# Malware on Macs



## PhilBurton (Jan 23, 2020)

With the large number of Mac users on this forum, I thought it might be useful to post this web post from a well-respected security software company.

https://blog.malwarebytes.com/mac/2...3MEo5M0hwQ1o3c3ZCOTVyeGhMWjZTXC8rZGx3NkU0In0=
Phil Burton


----------



## clee01l (Jan 24, 2020)

Yes, the Mac Popularity has reached the attention of the Malware creators.  Macs are still an insignificant percentage of computers to prey upon.  I think the popularity of iOS and mobile devices has put MacOS in the spotlight too,


----------



## Linwood Ferguson (Jan 24, 2020)

clee01l said:


> Yes, the Mac Popularity has reached the attention of the Malware creators.  Macs are still an insignificant percentage of computers to prey upon.  I think the popularity of iOS and mobile devices has put MacOS in the spotlight too,


Honestly I think the years of "we are immune to malware" boasts of many Mac users drew their attention; I'm just surprised it took so long.    

It's like anyone who creates an "unbreakable" encryption, safe, whatever.  The boast becomes an invitation.


----------



## clee01l (Jan 24, 2020)

Ferguson said:


> Honestly I think the years of "we are immune to malware" boasts of many Mac users drew their attention; I'm just surprised it took so long.
> 
> It's like anyone who creates an "unbreakable" encryption, safe, whatever. The boast becomes an invitation.



I still don’t run a malware app in background. I do use Malwarebytes once a month or so to check. It has never found any thing.


Sent from my iPad using Tapatalk


----------



## Paul_DS256 (Jan 24, 2020)

I would recommend independent research rather than just replying on the opinion of a vendor who sells malware protection software.


----------



## clee01l (Jan 24, 2020)

Paul_DS256 said:


> I would recommend independent research rather than just replying on the opinion of a vendor who sells malware protection software.


Well when you read the article you have to realize that the whole anti malware industry is based upon creating fear in the public computer community.  Malware Bytes in in business to sell their product and to raise awareness to encourage users to buy their product.


----------



## Linwood Ferguson (Jan 24, 2020)

clee01l said:


> I still don’t run a malware app in background. I do use Malwarebytes once a month or so to check. It has never found any thing.


To some extent that is a bit like saying "I do not need fire insurance since I never had a fire"; the odds of any one person getting (say) a ransomware attack are low; the result of such an attack can be anywhere from annoying (if you are properly backed up) to devastating.

Now that said, and my life has been in the I.T. industry, the anti-virus industry is just awful; as mentioned its business model is to sell then sell again then up-sell.  Their products now want to basically take over your PC.  I just built a Windows 2019 file server for a client, they asked for Norton to be installed, and as soon as I did, the server manager would not run.  I've had far more systems fail in various ways than any attacked by viruses.  But... and this was a town government system that included police -- when Norton scanned their system it found a trojan that had made it through the client PC software and was sitting on the file server, uploaded from a police PC. 


clee01l said:


> Well when you read the article you have to realize that the whole anti malware industry is based upon creating fear in the public computer community.  Malware Bytes in in business to sell their product and to raise awareness to encourage users to buy their product.


Like I said - it's like insurance.  Insurance sales and companies are some of the scum of the earth.  But ... there's a good reason people get insurance. Same with anti-virus.


----------



## clee01l (Jan 24, 2020)

Ferguson said:


> Like I said - it's like insurance. Insurance sales and companies are some of the scum of the earth. But ... there's a good reason people get insurance. Same with anti-virus.


In my IT career and since I retired, I've only had one virus and it was on a office Windows Computer.  After that I did run antivirus (business requirement) on Windows computers.  Often threats would be detected and isolated on Windows.  As I indicated, I run Malwarebytes manually to insure that my files are clean, clean of even Windows only malware.   Since 2008, MalwareBytes has never identified and isolated any suspicious file suspected of containing malware,  Apple does a pretty good job of updating the OS and sandbox security to protect against any new threats.  (in most cases, Apple has been proactive in this regard where Microsoft has not ).


