A mountain range of viruses and other malware looms over Microsoft’s Windows operating system. Given the sheer volume, it should come as no surprise that plenty of Windows malware is making its way onto Macs, and even the App Store. Meanwhile, malware designed for Apple's platform is on the rise.
Windows Malware Is Everywhere . . .
Out of curiosity and a little bit of fear, I scanned an iMac desktop this week to determine if any of the recent instances of Mac malware were on the computer. There have been several instances in the last year or so of prevalent Mac OS X malware. As a technologist who often visits shadier parts of the Internet looking for stories, I feared that the computer may have become infected.
Fortunately, the iMac was free of any of the known varieties of Mac malware. But a security scan did turn up something interesting. It discovered Mal/Bredo-Q, a virus that affects only Windows computers. Naturally, I freaked out a little bit. As a Mac user, I was (a) not accustomed to running antivirus software and (b) under the impression that the program wouldn't find anything if I did. So what was Mal/Bredo-Q doing on my iMac?
I tracked the virus to an email from ReadWriteWeb’s “tips” account about a DHL package delivery. The malware was stored in the computer under the library on my hard drive as an executable file. The problem for Mal/Bredo-Q is that no application in Mac OS X can execute the file, which renders it ineffective.
Finding instances of Windows malware on Macs is apparently a lot more common than I thought. According to Graham Cluley, a researcher with the digital security firm Sophos, one in five Macs contains some type of Windows malware. That is in comparison to one in 36 of Apple computers (2.7%) that carry Mac OS X malware.
“Windows malware is still much more common - but it doesn't mean that Mac-specific malware is nonexistent,” Cluley said. “If you exchange files with Windows users, or run Windows in a partition or via emulation, then it could cause an infection.”
According to Sophos research from April 2012, Mal/Bredo was the most common Windows malware found on Mac computers.
Windows malware on Macs is not a problem for Apple, per se. But it could pose problems to networks that include both Windows and Macs. Computers running Mac OS X that are infected with Windows malware could spread the virus to other computers on the network without the Mac user even being aware that they are the culprit.
“Although most of the malware we see on Macs is Windows-based (often picked up in email attachments), there is still a fair amount of Mac malware out there," Cluley said. "Most of the Mac stuff we are seeing is still fake anti-virus software, fake codecs and so forth which use social engineering tricks to fool users into making bad decisions.”
There have even been instances of Windows malware found in Apple’s iOS App Store. News reports surfaced this week that Windows malware was found in an app called Instaquotes – Quotes Cards For Instagram. The malware is no threat to iPhones or iPads and could only be harmful if it were manually extracted from the app into a Windows computer. Apple removed the app from the App Store. But the point stands: Windows malware is so prevalent that it has started seeping into places where it has no reason to go.
. . . Even as Mac Malware Proliferates
For years, Mac users felt safe in notion that their computers were impervious to malware. That was never true. Macs are vulnerable to malware, but the malicious hackers of the world had not created much of it compared to the hordes of viruses that attack Windows computers. In the past year, more malware has started to appear specifically for Macs including a new strain dubbed Morcut, according to Sophos.
Morcut (also known as Crisis) is spyware along the line of the recently discovered Flame and Mahdi strains of malware. It can spy on users through video and audio capture, key logging, screenshots and variety of other functions. It can, theoretically, be delivered to Macs as a Java Archive (JAR) .class file known as WebEnhancer, although Sophos has not seen an instance of this spyware in the wild.
Morcut/Crisis is especially disconcerting beacause it was engineered to be cross-platform. It can distinguish a Windows from a Mac OS X machine and deliver the proper payload. It is based on Java and runs inside a computer's Java Virtual Machine (JVM).
This follows the fake security software malware known as Flashback, discovered earlier this year, that infected hundreds of thousands of Mac computers.
“The Flashback botnet - which infected 600,000 Macs earlier this year, including 274 in Cupertino - must have really put Macs on the radar of malware authors," Cluley said. "The potential is there to infect lots of computers and exploit them for financial ends. Plus, most Mac users are still not running any anti-virus software - which makes them an easy soft target.”
The lesson is that Apple’s platform is increasingly a target of malicious hackers. The best protection is to be proactive, no matter what operating system you're using, be it mobile or desktop. Do not open suspicious emails or visit shady websites, and run reputable security software. It is not Apple’s job to protect users’ computers. Apple can be proactive about security updates, but it is up to the users to protect themselves.