Latest Mac malware adds to 'troubling trend,' says security expert

Latest Mac malware adds to 'troubling trend,' says security expert

Summary: Apple has updated its XProtect definitions after a new malware variant appeared, targeting Russian social network users. One security expert says the increase in OS X-specific malware is "troubling." However, the increase in Mac malware should not be overblown.

A fake OS X installer that asks for a cell phone number. Image credit: Dr. Web

Earlier this week, Apple updated XProtect, the built-in OS X anti-malware service, with new definitions to help combat a new Trojan designed for the Mac operating system, dubbed Trojan.SMSSend.3666

While already in wide circulation of Windows users, the Trojan made its debut on OS X machines in this new malware strain. Trojan.SMSSend.3666 is a fake installer application that claims to play music across Russian social network, which can be downloaded from a variety of sources, and attempts to deceive the user into entering a cell number to activate the software. In doing so, it subscribes the cell user to a chargeable subscription service that debits mobile phone accounts regularly.

Apple updated XProtect in a two-day turnaround, despite the low threat posed by the malware. Numerous other Mac-focused third-party anti-virus services were updated within 24 hours. 

In the past year alone, Apple has combated a number of malware attacks to its OS X operating system. Flashback resulted in more than 600,000 Apple machines being infected earlier this year. And, while the increase in OS X malware shows a "troubling trend," according to one Mac expert, most Mac users should not panic, but also not remain complacent.

Security and Mac expert Thomas Reed said that Russian malware writers were likely behind the Trojan and are "aiming at a target that they are familiar with." 

While Flashback was a problem for Mac users worldwide, an increasing amount of Mac-related malware is focused on users outside the U.S, according to Reed. "Many have been aimed specifically at Tibetan human rights groups and the Dalai Lama."

But above all else, the overall Mac malware threat should be not be underestimated for the future, but not be overestimated for the present. The latest Trojan.SMSSend malware is, "not really a big deal, but it adds to a troubling trend," Reed told ZDNet.

"By my current count, including SMSSend, there are now 35 different malware families that have ever affected OS X. Most of those are strung out over the history of OS X, but ten [around 28 percent] of all those malware families appeared this year alone." He added this rises to 11 out of 36 -- or just over 30 percent -- if you count the 2011 and 2012 variants of Flashback as different.

"Macs have become a larger target for malware writers, due to their newfound popularity." 

Reed said that over the past year, "Macs have become a larger target for malware writers, due to their newfound popularity." But, he warned that the increased threat should be taken with a pinch of salt and not be blown out of proportion.

In the fourth quarter alone, Apple said during its earnings that it had sold 4.9 million Macs during the three month period ending in September, an increase of 1 percent on the same quarter a year ago. Apple also shipped more Macs than any other machines sold by individual PC manufacturer during the same quarter, the firm said.

According to Net Applications, Apple has a Mac market share of 7.3 percent as of November, an increase of more than 1 percentage point during the same month a year ago.

As Reed notes, ten new strains of Mac malware per year is still quite low relative to the Windows world. The bigger threat is social engineering, which is harder to block with technology. Reed said: "...obviously there will always be users who can be tricked into doing something they shouldn't."

Topics: Malware, Apple, Security, Smartphones

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • 70k malware created per day on Windows

    VS 10 per year for OSX puts everything in good perspective.
    • So what you're saying is that since there's malware on Windows

      that's its 100% OK for people to have to deal with malware on OS X.

      Just wanted to clarify your statement, put everything in perspective,
      William Farrel
      • I think he's actually pointing out the double standard

        in coverage. It makes sense, though. Virii on OS X falls into the category of Man bites Dog type stories.
        • Hold on...

          Let's be careful with the words we use. There are NO viruses for Mac OSX. This is Malware...VERY different!
          • If you have to engage in pedantry then...

  've already lost. While they are two different things for purposes of these discussions viruses is a synonym for malware.
          • only to uneducated ppl and geek squad.

            Viruses have the ability to replicate with infection. Malware does not this topic has been discussed prev months ago. Viruses is included in the term malware. But malware isnt included in the term virus.
            Anthony E
          • The two are used interchangably.

            This has been explained to you and others countless times. The technical distinction is almost never important in these kinds of discussions. The only people who care are Mac users who are desperate to continue their claim Macs don't have viruses. While the merits of that statement are debatable it's of no consequence to those who's bank acconts have been emptied.
          • Interesting Question

            If Macs truly are virus free, maybe the interesting question is why, after all these years, Windows is still susceptible to virus attacks. Are they just really slow learners up in Redmond?
          • Interesting question!

            "Are they just really slow learners up in Redmond?"

            Well, Ballmer certainly seems to be! He stays, while the smart ones get the boot...

            Either that, or the Microsofties still think that they rule the earth by merit, and that people simply *should* buy Windows, regardless of the security holes.
          • Is it???

            Please provide a link to proof that windows 7 Machines with all patches applied are susceptible to virus...

            All I have heard of the latest 5+ years are about trojans. Viruses are nonexistent on modern Windows versions that are patched. Am I wrong?
          • Huh?

