Mac Computers and Viruses – Truth versus Myth

Compromised app containing a virus

We have lost count of the number of times that we’ve heard the phrase “Macs don’t get viruses” or “I’ve never had protection on my Mac”. Whilst this may have been true in the past it isn’t as cut and dried today and the Mac OSX operating system actually can be vulnerable, so protection is worth seriously considering especially in a work or business situation.

More difficult to exploit

The Mac is based on the UNIX operating system (as is Linux) which is more difficult to exploit as it is built on a sandbox-type principle, where malicious code cannot usually get as far as it might get in a non-UNIX based system.  Also, Apple has built in a certain degree of malware prevention in the Mac, for example their ‘Gatekeeper’ software actually blocks apps that have been downloaded from the internet (i.e. anywhere other than the Apple Store) that do not have a Developer ID supplied by Apple certifying that they are safe to use.

Unfortunately, in spite of this robustness the Mac is now becoming a victim of its own success because its increasing popularity means that cybercriminals are paying more attention to it – and finding ways of making money from you even if you are a Mac user. It’s not just that popularity – Macs are usually much more expensive to buy, so the cybercriminals may believe that Mac users are attractive targets.

Not impossible to exploit

For example, a popular Mac DVD-ripping and Video Conversion app called ‘Handbrake’ was recently compromised, by criminals hacking the software company download server and inserting malicious code into the app download. When this download was installed on a Mac, it also installed a ‘backdoor’ (a means of bypassing security). The user then was asked for their administrator password, which was passed over the internet in plain text so that the criminals could access any part of the system from that point.

By successfully avoiding having to use the ‘direct attack’ approach, this allowed important information such as password keychains and browser data to be extracted and passed to the crooks.

This compromise has now been corrected and the infected code was from a download between 2nd and 6th May 2017. If you have installed Handbrake version 1.0.7, check the SHA1 checksum of the file by opening a Terminal, typing in shasum and dragging the installation file into the Terminal Window.

If the checksum is 0935a43ca90c6c419a49e4f8f1d75e68cd70b274 then the file is malicious.

To disinfect it remove the Launch Agent plist file fr.handbrake.activity_agent.plist, and the activity_agent.app file located in ~/Library/RenderFiles/. Reboot then change your passwords.

In the past year or so a Ransomware-type malware was discovered for the Mac, so this isn’t the first time that there has been a potential issue.

Even though the Mac is more robust and secure than its main competitor, it is by no means invulnerable to malicious code and it is a risk to think otherwise. You may feel that the risk is small enough to continue to use your Mac as you always have, but at least consider the pros and cons first – as well as being very careful about where you get your apps from.

If you would like help in securing your Mac, give us a call on 01455 209505.

Share..Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestPrint this pageEmail this to someone