The Mac Malware Landscape – The Early Days

bitdefender article2

Opportunities multiply as they are seized, reads a famous line in Sun Tzu’s Art of War. It holds true on the battleground, as it does in cyberspace. And in more than a decade of writing commercial Mac malware, cyber-criminals have had lots of seized opportunities.

2017 has brought a noteworthy increase in the number of threats and malware infections targeting Mac OS X computers. In the past, the frequency of attacks against Windows and – later – Android users led to a widespread misconception that Apple products were untouchable. This, in turn, created a vicious circle where more market share means more attention from cyber-criminals.

The difference is that Mac malware activity in 2017 is far more aggressive than even in 2016, and, in some cases, difficult to detect, as hackers regularly improve distribution methods. Contrary to popular belief, Macs are also at risk, and Mac-designed malware is definitely not new.

Back in the ‘80s, the Elk Cloner malware started spreading unhindered among Apple II systems through infected floppy disks, the only tool available at the time for sharing information between one device and another. Elk Cloner created major chaos, as back then users were clueless about computer security and even rudimentary antivirus solutions were years away. And that was only the beginning.

Some malware families were detected between 1987 and 2003 for the early Apple operating system. These include nVir, another threat that relied on floppy disks to infect computers, the HyperCard virus, and Garfield, also known as MDEF.

In 2004, with the adoption of the modern Apple operating system, the first malware variant was allegedly created specifically for OS X. Introducing Renepo, a worm that messed with Mac firewall and security. It was not very complex, nor did it infect many users. Amphimix was another interesting program from 2004, disguised as an MP3 file, but it was uncommon and believed to have been designed to reveal vulnerabilities in the software.

Only in 2006 did researchers come across Leap, also known as Oompa Loompa, the first Trojan designed for Macs. Since the user had to go through several steps to download the Trojan, decompress, and open the file sent on iChat, Oompa Loompa didn’t gain a lot of traction. Then came Inqtana, a worm that spread through an unpatched vulnerability.

Around 2007 and 2008, Apple finally admitted its computers were not untouchable and advised users to install security software on their Macs. A milestone had been reached. Step by step, Mac malware evolved and became more complex, relying on social engineering and phishing tactics to infect a high number of users.

The 2008  BadBunny program infected users through an OpenOffice Draw file, then displayed an explicit image with a woman and a man in a rabbit costume. But then things got more serious once RSPlug was detected, the first financial malware for Mac that posed as a video codec for pornographic videos. MacSweeper and Imunizator used scareware messages to convince users to install software to patch system vulnerabilities or remove nonexistent malicious files.

The first decade of the 2000s was surely a trial by fire for Mac users, but complex malware had just started to eat into the apple. Fortunately, advanced security solutions for Mac OS X were just around the corner, after years of development and testing. Stay tuned for the second episode of our Mac malware saga!