Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Exploit MacKeeper Flaw To Spread OS X Malware

Posted by timothy on from the and-their-ads-are-annoying dept.

An anonymous reader writes: Controversial OS X 'clean-up utility' MacKeeper is being exploited by cybercriminals to diffuse Mac malware OSX/Agent-ANTU, according to the BAE cyber security unit. A single line of JavaScript on a malicious web-page is enough to hand over control of the user's system via MacKeeper. Lead security researcher Sergei Shevchenko said 'attackers might simply be 'spraying' their targets with the phishing emails hoping that some of them will have MacKeeper installed, thus allowing the malware to be delivered to their computers and executed,' The malware enables remote control over commands, uploads and downloads, and the setting of execution permissions, as well as granting access to details of VPN connections, user names, and lists of processes and statuses.

12 of 63 comments (clear)

  1. BAE caught me slippin... by wardrich86 · · Score: 2

    Slippin' malware into OSX, that is.

  2. Huh? by jomama717 · · Score: 5, Insightful

    I thought MacKeeper was already malware. If you get suckered into installing it in the first place then anything goes.

    --
    while [ 1 ]; do echo -n -e "\xe2\x95\xb$((($RANDOM&1)+1))"; done
    1. Re:Huh? by meerling · · Score: 2

      I've worked in the middle of a bunch of IOS techs for years. They have all the problems that windows users have, just with some different names, and a few variations of specifics, this includes malware. The main reason there are so many less infectors is because they are a much smaller priority for the scum making the malware because there are a lot less IOS boxes than there are Windows boxes. They are looking for quantity, whether it's part of a scam to get money, or to score points for destroying someones data, and targeting IOS is automatically limiting your maximum targets.

      Hate windows all you want, but don't ever mistake obscurity for any kind of real security.

    2. Re:Huh? by phishybongwaters · · Score: 3, Insightful

      Thank you for the first non flaming fanboy post. 100% accurate, we're seeing more mac infections and malware now not because of more exploits, it's because the market share is getting large enough to make them useful targets. This was not the case for some time. This "mac is safer" BS is the same as "linux is safer" no, it's not at all safer. Linux has so many flavors and variations it's not really feasible to blanket attack them. Moreover, most linux users have a better understanding of the OS than windows users (I use all 3, win, ios,linux, lest ye think I'm fanboying) and I'm fairly confident that we can NOT say the same thing about the average Mac user, the AVERAGE (I said average) Mac user is the average windows user with a different skin on the OS, they know not of the things that lie beneath the gui. Most average mac users wouldn't even know their MAC as a BASH terminal built in. We are seeing more ios attacks because they are getting sloppy at the same time they are gaining popularity. I can't go a single day without seeing a Macbook somewhere and I bet you dollars to doughnuts that if I asked them ,they would happily tell me how much more secure their Mac is. Mac users have a false sense of security, linux users have a false sense of superiority, and windows users like to click popups to get 100 free emoticons. And I am still LOLing over "you shouldn't have to do anything on a Mac for OS maintenance". That's the exact crap I'm talking about, that's why it's ridiculously expensive to get your Mac cert to.... wait for it..... REPAIR AND MAINTAIN MACS. That's why apple has "geniuses" to help you with your Mac problems, because there are no problems. We've always been at war with Eurasia.

  3. You don't say? by Anonymous Coward · · Score: 2, Insightful

    A crapware "product" to "solve" a usually non-existent "problem", most heavily promoted by deceptive pop-ups on porn sites, turns out not to be entirely trustworthy? I'm shocked, shocked, I tell you!

  4. wow, the joke is not really a joke by sribe · · Score: 4, Interesting

    So the first thought I had on reading the title was the predictable joke about MacKeeper being malware. But from reading the article, it sounds to me like MacKeeper installs a custom URL handler, which directs to a process that they installed which parses a command script from the URL and executes it. So, a component which allows any web site to run code outside your browser. That's malware, not in the sarcastic "less-than-useless" sense, but in the literal "actively installs attack vectors" sense.

  5. Re:Jesus Christ. JavaScript needs to go. by guruevi · · Score: 2

    Why? If you don't like JS, turn it off. JavaScript is an okay scripting language. This is talking about JS interacting with an already installed malware plugin. Off course once your computer has been compromised, you can do whatever you want. You could make it into a clapper (clap on/clap off), not that hard to do.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  6. Re:CRAZY TALK! by Anubis+IV · · Score: 2

    The only idiot here is the one who apparently doesn't realize that MacKeeper has as much to do with Apple as Flash has to do with Microsoft.