----------



## Linwood Ferguson (Jan 24, 2020)

clee01l said:


> As I indicated, I run Malwarebytes manually to insure that my files are clean, clean of even Windows only malware.   Since 2008, MalwareBytes has never identified and isolated any suspicious file suspected of containing malware,


I think it's worth noting for those following along at home... 

Running a scan tends to find potentially dangerous malware, but what might be termed latent malware - those that sit around either waiting to be activated, or which are active but whose impact is either mild (such as ad-ware showing you ads), hidden and only mildly disruptive (crypto-mining as an example) or whose goals are spying on you not disrupting the computer.  Probably the biggest things scans find for most people are browser plugins and ad-ware that, in many cases, the users will say "hey, I wanted that".  This tends to lead people to stop running scans.

Ransomware, which is  one of the fastest growing malware genres largely because idiots pay ransom, tends to attack more quickly and is not going to wait around to be caught by a scan, you either need to detect it on introduction or immediately as it comes alive, else it will have already done the damage.

By far the most frequent vector for such are phishing emails, followed by opening dodgy websites.  Those who are reasonably informed and reasonably careful in how they handle email and web sites will almost never get infected (that's not "never" of course).  Staying with up to date software is the next most important thing.   On windows, not turning off UAC is maybe 3rd (I don't know if Mac has something similarly).  I'd probably put active AV scanners somewhere much further down the list of the most important preventatives.

How well readers here keep their software up to date is probably well illustrated by all the questions surrounding 2 or 3 major version updates to Mac, or running Lightroom 4 or 5 or 6.     

For what it is worth while I was updating a town governments file server to windows 2019 from 2003, I found out they have numbers systems still running windows XP, and most running windows 7.   I'm sure they will be completely surprised and disbelieving when they are successfully attacked.  Yes, I made recommendation, but I was just a hired gun for that server install, so they don't listen.


----------



## PhilBurton (Jan 24, 2020)

Not replying to anyone in particular.  Just because you personally haven't been victimized,
(1) you don't know if there is malware buried in your system that you haven't detected.
(2) you may be lucky.
(3) the security software that came installed with your system (Microsoft Defender) has been effective in blocking threats.
(4) all the websites you have visited have successfully ptoected themselves by hackers and cybercriminals.
(5) you never connect to the Internet.

Consider all the news articles about individuals, businesses, and governments getting targeted by "ransomware" and being forced to pay money to supposedly get all their data decrypted.
Consider all the news articles about people whose credit card information is stolen in attacks on stores.  (That has happened to me twice now.)
Consider all the news articles about hackers trying to disrupt the entire networks of government, utilities, and even individuals.
Consider all the news articles about state hackers from Russia, Iran, China, North Korea, etc.
I agree that effective information security is a drag on productivity.  It's no different than paying for fire or theft insurance.  It provides no direct economic benefit.

In the interests of full disclosure, for over ten years, I worked in software product management for various system and computer security companies, focusing on businesses and governments.  You may still remember Sun Microsystems.  At Sun one of our business partners was Check Point Software.  My various security company ex-employers, you probably never heard of.   I can't tell you how many times a company would contact us to say that they had been hacked, and _now _they realized that they needed protection against being hacked again.  I have also been asked by friends to recommend security software for their personal computers.

I can understand the resentment that many people feel towards some security software vendors, and by the way _I agree with that feeling._  Too many vendors rely on FUD (fear, uncertainty, and doubt) as a crutch because they fail to articulate a clear benefit for their products.  Quite possibly their products don't offer any real value.  Or else the vendors rely on cliches and generalizations as a sales and marketing strategy.  Many sales people don't know how to really sell products.  I once worked for a startup, long since out of business, that had products that didn't address legitimate needs. or perhaps they couldn't explain the real business benefit.  The venture capital investors came in one day and simply shut down the company, effective *immediately*. We all went home that day with our personal items, before lunch.

