EN RU CN DE EN ES FR IT JP UA

Threats to macOS

Mac

macOS users are confident that no malicious programs exist for this operating system. But they are wrong.

The first ones

  • 1982 – the first Trojan for Mac appeared
  • 2006 – the first Trojan for macOS (Mac.Leap) was discovered
  • 2009 – the first Mac botnet (the Trojan Mac.Iservice) was exposed
  • June 2009 – Doctor Web released its anti-virus for macOS

Malware programs for Macs do exist, but compared with Windows, their number is relatively small.

The number of malware samples for macOS acquired by Doctor Web's virus laboratory in 2014

The number of malware samples for macOS acquired by Doctor Web's virus laboratory in 2014

The growing number of malware samples received by the Doctor Web anti-virus laboratory in 2014

The growing number of malware samples received by the Doctor Web anti-virus laboratory in 2014

So malware for Macs does exist. But how does it sneak onto computers?

Means of transport #1: Applications incorporating malicious code

The Apple Corporation claims that macOS is the operating system most resistant to malware infections.

Since—as Apple claims—no code can be executed on a Mac without the user's knowledge, the risk of infection should be rather low. Alas, this is not true.

Unfortunately, AppStore is not the only source from which Mac users download applications. Dubious download portals, on which no one checks whether an application is malicious, often offer video and software for macOS. And virus makers use this to their advantage.

Users can download malicious content themselves. As a rule, a movie is accompanied by malware in the guise of a flash player update or it can be incorporated in a compromised copy of expensive software for which the user doesn’t want to pay the developer.

In such a case, the user activates the malicious program after carelessly clicking on a button and initiating the Trojan’s installation!

In such a case, the user activates the malicious program after carelessly clicking on a button and initiating the Trojan’s installation!

So it turns out that no security measure can protect a Mac from user carelessness. No matter how hard a manufacturer tries to make an operating system secure, users download programs containing malicious code and use administrator permissions to install them!

If a Mac is operated by an inexperienced user, the risk of infection increases dramatically.

Without fail, Dr.Web SpIDer Guard will issue a warning whenever it detects a Trojan

Dr.Web SpIDer Guard обязательно сообщит об обнаруженном на Mac троянце

Only an anti-virus that has been installed on your Mac and is equipped with a resident file monitor that detects malware on the fly can show you that you've downloaded a Trojan along with a legitimate application.

Means of transport #2: Vulnerabilities

To spread malware for macOS, intruders also exploit vulnerabilities. Vulnerabilities are program code flaws that enable malware to infiltrate a Mac without user knowledge or consent.

Just like any other piece of software, macOS also has vulnerabilities.

It was namely vulnerabilities that played a major role in the first-ever outbreak of the malicious program BackDoor.Flashback.39.for macOS.

  • In February 2012 criminals started using Java vulnerabilities to spread BackDoor.Flashback.39, and after March 16 they began using yet another exploit.
  • March 2012 – Oracle released an update for the Java Virtual Machine, closing the vulnerabilities exploited by BackDoor.Flashback.39.
  • As late as April 2012, Apple released an update for its own Java implementation to close the vulnerabilities exploited by BackDoor.Flashback.39.

Outbreak! 650,000 Macs

were infected with BackDoor.Flashback worldwide

Outbreak! 650,000 Macs were infected with BackDoor.Flashback worldwide

More than 4 million websites
involved in spreading BackDoor.Flashback

Malicious websites were used to spread BackDoor.Flashback.39. At the end of March, Google search results contained links to over four million infected web pages distributing the backdoor.

How can macOS users protect their machines from infection?

Security tips from Doctor Web:

  • Only download software from the developer’s site or from the App Store.
  • To maintain real-time security, use an anti-virus that incorporates a resident monitor (e.g., in Dr.Web Anti-virus for macOS, this component is called SpIDer Guard).
  • Use the HTTP monitor Dr.Web SpIDer Gate to protect your Mac from malware on websites. It will scan all the HTTP traffic and control access to Internet sites according to various thematic categories such as drugs, terrorism, violence, etc.

Try Dr.Web Anti-virus for macOS by putting it into action

Free trial

Dr.Web for macOS is available with two products

Dr.Web Security Space

33.90 €

1 PC 1 year

The price includes VAT

Buy

All the licenses include the right to use Dr.Web Mobile Security to protect handhelds running Android free of charge.

Thank you for taking the time to familiarise yourself with these materials.




Dr.Web

© Doctor Web
2003 — 2024

Doctor Web is the Russian developer of Dr.Web anti-virus software. We have been developing our products since 1992. The company is a key player on the Russian market for software that meets the fundamental need of any business — information security. Doctor Web is one of the few anti-virus vendors in the world to have its own technologies to detect and cure malware. Our anti-virus protection system allows the information systems of our customers to be protected from any threats, even those still unknown. Doctor Web was the first company in Russia to offer an anti-virus as a service and, to this day, is still the undisputed Russian market leader in Internet security services for service providers. Doctor Web has received state certificates and awards; our satisfied customers spanning the globe are clear evidence of the high quality of the products created by our talented Russian programmers.