  7. Re:CRAZY TALK! by jo_ham · · Score: 2

    Reality distortion field: activated.

    We're seeing a slow backing-away from the ideal:
    - Mac doesn't get viruses.
    - Mac doesn't get viruses if you use trusted software and mainstream web pages.
    - Mac doesn't get viruses if you use Apple software and the Apple website.
    - Mac doesn't get viruses if you don't use it.
    - Mac gets viruses.

    We'd all come off more honest if we just agreed that Mac gets viruses.

    For the nit picky, the second-to-last in that list seems ridiculous, but it isn't. Non-user-initiated infections are possible if it's a bug in the network stack or system services and it requires no user interaction to cause the infection. This is why XP machines get infected within 15 minutes *even if you don't do anything* (and especially if you don't patch it like a rabid maniac jabbing the Windows Update button). You can claim this is impossible on a Mac if you like but I won't believe you.

    What reality distortion field? I'm not sure what part of my comment would result in that, given that I was replying with a factual statement to a comment that seemed to think that Mackeeper was software written by Apple, or that somehow Apple devices were immune to bad code. Or is that just your go to attempt at an insult? Pretty weak either way.

    You're arguing from a position that does not really exist - the whole "Macs don't get viruses" thing (let's ignore that this is a trojan and not a virus, but whatever) hasn't been the current talking point officially or otherwise for a very long time, and it was never actually Apple's official advertising (because it wasn't literally true - they talked a lot about how it was more secure than Windows but never said immune).

    What Apple bashers like to keep stating is that that's what they believe Apple fans are all saying, when it really isn't. OS X is as secure as any Unix system - that is, pretty good, but not immune.

    What we have here is a trojan, which is a problem common to all operating systems that run on computers. But of course, that doesn't fit the narrative you're trying to push.

    No one is claiming that infections are "impossible" on a Mac - but you can claim that that's what Apple fans are claiming if you like.

    For the record, there aren't any actual viruses for OS X in the wild. DISCLAIMER: THIS DOES NOT MEAN I THINK OS X IS IMMUNE /END DISCLAIMER, but there are plenty of trojans and other malware. The Microsoft Office trojan torrent being one of the most famous. I'm surprised you haven't heard of it. A torrent that claimed to be a pirate copy of Office that was a trojan. Got a lot of people that one.

    So, from what I can see, you're the only one claiming that people are claiming that Macs don't get viruses. Perhaps this is the source of your confusion.

  8. Re:Wait, wait.... by macs4all · · Score: 2

    But all the Mac fanbois tell me that Apple products never get viruses....

    This is a Trojan. Every OS will ultimately allow $StupidUser to defeat $SECURITY_FEATURE to install ANYTHING from ANYBODY from ANYWHERE. But, without going into details, OS X has several redundant features that both make the $StupidUser far less likely to just casually click-install their way into slavery, and to attempt to minimize the damage that can be wrought by $MALICIOUS_CODE.

    Nothing is ever foolproof; but OS X is pretty damned secure; to the point that AV apps are still unnecessary.

  9. Re:Macs. by macs4all · · Score: 2

    And because 99.999% of mac users are complete morons who think simply running the OS makes them immune to all hacking this is going to be extra effective. Good job, crapple marketing team. You've raised a whole generation of users are are completely unprepared for what's coming.

    No.

    Most of the people who are swelling the Mac's marketshare are coming from Windows; and a good percentage of them can't even imagine a platform essentially without malware, and so the INSIST on running AV.

    Plus, OS X has some (very) basic AV capabilities of its own, too.

  10. Re:Wait, wait.... by macs4all · · Score: 2

    If Trojans are called viruses on Windows they can be called viruses on OS X.

    No.

    Windows used to (maybe still does) have examples of true, self-replicating malware. Those are legitimately called "viruses".

    OS X has never had a virus. Only Trojans. BIG difference, since ANY OS that allows the installation of software can fall prey to a USER-INSTALLED Trojan; but only non-secure OSes can support virus propagation.

    Nice try, but repeating an error is not a justification for committing the error in the first place. Or, as my Mom used to say "Two wrongs don't make a right."