That all said, there is still a legitimate need for effective security tools.  Ask anyone who runs a website.  I have worked in companies where many people got infected.  Malwarebytes fulfills a legitimate need for me.  The paid version warns me immediately if I try to go to a problem website.  

Phil Burton


----------



## Paul_DS256 (Jan 25, 2020)

Back to my original point. Let's not brush all OS architectures with the same security brush. Windows is different from MACos which is different from other variants of Unix/Linux and other 'ix's.

See https://www.apple.com/ca/business/docs/resources/macOS_Security_Overview.pdf


----------



## Linwood Ferguson (Jan 25, 2020)

Paul_DS256 said:


> I would recommend independent research rather than just replying on the opinion of a vendor who sells malware protection software.


@Paul_DS256, I hope you don't mind my being amused that now you quote Apple about Apple.    

From zdnet: What is malware? Everything you need to know about viruses, trojans and malicious software | ZDNet
*



			Mac malware
		
Click to expand...

*


> For many years, a myth persisted that Macs were completely immune to malicious infection. Over the course of the 90s, there were some forms of malware that did infect Macs, despite primarily being designed for Windows systems. The likes of Concept and Laroux were about to infect Macs using Microsoft office programs.
> However, by the mid-00s, attackers had started building forms of malware specifically designed to target Apple Macs, and now, while Windows machines bear the brunt of computer and laptop based malware attacks, Macs are now regular targets for cybercrime.
> It's now normal for backdoors trojans, compromised software downloads, and ransomware attacks targeting Mac systems to be uncovered by cybersecurity researchers.



I think it's a fair point that Mac's have some good security features, but I personally believe the biggest thing they have going for them is users tend to fall in lock step more than windows users (by choice or force), so they tend to do less to defeat security features, install unknown software, etc.  I think it's fair to say Apple did good in protecting its eco-system in that way (even moreso on the iphone vs google play store). 

But honestly I think telling people how secure they are does more harm that good, as it gives people a false sense of security.  The vast, vast majority of malware attacks, Mac or Linux or Windows, still start with the user doing something stupid.  While I hate people who use FUD to sell stuff, I think a bit of the "F" goes a long way toward making people careful.


----------



## davidedric (Jan 25, 2020)

Though I've been using computers for a long time (wrote my first program 50 years ago), and have spent my working life in software development and deployment (mostly in managerial roles), I definitely don't feel I know enough about PC security to fly without a net.  So I do run one of the decent, so far as I can judge, security packages.  If nothing else,  it makes me feel better


----------



## Paul_DS256 (Jan 25, 2020)

Ferguson said:


> @Paul_DS256, I hope you don't mind my being amused that now you quote Apple about Apple.


Glad you had a chuckle Ferguson. I feel it's first principles. Understand the organization and architecture of an OS before determine where you need mitigation. It's sort of the opposite extreme of security software vendors saying what you need. They have a hammer so everything looks like a nail.

In between will be security analysts who can actually provide useful insights.


----------



## morgan17767 (Mar 9, 2020)

*PhilBurton*, well it didn't helped me with AKAMAIHD popup virus. Cause there was a situation when my iOS got infected by popup virus and it was a huge problem not just for browsing the web, but also for some specific iOS apps. This article here ( https://mаcsecurity.net/view/51-rvzr-aakamaihdnet-popup-virus-removal-for-mac ) gave me dozens of useful tips and advises how I can remove that malware, and that's the only source which helped me. Malwarebytes Labs software should helped with it, but did not.


----------



## PhilBurton (Mar 9, 2020)

morgan17767 said:


> *PhilBurton*, well it didn't helped me with AKAMAIHD popup virus. Cause there was a situation when my iOS got infected by popup virus and it was a huge problem not just for browsing the web, but also for some specific iOS apps. This article here ( https://mаcsecurity.net/view/51-rvzr-aakamaihdnet-popup-virus-removal-for-mac ) gave me dozens of useful tips and advises how I can remove that malware, and that's the only source which helped me. Malwarebytes Labs software should helped with it, but did not.


I tried to read that article, and  what-do-you-know, MalwareBytes (the premium version that does real-time scanning) blocked access:





A "PUP" is Potentially Unwanted Program, which could be yet another browser hijacker.  

