Is MacDefender malware a sign of the Macpocalypse?

The Mac facade of security by obscurity has been shattered, but users need to understand that there is a new malware era

There is a new world order. MacDefender, and subsequently MacGuard, demonstrate that the inherent security by obscurity of the Mac is fading, and that attackers are looking at the bigger picture.

The security mantra of Mac users revolves around the fact that it's not Windows. Look at the comment thread of almost any post online about a new vulnerability, or new malware attack impacting Windows, and inevitably you will find a Mac user gloating about how they don't have to deal with those issues.

While that is true, it is misguided to believe that the reason stems from Mac OS X just being too secure for attackers to breach. Not being the preferred target is nowhere near the same as being impervious. Just because Cadillac Escalades or Chevy Silverado pickups are stolen more than the Ferrari 458 Italia doesn't mean the Ferrari 458 Italia can't be stolen. It means that there are way more Cadillac Escalades and Chevy Silverados in the world.

Should Mac users feel violated? Well, yes and no. It is sort of like someone who walks around all day oblivious of the fact that his zipper is down. He may feel embarrassed when someone finally points it out, but it doesn't change the fact that it was already like that all day. Nothing really changed. That is Mac OS X security in a nutshell, and MacDefender just let Mac users know their zipper is down.

But, that doesn't mean the Macpocalypse has arrived and that malware will run rampant on the Mac. It won't. There are essentially two lessons to learn here about the new world order and the future of malware.

First, Mac OS X is on the radar. It has gained enough traction, and enough market share to catch the attention of attackers. The fact that many Mac users are more naive and gullible by virtue of the perception of Mac security also makes them that much easier prey for certain attacks -- which bring us to lesson two..

The second lesson is not Mac specific. Yes, MacDefender and MacGuard illustrate that the Mac is not impervious, and that attackers are aware that the platform exists. But, the evolution of malware threats isn't about moving on from Windows to Mac, its about moving on from OS or application specific exploits to attacks that prey on the user directly through social engineering. Craig Schmugar, a security threat researcher with McAfee Labs, notes in a blog post, "Mac users should understand that millions of Windows threats exploit the user, rather than the operating system. Attackers target the curiosity of the person at the helm of the mouse, who's just a couple clicks away from watching that video, seeing a photo, or obtaining the system protection they've been "promised."

Rodrigo Branco, Director of Vulnerability & Malware Research at Qualys, explains that the security model on Mac OS X is much better than on Windows, but that there Apple still has to allow ways for third-party software to interact with core Mac OS X functionality, and those ways can also be exploited by malware to damage the system.

Dan Clark, VP at ESET, offered up this wisdom. "On the internet, the first line of defense is education, as an informed user can easily spot social engineering, and for them, technology is a safety net. An uninformed user, on the other hand, relies solely on technology, so they are simply more vulnerable."

There are differences in the core functionality and security controls of the different operating systems that make it more difficult to execute some attacks on one platform vs. another. But, a user is a user is a user, and if you can lure the user into clicking on links, opening file attachments, and surrendering sensitive information on spoofed Web sites, it really doesn't matter which OS they started from.

The sky is not falling. The Macpocalypse has not arrived. But, profit motive is platform agnostic and users need to be aware, and exercise caution regardless of which operating system they choose.

Join the CSO newsletter!

Error: Please check your email address.

Tags spamantispamvirusessecuritytrojan horsessoftwareoperating systemsphishingmalwareAppleMac OS

More about AppleInc.McAfee AustraliaQualys

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place