Mac users getting duped into installing new OS X malware

[Steve]

I was watching the Security Now podcast earlier and they were talking about Mac Defender, a new malware app targeting OS X users. Similar apps have existed for Windows for a while - You visit a website and suddenly a fake virus scan takes place which of course says your computer is infected and then you're prompted to download and install a piece of software to clean it up. The software operates in trial mode and asks you for your credit/debit card details in order to unlock the full mode, allowing you to clean up the (fake) infections that it found. Mac Defender is one of a few variants doing the rounds for OS X. If you choose to install the malware and you're foolish enough to enter your payment details to unlock the full program to remove the fake infections, it'll tell you that it couldn't authorise your payment. Some people have then tried a different card, only to get the same message, and so on until they've gone through all of their credit/debit cards, with their payment details being sent to the creators of the malware each time.

 

Screenshot: -

 

 

The reason Mac users are getting duped in comparatively large numbers is simply because they're not used to this sort of thing. Some people think that Macs cannot be affected by any type of malware, so they have no reason to believe that this app isn't legit and they install it, while Windows users have been beaten over the head by this sort of shite for years, so they're more likely to be clued up or running anti-virus software that will detect the malware.

 

Security researchers have also discovered a malware toolkit called "Weyland-Yutani Bot" doing the rounds which allows criminals to create malware for OS X. It's been on sale on underground hacker forums for a couple of weeks. One of the things it can do is inject code into legitimate web pages when people are using Chrome or Firefox, so you may visit your bank's online banking log in page and the malware will add extra fields to the page to get you to type in more information than you usually would when you log in, which then gets sent to the malware authors. Because you're on your bank's actual home page and not some fake page designed to look like the bank's page, you're more likely to get duped.

 

Of course, this sort of malware relies on social engineering. On both Windows and OS X, you have to choose to install it yourself, either through being scared into installing it, or by downloading software from an untrusted source. If you're running Windows Vista or 7, this is one of the reasons why I say not to turn User Account Control off as UAC will warn you if a piece of software is trying to make changes to your system or install other software, so then you have to choose whether you want to allow it, much like you do with OS X. Disabling UAC removes a layer of extra security that Vista/7 provide compared to older versions of Windows.

 

A good rule of thumb for users of any OS regarding software is this: -

 

1. Only download software from trusted sources and keep it up to date.

2. If you have software installed that you never use, uninstall it.

3. If you're browsing the web and you're prompted to install software that you weren't actively seeking out and aren't 100% sure is safe, never install it.

[doppelkorn]

The reason Mac users are getting duped in comparatively large numbers is simply because they're mentally deficient.

 

Regardless of whether you're used to it or not, if something pops up without you asking it to and asks for your card details, alarm bells should start ringing surely?

[Steve]

The reason Mac users are getting duped in comparatively large numbers is simply because they're mentally deficient.

 

Regardless of whether you're used to it or not, if something pops up without you asking it to and asks for your card details, alarm bells should start ringing surely?

It would set off alarm bells for many people, but the fake virus scan would be enough to convince some people to install the software, which is initially free. Once you install Mac Defender or one of its clones, it'll tell you that your Mac is infected and you get porn site pop ups every so often, which again would scare some people into believing that their computer really is infected by something other than the software that they've just chosen to install, so they end up entering in their card details.

[Deft]

You have to remember that to most people computers are still fairly magical things. There will always be people who fall for tricks, whether it is by mail, phone, pc or a knock at the door.

[kage]

Hopefully this will take some mac fanboys off their pedestal and end their ridiculous "mac's don't get viruses" claim.

[Steve]

You have to remember that to most people computers are still fairly magical things. There will always be people who fall for tricks, whether it is by mail, phone, pc or a knock at the door.

Yeah, very true mate. A little bit of education would stop most of this junk from spreading across the web. When I bought my dad a laptop, I said to him "if a box ever pops up asking you to say yes/no to something or install something and you don't know what it is, just say no" and he's been absolutely fine. In fact, it's probably made him a bit too wary, as he refuses updates for things like Opera and Flash, lol, so I update all of his software for him once a month or so, but it's better to be over-cautious than over-trusting in this case I guess.