Sneaky Mac OS X threats

Methusela Cebrian Ferrer CA - HCL

The emergence of crimeware[1] in Macintosh displayed immense awareness in security. Apple stepped in and introduced protection which detected notable malware families DNSChanger, aka 'RSPlug', Jahlav and Iservices, aka 'iWorks', in Mac OS X 10.6 Snow Leopard. As observed with immediate effect, the organized group perpetrating the distribution stopped serving the Mac malware. Some interesting questions have surfaced: is there a reorganization happening? and is this the solution to deter cybercriminals?

The message is clear, Mac users became more cautious and security-aware this time. The greater level of security consciousness has led to an increase in community discussions and participation. Users immediately report dubious websites and suspicious behaviour possibly caused by unknown threats. However, a lack of detailed information may prevent discovery of the real culprit.

This paper seeks to explore and discover the continuous interest of organized groups in Macintosh. We will track down the attempts, strategies and latest offensive development pursued in Mac. The utilization of available detection utilities will be discussed to highlight the importance of identifying possible new malware.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.