eXtensions - Saturday 26 August 2017

Cassandra: The Malware Bogeyman Appears - Comparing Apples and Oreos

apple and chopsticks


By Graham K. Rogers


Although I still delight in telling my students that there are no viruses for Macs (by definition), there most certainly are other types of malware, including the worm, the Trojan horse (invite 'em all in), phishing, spyware and other types that may cause more or less damage to the system, or provide access to a user's data.

the best medicine Every once in a while the specter of malware on Apple devices appears and we are all meant to run screaming into the welcoming arms of the purveyors of protection software, although as many of these threats (especially Trojans, macro viruses and phishing) are detected using signatures, someone - or several someones - has to download an infected file first before problems start. In some cases, they may never appear and it is only with the help of research that vulnerabilities are found and (hopefully) patched.

This week we were warned by Paul Wagenseil (LapTop) and Darren Allan (Techradar) about the 220% (or 230%) increase in specific types of malware now being found on Macs with a finger being pointed at the Mac App Store and its certificates. Both of these articles included quotes from the findings of Malwarebytes and a link to that site which - as luck would have it - sells a software solution, Malwarebytes for Mac.

The description on that page, however, does leave me with the question of whether they actually understand the difference between a virus and a Trojan horse (or a worm, for that matter) but still claim the security by obscurity idea: not so many Macs in use, so no one bothers to write malware, which is defeated by their own argument.

They claim that the main threats are from Adware and PUPs: Adware is software that "automatically renders advertisements in order to generate revenue for its author" (Wikipedia); while PUPs are unwanted programs that also seem to deliver advertisements. I thought all these bundling problems were connected with Microsoft's earlier releases?

clouds on the horizon

I had first seen similar problems outlined a couple of days earlier in an item by Brandon Vigliarolo (TechRepublic) and when I tracked this down again (because of what I read Saturday morning - below) this also had as its initial source the same Malwarebytes findings, but the other reports (above) had ignored the link that Vigliarolo was able to make, in that Android and macOS are similar because they have both seen increases in malware installations in the last few months. The logic is a little week here.

The article does manage to separate the platforms, in that "threats facing macOS are different than Android or Windows" (no mention of iOS at all), but those PUPs and Adware are taking their toll. To be fair, the article does mention that external sources may be the main threat for such malware. Apple's Gatekeeper will prevent many such downloads unless, like in my case, it is disabled. I am very circumspect about where my non-Mac App Store downloads come from: e.g. MacPhun, Hamrick (Vuescan), and a few others from trusted sites. Like the other articles, this one on TechRepublic closes with a "We are all doomed warning" and another link to the Malwarebytes site.

doom I was going to ignore this. After all, in the last few days there have been scores of other warnings about DDOS attacks, malware via Facebook, bank Trojans and the possible hacking of the USS McCain (now said not to be the case - although they would say that, wouldn't they?). What prompted me to fire up the keyboard was the Daily Mail online. Readers in Thailand will not be able to link to the item by Phoebe Weston, as the site is blocked here (as we all know), so don't ask how I was able to read this: not using a VPN.

Her words are almost taken verbatim from what the sources I outline above, although in the Mail's style you may doze off with the way the text is repeated (under images and again in block format). As well as the "tidal wave" of scam software, this is apparently from the Mac Apple store (sic), which none of the other sources have (two correctly cite the Mac App store).

She also mentions the ProtonRAT Trojan which only Paul Wagenseil (LapTop) mentioned, although she does have a good description of how it works as well as a rehash of the FruitFly threat: again of a couple of months ago.

So: one source, four (or more) versions of the same quasi-threat and some scare-mongering; but including Apple in a headline always ensures a few more hits. I am not sure how the mobile Android was linked to the desktop macOS. In all the noise about other threats, there is certainly a need for care by users of Macs: of any platform. Download only from reliable sources, including the Mac App Store (not "Apple" - dear me). If there are such threats from signed software, Apple is probably already examining the potential and a fix will be silently executed.

clouds on the horizon

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)



Made on Mac

For further information, e-mail to

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2017