I'm a bit unclear.  Did this malware affect your Mac or your iPhone?  If you are/were using the free version of MalwareBytes you don't get the real-time scanning.

@everyone.  Please go back and read my post #10 in this thread.  I know that paying for security software doesn't provide a direct economic benefit, and the marketing and sales tactics of many security companies is poor.  And again, I'm speaking as someone who was on the inside of that industry for over 10 years.  But which would you rather do?   Pay $40 for one computer, or $60 for three computers, for the premium version which would have caught this malware, or spend a lot time researching the problem and then doing a manual cleanup.  Malwarebytes on their website explains how to use the free version to clean up this malware.  Note that they list two other security programs.  

https://malwaretips.com/blogs/akamaihd-net-virus/
Phil Burton


----------



## Zenon (Mar 16, 2020)

Wondering about viruses, etc while travelling I got caught up on VPN which messed up my mail protocols. I was concerned about banking on non secure wifi connections.     

I had a nice long chat at Apple forums and I did discuss it here as well. As I understand it VPN's main purpose to create a direct pipe from your computer to another one or company network. If not you go through their servers but then you are out in cyberspace anyway. It seems it is good for people who want to get past a countries internet regulations or visit seedy sites.  They explained that unless you use sites that give out your personal information banks, etc are pretty heavily encrypted and there is more of a concern of using a public computer, which I do not.  

I have used BitDefender for a few years but it sometimes causes my external drives to eject improperly.  I don't know why but I think it has something to do with sleep mode. So for my new iMac I just use the free Malwarebytes and run it every week or so. I left BD on my MacBook Air as I travel with it. If I do a back up I plug in the external drive and put computer to sleep command to "never" temporarily.  I backup every few days when travelling and every 3 weeks or so when at home. Time Machine backs up every hr on my iMac.      

BD subscription comes up in 21 days and I'm wondering what to do.


----------



## Linwood Ferguson (Mar 16, 2020)

More than you want to know about VPN's: 

The concept of VPN as a direct pipe is reasonably accurate, more frequently known as a tunnel.  A https web session is more or less the same thing, but only for the browser data itself.  A VPN encrypts (mostly, see below) all data, a https session encrypts only those items with https tags (it is worth noting that a web page can be -- should not, but often is -- a collection of data that is https and data that is http). 

The issue with VPN's is who is forming the termination point of that VPN, and I would loosely class these into four groups: 

1) You.
2) Your workplace
3) Free/cheap VPN's
4) Reputable VPN's

(3) often ends up harvesting your information and selling it, or may even themselves inject malware (after all, they have to make money somehow). The main problem is that it is hard to tell (3) from (4); that someone charges money does not mean they are trustworthy.  Being free you have a good chance they are not (at least, you should look at how they are funded). 

(2) may be helpful to you, if your company both provides it, you trust them, what you want to do is OK on their network, and they will allow it.  Often this is a good way to get really safe service. 

(1) is what I prefer.  Many home routers can create their own VPN end point, this means while remote (whether on cellular service or wifi) you can connect to your home, and be almost as though you were inside your house.  Effectively you use your homes bandwidth and security features instead of your phones/laptops or local wifi.  This it is in in-out approach, you are limited by your slowest speed (usually up, not down). 

There are a lot of issues with setting up a VPN, or using one (especially a corporate one).  One is "Split tunneling". Many companies' VPN do "split tunneling" which means you tunnel to company systems, but bypass the tunneling to other sites (i.e. internet sites).  A VPN is useless for security at hotels, etc., if it involves split tunneling. Another risk is most devices will chose to keep working without the VPN if the VPN connection drops -- you might go on happily browsing thinking you are protected, but VPN may be down.

