Mea culpa. At least a little bit. Give me a moment while I wipe the egg from face. According to a recent CNET article, there’s a new trojan for OS X, out in the wild and effective albeit not particularly active at the moment. You may recall that I recently (just a few days ago in fact) posted an article about malware on the Mac in which I essentially claimed you need not do anything, and that existing third party anti-malware software packages are really not doing much other than catching the random stray Windows infection when it hits your inbox. Well it appears I was a bit mistaken.
If you don’t want to read the CNET article, the nuts and bolts of the malware are that it comes in two parts. One is the downloader and one is the payload. The downloader does two things. It downloads the payload and installs it and also pops up PDF files written in Chinese with offensive political statements. The payload is a program which sets up a launch agent (i.e. another script or program that gets run each time you start your computer) which in turn does two things. One, it makes sure to keep itself in place and two, it grabs info like your username, MAC address (not to be confused with your Mac’s address), and possibly various documents and screenshots which it sends to a command and control server. It could conceivably run commands from that server but hasn’t done so yet.
This sounds scary, and if it ends up on your system, it would be. Sophos reportedly have updated their definitions to detect and remove it. So there’s that, too. However, and this is why this is “sort of” a mea culpa, the downloader does require user intervention to install. In essence, if you are not in the habit of installing untrusted software on your Mac, you are unlikely to become infected. Still, there are limits to how careful you can be. If a trusted site is hacked and you grab an infected installer as a result, that’s not your fault and it’s unlikely you could do anything to avoid that.
Malware Mea Culpa
I won’t remove the original article, though I will post a link on it to this one. I’ll alter my position and state that it’s actually a good idea to go ahead and protect yourself, even on your Mac. While there are still safety advantages to computing on the Mac, a few extra precautions won’t hurt. To that end, I would recommend installing an anti-malware package on your Mac, such as Sophos’ Anti-Virus for Mac Home Edition. Using the builtin firewall on your Mac is also a good idea though for additional protection you can download and install Little Snitch, which detects and blocks both inbound as well as outbound network requests. This can keep malware from potentially dialing home with your data even before you or your anti-malware software knows you are infected. In fact, this can be a good tripwire to know whether you are infected or not.