McAfee: Big Spike In Mac OS Malware In 2016, Mostly From Adware Bundling

An anonymous reader quotes Fortune: Security firm McAfee released a report this week that showed a big jump in 2016 regarding malware hitting the Mac operating system. The McAfee report said there were 460,000 malware instances affecting the Mac OS in the fourth quarter of 2016, an over 700% jump from the previous year during the same quarter.

McAfee's new report confirms similar research by other cybersecurity firms in recent years that show an increased prevalence of malware affecting Apple computers. Essentially, as more people buy Apple computers, there are more possibilities for malware to infect the machines. But while an over 700% surge in malware may sound frightening, it should be noted that "the big increase in Mac OS malware was due to adware bundling," the report's authors wrote.

Oh No!

I hate adware bunding.

Bunding

[thegreatbob]

Bounding? Binding? Bonding? Banding? Bunging? Funding? (let me know if i'm missing anything) For fuck's sake, it's not a high crime to edit typos in article summaries or the fucking title.

Re:Bunding

[Gravis+Zero]

"Bundling", you nitwit.

Re:Bunding

[thegreatbob]

I am astounded this hit +5, I really hoped they'd fix it quickly and get this to -1 where it belongs xD

unix

[fluffernutter]

I thought MacOS was secure because it is unix, and unix eats viruses somehow. And Apple loves you.

Re:unix

[DontBeAMoran]

https://en.wikipedia.org/wiki/...

Re:unix

[Vitriol+Angst]

MacOS has very little malware or viruses because only the rubes buy anti-virus software.

The market for malware is driven by a large network of freelancers who find viruses and malware and give the profiles to the anti-virus companies. And how best to get it first? Make the damn virus.

I have no real proof of this, but it can't really be disproved either. And the market incentive is strong to NOT run out of virus and malware threats.

By bundling virus solutions with their OS, Microsoft put a good dent in viruses. Now the big growth area is malware.

Re:unix

[KiloByte]

The official Unix brand is granted to whoever pays the fee, actual compliance with the specs doesn't matter -- there's a huge leeway in testing so even stuff as insane as AIX can pass.

so uh, Android and Windows are now viruses?

By that definition then Android and Windows are both malware themselves. It seems every year they add more and more "apps" that contain "useful information they deem important" and "suggestions" that boil down to adware.

NO FORTUNE.COM LINKS!

[Gravis+Zero]

I know I'm not the only one that gets pissed off by sites that decide to autoplay a video when you visit a page. Do not link to fortune.com or any other site with autoplaying videos!

Re:NO FORTUNE.COM LINKS!

[fustakrakich]

Save your breath. There's a solution for everything

Re:NO FORTUNE.COM LINKS!

Every time I get a video ad on a page, I disable the styles and the javascript, find the video, get its URL and then add the domain to my hosts file.

Re:NO FORTUNE.COM LINKS!

LOL.

I don't even have to do all that work. apk has done it for me.

Re:NO FORTUNE.COM LINKS!

[postbigbang]

Sigh. I wished they didn't constantly change the URLs. If they're plucky and use cloudflare or an AWS source, you're screwed.

Oh... wait...

Re:NO FORTUNE.COM LINKS!

[ColdWetDog]

Everything?

Cool. I feel better already.

Re:NO FORTUNE.COM LINKS!

apk's hosts file is way too big to be efficient

Re:NO FORTUNE.COM LINKS!

[KiloByte]

At least sound in such videos is no longer a concern on Linux.

Re: NO FORTUNE.COM LINKS!

I don't see a windows 10 version. What gives?

xD

Re:NO FORTUNE.COM LINKS!

Apk's hosts solution's more efficient in kernelmode vs usermode solutions like adblock that are paid off not to work and it's native.

Re:NO FORTUNE.COM LINKS!

[knorthern+knight]

I run Pale Moon browser. In about:config,change 2 settings...

media.autoplay.allowscripted; false
media.autoplay.enabled; false

Voila; no more autoplay. The only downside is that some Youtube videos have to be clicked 2 or 3 times to get them to play.

Re:NO FORTUNE.COM LINKS!

[rsmith-mac]

Unfortunately it breaks Twitch entirely. You can't start a video without autoplay enabled.

