It used to be that Mac users didn’t really have to worry about malware. But we live in a brave new world with easy internet access and a bunch of jerks, so the good ‘ole days are over. A new strain of Mac malware uses a familiar method to gain entry to your computer, but it’s the way it takes over that makes it particularly nasty.

The initial malware package is loaded by a standard phishing attack. The hackers send an email saying that there’s issues with your tax return, with details in a .zip file attached. When you try to open the .zip folder, the malware package instead installs a small executable named AppStore.

That program then runs every time you boot the computer up, until the full malware package has been installed. Once that happens, users will see a fake macOS update page which looks decently close to the real thing. The “update” page sits on top of every other window, and prevents you from using your computer until you hit update.

Once you hit update, you’re prompted to enter your password. That’s where the really nasty stuff starts. Using the administrator privileges just granted, the malware installs dark-web surfing program Tor, and changes your web settings using a developer certificate, so all your web traffic gets routed through a third-party proxy server.

With all that established, the attacker can see and modify all your web browsing behavior, including any data sent over encrypted web links that would normally be secure. With that kind of access and a little time, the attacker will be able to steal most people’s login info for every site, online banking details, and anything else you can really think of.

As per usual, the best defence isn’t antivirus software: it’s strong account security and a healthy skepticism of any email attachments. Not opening attachments unless they’re from a well-trusted source is a good start; using two-factor authentication on all your accounts, particularly important emails and online banking, will mitigate the potential damage from a hack.

View Comments