivered in a .zip file and is capable of taking full control of an infected machine. Citizen Lab traced its command-and-control servers to match them with a Windows-based attack on the same group.
• Davinci: Also known as Morcut and Crisis, Davinci is a piece of commercially available spyware built by the Italian security firm Hacking Team. Despite Hacking Team's claims that it's only been used by law enforcement, it's also been found targeting Moroccan journalists.
• Netweird: A low grade commercially-sold spyware targeting Macs that was first discovered by the antivirus firm Intego when it was uploaded for testing to Virustotal, an antivirus firm. Hardy says that despite seeing advertisements for the program in hacking forums, it hasn't yet been seen on real-world networks.

Over time, many computer experts and IT managers have advised organizations to switch to Mac computers as a security precaution. Today, the notion of Mac computers being more secure or immune to malware infections is being questioned, particularly due to findings revealed by Citizen Lab's Hardy. Although the 5 examples of Mac malware listed above is just a small portion of the thousands of variants uncovered by researchers from various antivirus and security firms on almost a daily basis, it remains evident how capable attackers are when it comes to compromising Macs now days.

Among a long list of researchers, Hardy is one of the few that believes Mac-focused malware is starting to grow due to sophistication and the lack of precautions taken by Mac users. You must think about it, when was the last time you saw or heard of a Mac user running an antivirus or antimalware application?

The harsh reality of Mac computers being vulnerable to malware attacks is started to set in. Likewise, Apple itself quietly admitted that its systems are being increasingly targeted by malware, just after they deleted a premature claim basically claiming that Macs "don't get PC viruses".

When asked if Mac users are no longer safe, Hardy explained that Mac users were never safe, the just weren't as vulnerable as Windows users. One could conclude with that very declaration, so they may be motivated to take the necessary precautions to protect their Mac computer from targeted malware, because the threat is very real.