Mac Malware Evolves - No Install Password Required 374
An anonymous reader writes "The latest versions of the Mac Defender malware attacks no longer require users to enter their admin credentials (username and password) upon install. A threat called 'Mac Guard' installs itself into areas of the Mac OS X system that only require standard user privilege. On Windows the criminals did this to avoid UAC warnings, and have copied this trick to their Mac OS X releases."
More damaging for Apple than most think... (Score:1, Interesting)
Re:PEBKAC (Score:4, Interesting)
Just putting itself in the Applications directory doesn't do anything special, users still have to run it. The Applications directory isn't setuid or anything like that, it doesn't make the app run as root, it doesn't have anything to do with startup or anything else, you're just allowed to create files in the Applications directory.
As I pointed out elsewhere, the intelligent thing to do would be to install to the users home directory as most non-techie Mac users will NEVER look in their home directory and notice it, thats just someplace they don't generally have to go, thats what the Documents, Pictures, Music and other folders are for. Unlike the Applications directory where users are bound to be looking at least once in a while.
The end result would be the same, all its going to do is effect a single user.
Now if it was intelligent, it'd modify the plist of an existing app to take itself on as the app launcher, then start the real app itself, which would possibly be used by other users on the system. You wouldn't be able to do it to the Apple builtin apps as permissions still require you to be root to modify it, but some other app the user installed will be owned by them and modifiable.
Back when they were asking for a password, they should have been installing a kernel extension to cloak themselves and make removal without booting from a clean drive impossible.
This 'malware' is like most Mac users, its a joke, its not even a little bit impressive, it just happens to be the first one noticed.
Just wait until the Windows malware writers start putting some effort into OSX, THEN it'll get nasty.
Re:No surprises here (Score:5, Interesting)
Good News for the App Store (Score:5, Interesting)
Re:No surprises here (Score:1, Interesting)
Follow up. I find it interesting that they gloss over the fact that to completely avoid this all you need to do is turn off download safe files in safari, and/or not be stupid. Their solution is to purchase their anti-malware package for Mac. Question for samzenpus, how much did these guys pay you to post this?
Spoken like a true apple fanboi. The same "not be stupid" can be said for all OSes, even windows. Apple has a big enough market share, and rich enough non-tech savvy users to make the platform a target for criminals. Get used to it, it won't go away now. Brought to you from the company that allows closed devices to be rooted by merely visiting a website!