One of the biggest risks for VPN's in hotels (etc.) is when you connect to an open access point, there is no good way to know if you are really connecting to the hotel's system, or some hacker's fake system.  Literally no way.  If it's a hacker, you need a really properly configured VPN to secure your connection (or more likely to have it fail to secure, which may indicate it is compromised).  If your VPN puts up web pages to login, etc., you may be giving out your password from what is known as a MITM attack (Man in the middle, i.e. hacker in the middle).  There are clues, but often people skip by them, connect -- the hacker may actually pass your connection through, but in doing so is reading everything inside.

Frankly despite, I think, having a properly configured home VPN I pretty rarely connect to open wifi access points any more.  There's just too many new ways, invented fast, to hijack them.  Cell connections can also be hijacked but that is harder and much less likely, so I just pay the data penalty for most cases.


----------



## Zenon (Mar 16, 2020)

That is correct. They called it split tunnelling and the VPN I used  did offer it. Not a cheap or fee one. I tried it to bypass the mail provider using it but it still messed it up. Thanks for the additional information about hotel rooms. That was very helpful. I have yet to do banking on my iPhone (app is there) but the people at Apple told me it was safe and now I see why. We'll probably get the travel plans to get Data, etc next time we travel and I'll use my phone for that. Typically at home I check our credit account every few days. 3 to 4 when we travel for fraudulent activity.  I have have my credit card on Apple's Wallet and have been using it for anything less than $100 for about 1 ½ years now.


----------



## Linwood Ferguson (Mar 16, 2020)

Yeah, I probably should have added that the actual likelihood of any given person getting hacked in any given hotel is pretty low, so please, no one posting "I always use Wifi and I'm fine".  I get it.  Low.   

The risk goes up in common areas (vs rooms, just to the logistic difficulty of faking a signal there), airports and other places people congregate, and goes up exponentially if you are at the same hotel as a hacking conference.    

It's kind of like the current Coronavirus situation -- the chances are low of getting infected for any given interaction, but the downside of such an encounter are pretty awful.  Plus there are some places you should know are risky (e.g. that nursing home in Washington), but no where you feel completely safe any more shaking someone's hand -- or firing up wifi.


----------



## clee01l (Mar 16, 2020)

Ferguson said:


> Yeah, I probably should have added that the actual likelihood of any given person getting hacked in any given hotel is pretty low, so please, no one posting "I always use Wifi and I'm fine". I get it. Low.
> 
> The risk goes up in common areas (vs rooms, just to the logistic difficulty of faking a signal there), airports and other places people congregate, and goes up exponentially if you are at the same hotel as a hacking conference.
> 
> It's kind of like the current Coronavirus situation -- the chances are low of getting infected for any given interaction, but the downside of such an encounter are pretty awful. Plus there are some places you should know are risky (e.g. that nursing home in Washington), but no where you feel completely safe any more shaking someone's hand -- or firing up wifi.



And it depends upon your data. Working on Lightroom from your hotel room after a long day in the filed is probably a lot less risky than trying to balance your stock portfolio before the market sinks another 3000 points.


Sent from my iPad using Tapatalk


----------



## Linwood Ferguson (Mar 16, 2020)

clee01l said:


> And it depends upon your data. Working on Lightroom from your hotel room after a long day in the filed is probably a lot less risky than trying to balance your stock portfolio before the market sinks another 3000 points.


Absolutely, though with some caveats.  unfortunately, due to corporate greed and data hunger, a Mac or PC tends to sit and chatter second to second communicating with all sorts of companies, foreign and domestic.  A phone is even worse.  Much of that data is just spying on you and not risky in itself, but some of those applications may be authenticating.  If badly designed without adequate encryption (as many are), and if you are the sort that uses the same email and worse password for everything... well, you may be giving away your password to some dinky coupon tracking app you think you do not care about, but it might also be your banking email (and worse, password). 

In a perfect world none of these would be spying on you all the time anyway.  In a slightly less perfect world they would all be suitably encrypted and protected so they do not "leak" even if someone is watching your wifi connection.  We don't live in either of those worlds.

Want to be frightened, run a network sniffer for 24 hours on a PC, Mac or Phone doing nothing and see what it actually does.


----------



## Zenon (Mar 16, 2020)

Thanks for the additional info.


----------