Article has (almost) nothing to do with MacOS

[imidan]

The summary raises an interesting issue, that "the big increase in Mac OS malware was due to adware bundling." What adware is being bundled with what software or hardware? Obviously, Apple isn't going to be bundling adware with their MacOS devices, so who is doing this? What has been the effect of this malware? What's the most common malware, and what does it do? How is this affecting Mac users?

So I went to TFA for answers and found their section on Mac OS. Out of the 49 pages of the report, this is the entire text of the MacOS section: "Just as last quarter, the big increase in Mac OS malware was due to adware bundling. " There are also a couple of bar graphs.

I skimmed some of the rest of the report. There's 15 pages with some details about the Mirai botnet and how it works. In fact, it's the longest article in the thing. If I were going to try to get someone to read this report, and I wanted to give, say, a headline and summary talking about its contents, I might choose to talk about the Mirai article, rather than a throw-away gloss on page 39 with two bar graphs that exist without context in something that looks like an appendix.

Re:Article has (almost) nothing to do with MacOS

[ColdWetDog]

Aww, now you've gone and ruined it for everybody. You read TFA.

Re:Article has (almost) nothing to do with MacOS

[Henriok]

I agree with your assessment of the paper. It's amazing to see that the Mac is targeted by a total of 450.000 malware, while there's a total of a wopping 625 million targeting all platforms. That's less than 0.1% of all malware targeting the Mac. Yes.. let's talk about how infested the Mac is one more time.. Any decade now the threat will become meaningful.

Re: Article has (almost) nothing to do with MacOS

Lol, from impervious to 450k but it's nothing to worry about... Especially when there's a financial stereotype that these users are noobs and Rich..

Re:Article has (almost) nothing to do with MacOS

The Mac OS attack surface has always been significantly smaller than the MS attack surface due to the amount of market share each OS commanded. The Mac OS or any other minority OS was not worth the effort of those creating malware for profit. They have always targeted what ever type of system givers them the best chance of getting the best bang for their buck.
The OS market has shifted where now the largest attack surface belongs to billions of devices running an Android or derivative OS. Users and companies where slow to adopt security measures on the desktop but that has been changing over the years. Now the mobile OS environments are just as vulnerable as a Windows 95 but nobody is paying attention. Mobile phones have captured a significant amount of the desktop market and users and those creating both the mobile devices and their accompanying OS's are a sleep at the wheel. Users are downloading and installing apps recklessly and in a lot of cases the malware and adware actually ask the user to give the apps access to every thing on their device. With each mobile device manufacturer modifying the devices OS for branding and customization which increases the chances of vulnerabilities being created. People are using their mobile devices for conducting monetary transactions that even the desktop OS was incapable of making. Electronic wallets and all types of scanner related functionality is taking place using a device that can be accessed wirelessly from people just walking down the street. The early PC operating systems put functionality way ahead of security at the beginning and then had to retrofit security measures and the same thing is happening right now on the mobile platform. New apps and functionality is being rushed out the door in an attempt to capture market share and security is once again a secondary worry. But ultimately the responsibility for security on a personal electronic device is up to the user. This applies both to the PC and mobile devices. There isn't a piece of non-trivial software on the planet that cannot be compromised and that is especially true when the end user lacks the awareness needed to exert at least some caution on what they install on their devices and how they use the devices. The software developers and system engineers have a responsibility to try and make their products as safe as possible but since no one to date has developed a piece of 100% secure software the users will automatically assume some responsibility for securing their electronic devices.

Re:Article has (almost) nothing to do with MacOS

The Mac OS attack surface has always been significantly smaller than the MS attack surface due to the amount of market share each OS commanded.

Counterpoint: Both versions of 64bit Windows had unique viruses target at them within days of the release of their betas. In the case of the Itanium version there were lass than 10lk machines able to run it at the time.

Re:Article has (almost) nothing to do with MacOS

Mac OS represents less than 10% of the marketshare, to have such a skyrocketing rate is a serious concern.

Re:Article has (almost) nothing to do with MacOS

[mattsday]

My girlfriend got caught by some nasty OS X malware very recently from an ad network. It disguised itself as Flash Player and instead was CleanMyMac.

It had a valid developer certificate from Apple and she's aware enough to know that Flash Player needs updating. She didn't expect something bordering on a virus to change a load of settings and demand money for made-up problems.

For as long as I can remember Macs had avoided this kind of nastiness and there was a great community of great apps without spyware/malware etc (remember QuickSilver back in the day?). All good things come to an end and I guess soon we'll have to start unchecking boxes on installers, removing browser toolbars and generally avoiding predatory money grabbers as much as possible.

