I won’t lie, before I got into threat research, I ended up with this on my Mac…Ģ008 – Hovdy tried to install itself to /Library/Caches.
When the infected user tried to remove the “infections”, MacSweeper asked to provide credit card details and pay $39.99 for a “lifetime subscription serial key.” The malware exploits a vulnerability with the Apple Remote Desktop Agent, which allows it to run as root.Ģ008 – MacSweeper, Mac’s first ‘rogue’ application (a fake antivirus misleading users by reporting infections that doesn’t exists). It originally spread as a video codec that was downloaded from various porn websites.Ģ008 – AppleScript.THT tries to disable security software, steal user’s passwords, turn on file sharing, take screenshots of the desktop, and take a photo of the user via the built-in camera. It spreads itself by dropping script files that affect the behavior of popular IRC (Internet Relay Chat) programs, causing it to send the worm to other users.Ģ008 – RSPlug is a Trojan that changed DNS to send users to malicious servers. They removed the statement from its website after being up for about two weeks.Ģ008 – BadBunny is a multi-platform worm written in several scripting languages and distributed as an OpenOffice document containing a macro.
The worm propagated through a vulnerability in unpatched OSX systems.Ģ008 was a big year for Mac malware… Apple published an advisory to use antivirus software. When executed, it infected all Cocoa applications.Ģ006 – Inqtana was the second worm for Mac OSX. Inside the Gzipped Tar File (.tgz) was an executable file masked as a JPEG. Leap used iChat to spread itself forwarding itself as a latestpics.tgz file to the contacts on the machine. (So what is your iTunes playing now?)” It then loads itself into iTunes as an MP3 file called “Wild Laugh”, playing four seconds laughter.Ģ006 – Leap is widely considered to be the original Mac Trojan. When launched it displays a dialog box which reads “Yep, this is an application. It had the ability to disable a system firewall, and it would try to copy itself to /System/Library/StartupItems.Ģ004– Amphimix a program which is also a MP3 file. Also the time frame where threats are created that can still affect systems in use today.Ģ004 – Renepo was found. In 1998 Both AutoStart 9805 and Sevendust were discovered.Ģ004-Present – This brings us into the modern operating system we all know and love OS X. In 1996 Laroux, the first Excel macro virus was found but didn’t actually do anything to Macs until Excel ’98 was released.
In 1995 Microsoft released a virus that would infect both PC and Mac users via Microsoft Word called Concept. MDef infected application and system files on the Mac.
HyperCard was software created by Apple to execute scripts immediately on opening. In 1988 HyperCard viruses started to gain traction.
In 1987 nVIR virus began to infect Macintosh computers. There were a few different malware families that came out but being as they are using an operating system that is not really used I won’t go into great detail.
In 2012 Apple removed the statements “It doesn’t get PC viruses” and “A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers.” I would like to shed light on the malware from beginning to now in hopes that it will bring an understanding of why security is needed on all operating systems, including your Mac.ġ982 – The first threat that occurred was the Elk Cloner (this however did not actually affect the Mac) which would cause the Apple II to boot up with a poem:Įlk Cloner: The program with a personality The fact is that malware for Mac is real and it continues to grow as a problem. The subject that fan boys of each side love to argue about.