            According to any security expert a virus is not the same as malware. They are different by definition.
          • Virus is a class of malware.

            However it's not uncommon for people to use "virus" when they really mean "malware". The word virus has become synonymous with malware. Like it or not. Therefore anyone who feels the need to make the distinction where it isn't warranted, like it is in most cases, is engaging in pedantry.
          • Again by uneducated people and geek squad.

            So if i take winantivirus 2012 and i call it a virus.. That would be incorrect. When it's a program that is set to run by the system.. you remove the startup reg key and the program no longer executes.

            A virus attached to other files and spreads to other files.. It don't need a startup registry key because its attached itself to the system files.

            Whats next tracking cookies will be called viruses because it allows websites to monitor your online access like a rootkit?
            Anthony E
          • Wha...what?

            'If you have to engage in pedantry then...

  've already lost. While they are two different things for purposes of these discussions viruses is a synonym for malware.'

            This is like an echo from some zombie existence in PEBKAC hell. I equate say malicious code injection you have no knowledge of let alone control a phishing scam or an invitation to download a video of aliens singing a Christmas carol which turns out to be a key logger?
            Just wow.
          • Err...

            How do you work that out?

            Keeping your Anti-Virus current and patched helps against viruses.

            Engaging your brain helps against social engineering malware.

            So having a clear understanding of what malware is, and how you combat different types seems a prerequisite. What you're attempting to do is put the current situation on the Mac into a category it doesn't belong. Next you'll suggest installing Anti-Virus software will make you safe. But if you follow that advice then you are deluding yourself - social engineering attacks are not mitigated by Anti-Virus software. So actually you DO need to understand that this isn't a virus, and as such, Anti-Virus software isn't made more necessary, but increased vigilance IS.

            This is also increasingly true on Windows, fewer and fewer threats are of the traditional "virus" type, more and more rely on tricking the user. The reason is clear, the security situation for software is getting better and better, but users are not keeping pace with the evolving threat - relying too much on Anti-Virus technology, and not enough on being sceptical.

            In short, you couldn't be more wrong. The security situation on every platform increasingly sees the user as the "weak link". Petty platform points scoring helps nobody.
          • A virus is one form of malware

            It's really sleazy marketing on Apple's part.

            Especially "PC viruses" or "PC malware", which I've also seen.

            For Apple or its blind followers to try to differentiate just wastes time, trivializes the issue, and defends ludicrous claims. No platform is secure, no matter how hard they pretend, so why do they continue to do so - especially when malware reports are increasing, despite the attempt to trivialize by saying "10 per year".

            All I know is, I know who I would never hire for an IT security-related position...
          • Yes, but thats not misleading

            Windows can't become infected from the osx malware thats around.. except for the rare cross platorm trojans.

            There are rootkits, trojans that exist for every platform. Windows, linux , osx have trojans & rootkits..

            There are viruses for mac , linux, & windows.
            The amount of infections for the osx & linux are low, really really low.

            But calling one type of infection by another name is misleading.. Thats like saying a network worm is a virus, when its in the classification of a worm.
            Any antivirus will let you know the difference.. by Win32. /Trj, /Wrm, Virus.
            Anthony E
    • It is a big deal

      The more Apple grows in the desktop area the bigger of a target it will become. Apple OS X is not really a worthy of target to hackers because there is only a few million compared to Microsoft. So it might be 10 per year that they know of now and the more they grow the more problems they will have. Just like any other OS the more features/options you provide the more targets you will give to hackers.

      The only reason UNIX is a such a secured systems is because of it's limits. The more Apple adds to the UNIX system the more vulnurable it will become and there is nothing Apple can do about it. People always wants more than they pay for, so they will have to give people what they want if they want to grow in the desktop area.

        This is the same tired "security through obscurity" junk put out for years. The FACT is Mac users number in the tens of millions. The majority have NO protection! These are expensive machines purchased by people who likely have a nice little source of income. They are PRIME targets my friend!

        If you were a virus or malware author would you go after the saturated market where machines come pre-installed with protection software, and then fine you infected a $499 Sampo PC used by a poor college student or would you rather go after the snob Mac user with $$$$ in the bank and a belief that they don't need to worry about malware?

        The Mac OS by design is simply more secure THAT is what's going on. BTW: the vectors used by a majority of the malware cited is Java and Flash...neither are part of Mac OS natively.

        Enough said...I've been reading comments like yours, and articles like this, for more than 10 years of Mac's getting old.
        • Some flaws in your post

          "and then fine you infected a $499 Sampo PC used by a poor college student"

          So only poor college students buy PC's? You NEVERe alot of well to do, average people with PC's. Everybody who live a comforatble life, can afford vacations, buy new SUV's ect, are all running Macs?

          And those snob Mac users with $$$$ in the bank don't usually go to teh sites where you pick up these things.

          So once you factor in all the information, then lares3k's post is dead on.

          So writers target the system with the biggest market share. It's better to trick 1000 people out of $50, then it is to trick 2 users out of a $1000.
          William Farrel