More Malware Attacks Seeking Macs

By Matthew Hines  |  Posted 2009-03-30 Print this article Print

Security researchers continue to unearth new threats aimed at users of Apple's Mac OS, illustrating how attackers will always move where the money is and have thus increased their focus on Apple users as the company's market share climbs.

The latest round of Mac attacks discovered by researchers also follows a similar pattern of many Windows campaigns in targeting users of pirated software programs.

While threats aimed at Apples remain few and far between compared to the veritable avalanche of attacks that constantly swarm the more widely used Windows OS, researchers have been predicting that Mac-focused campaigns would begin appearing more frequently as end users, particularly those with some disposable income to spend, have flocked to buy the company's sleek devices in recent years.

And while the activity still represents a tiny fraction of the overall malware epidemic, the Apple attack vector does seem to be drawing greater interest, and professionalism, experts have observed.

Over the last week, another sign of Mac malware evolution has again asserted itself, as a variant of a well-known Trojan virus designed to run on Apple machines was discovered first by researchers at security specialists Intego.

The appearance of greater numbers of variants for Apple attacks alone is evidence that malware authors are taking more time to create and re-work their threats in an attempt to make real money, researchers noted, as hackers are no longer merely trying to prove test-of-concept code on Apple users, but instead earn a living.

And even further, the newest attack, a variant of the RSPLUG Trojan, is being hosted on sites that link to pirated keygens, cracks, and serial numbers for Mac applications, experts with AV giant Trend Micro said. Like earlier iterations of the Trojan, the new attack also causes an affected system to redirect to a malicious URL by modifying the system's network settings, Trend reported.

The researchers said that the RSPLUG campaign shows how the Mac attackers are gradually following a time-honored pattern utilized by Windows assailants, both in launching new variants to avoid detection and in using social engineering to lure in users seeking to get their hands on unlicensed software.

"Worthy of note is its similarity to last month's Mac Trojan, detected as OSX_KROWI.A, that piggybacked on pirated versions of Apple iWorks 2009 and Adobe Photoshop for Mac. Both incidents appear to ride on the ease-of-use and predictability of software installation on Macs - an apparently successful social engineering ruse," Trend researchers wrote in a blog post. "Perpetrators of these malware continue to circumvent stumbling blocks in directly infecting Macs by tapping into the weakness and gullibility of users downloading and installing pirated software."

So, at the end of the day, the likelihood of getting infected with malware will increasingly come down to the types of things you try to do online, as much as depend on the type of computer that you use to access the Web, and hinge less on using an Apple than on using your head.

But, really, that shouldn't be too surprising.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel