Mac security under real threat?
Posted on 22 January 2008.
In its latest security threat report, Sophos reveals that in 2007 organised criminal gangs for the first time arrived at Apple's doorstep with the intention of stealing money. With proof that malicious hackers are extending their efforts beyond Windows, computer users of all operating systems should not be complacent about security.

Sophos experts note that malware for Macs has been seen before, but until recently, organized criminals have not felt the need to target Mac users when there are so many more poorly protected Windows PCs available.

However, late 2007 saw Mac malware not just being written by researchers demonstrating vulnerabilities or showing off to their peers, but by financially-motivated hackers who have recognized there is a viable and profitable market in infecting Macs alongside Windows PCs. For example, many versions of the malicious OSX/RSPlug Trojan horse, first seen in November 2007, were planted on websites designed to infect surfing Apple Mac computers for the purposes of phishing and identity theft.

Clicking on malicious email or web links takes the unwitting computer user to a site hosting malware. The malicious website examines the request made by the userís web browser and responds appropriately, depending on whether the computer visiting the site is a Mac or Windows PC. Apple Mac computers receive the OSX/RSPlug-Gen file, which is not able to infect the Windows platform. A Windows PC, however, receives the Zlobar-Fam Trojan. This approach means that the malware authors can target a much wider range of users with a single set of links Ė while the Trojans themselves are not cross-platform, the delivery mechanism is.

Graham Cluley, senior technology consultant at Sophos said:
No-one should underestimate the significance of financially-motivated malware arriving for Apple Macs. Although Macs have a long way to go in the popularity stakes before they overtake PCs, particularly in the workplace, their increased attractiveness to consumers has proven irresistible to some criminal cybergangs. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there's a chance they could send a clear message to the hackers that it's not financially rewarding to target Macs. If they fail to properly defend themselves, however, there's a chance that more cybercriminals will decide it's worth their while to develop more malware for Mac during 2008.


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th