Re:Article has (almost) nothing to do with MacOS

All good things come to an end and I guess soon we'll have to start unchecking boxes on installers, removing browser toolbars and generally avoiding predatory money grabbers as much as possible.

That's because Apple now caters to the lowest common denominator. Behold, the new Dell.

People still use McAfee?

LOL.

I didn't know that was even still around.

Re:People still use McAfee?

I didn't know that was even still around.

Well, its popularity has understandably waned significantly... since it requires an anal interface for installation.

Name change warranted?

[QuietLagoon]

Should McAfee (the company) change its name? I know that I, for one, have to fight the urge to summarily dismiss an article when I see it starting with a quote from McAfee. For me, that name has a connotation that is not a good one...

Re:Name change warranted?

Calling themselves (correctly) Intel Security Group would probably alleviate this.

Re:Name change warranted?

Intel wants to sell McAfee so why should they put their name on it?
http://www.pcworld.com/article...

That is the same problem again when the new sucker buys it.

Re:Name change warranted?

Calling themselves (correctly) Intel Security Group would probably alleviate this.

But it isn't true. McAfee was purchased on a bidding of the software group exec to try and make up for her lack of revenue. Everyone else in the company went "Wut?!". Now she's gone, McAfee no longer have a protector and it is going away along with her. "Intel Security" is composed of a number of interlinked groups in Intel that cover various security domains. They have almost nothing to do with McAfee.

FWIW, McAfee do make good software security products, but anti-virus ain't one of them. One of the reasons they have good security products is because they were the only ones to take advantage of the hardware security features on Intel chips. This sells well to corporations who want to manage threats across large numbers of computers. The anti virus stuff still sucks huge hairy balls though. Avoid it.

Re:Name change warranted?

[Mitreya]

Should McAfee (the company) change its name?

Perhaps they could rename to "You'd never install us voluntarily, Inc"?
I disable McAfee "add-on" install with Flash updates all the time. And yet just a couple of months ago I had to uninstall it anyway (something else snuck it in without asking)

Re:Name change warranted?

[radarskiy]

"They have almost nothing to do with McAfee."

McAfee is owned by the Intel Security Group subsidiary company.

Re:Smug Apple customers

[TechyImmigrant]

Why do psychic's need maps...?

To show that they can solve graph isomorphisms in sub-poly time using their psychic powers.

Re:Smug Apple customers

Ever notice how smug Apple users are when it comes to malware and viruses? They insist Apple products are not susceptible to malware and viruses.

Ever notice how that claim is always made by smug people who secretly wish they only had ten times as much malware as Apple users.

In other words, buy a Windows PC...

[supremebob]

And get our McAfee bundled malware/adware preinstalled on your PC before you even connect it to the Internet!

Come on guys, it's a huge timesaver! We're so advanced that we'll start hitting you up with ads for the full paid version of our software before you've even finished updating your drivers.

Re:In other words, buy a Windows PC...

AhhhHaa Haaa!
    Oh my eyes hurt form laughing so hard... but now I'm actually crying...
          I am crying because I wish this was not true but it is. Curse you bloatware!!!

Re:Ads & malware + dns issues = why I made thi

Hahaha, disregard that, I suck cocks

APK

No respect for McAfee.

Literally, just yesterday I removed a TROJAN.DNSChanger and a metric ton of PUPS/PUMS from a clients computer all the while McAfee was saying all was fine.
I booted into safemode, checked startup programs, and I could see a fake antivirus with little to no effort!.
Malwarebytes found and removed all of this, after which McAfee all of a sudden starts working and begins to run an update which appeared to not have run for a few months.

I get this all_the_time with Trend, McAfee and Nortons that it beggars belief.

I guess

that those adwares are probably bundled in McAfee products.

Immunity

The trouble with mac malware is that a lot of mac users incorrectly believe they are immune to all viruses/malware. This leads to them engaging in more risky behavior than the average windows user.

Vs. ads/malware/dns issues I made this

APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Ads/script & malware rob speed/security/privacy

Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

* Via what u NATIVELY have in the IP stack in FASTER kernelmode.

APK

P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

MacUpdate

I think a large part of this has been because of MacUpdate wrapping app installers in their adware: https://blog.malwarebytes.com/cybercrime/2015/11/has-macupdate-fallen-to-the-adware-plague/