Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Malware Evolves - No Install Password Required

Posted by samzenpus on from the under-the-wire dept.

An anonymous reader writes "The latest versions of the Mac Defender malware attacks no longer require users to enter their admin credentials (username and password) upon install. A threat called 'Mac Guard' installs itself into areas of the Mac OS X system that only require standard user privilege. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases."

3 of 374 comments (clear)

  1. Re:PEBKAC by BitZtream · · Score: 3, Interesting

    Just putting itself in the Applications directory doesn't do anything special, users still have to run it. The Applications directory isn't setuid or anything like that, it doesn't make the app run as root, it doesn't have anything to do with startup or anything else, you're just allowed to create files in the Applications directory.

    As I pointed out elsewhere, the intelligent thing to do would be to install to the users home directory as most non-techie Mac users will NEVER look in their home directory and notice it, thats just someplace they don't generally have to go, thats what the Documents, Pictures, Music and other folders are for. Unlike the Applications directory where users are bound to be looking at least once in a while.

    The end result would be the same, all its going to do is effect a single user.

    Now if it was intelligent, it'd modify the plist of an existing app to take itself on as the app launcher, then start the real app itself, which would possibly be used by other users on the system. You wouldn't be able to do it to the Apple builtin apps as permissions still require you to be root to modify it, but some other app the user installed will be owned by them and modifiable.

    Back when they were asking for a password, they should have been installing a kernel extension to cloak themselves and make removal without booting from a clean drive impossible.

    This 'malware' is like most Mac users, its a joke, its not even a little bit impressive, it just happens to be the first one noticed.

    Just wait until the Windows malware writers start putting some effort into OSX, THEN it'll get nasty.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Re:No surprises here by Low+Ranked+Craig · · Score: 5, Interesting

    Follow up. I find it interesting that they gloss over the fact that to completely avoid this all you need to do is turn off download safe files in safari, and/or not be stupid. Their solution is to purchase their anti-malware package for Mac. Question for samzenpus, how much did these guys pay you to post this?

    --
    I still cannot find the droids I am looking for...
  3. Good News for the App Store by vwjeff · · Score: 5, Interesting

    This just gives Apple one more reason to force all application installs via the app store in future versions of the OS. The other reason of course is money.