Hackers Exploit MacKeeper Flaw To Spread OS X Malware 63
An anonymous reader writes: Controversial OS X 'clean-up utility' MacKeeper is being exploited by cybercriminals to diffuse Mac malware OSX/Agent-ANTU, according to the BAE cyber security unit. A single line of JavaScript on a malicious web-page is enough to hand over control of the user's system via MacKeeper. Lead security researcher Sergei Shevchenko said 'attackers might simply be 'spraying' their targets with the phishing emails hoping that some of them will have MacKeeper installed, thus allowing the malware to be delivered to their computers and executed,' The malware enables remote control over commands, uploads and downloads, and the setting of execution permissions, as well as granting access to details of VPN connections, user names, and lists of processes and statuses.
BAE caught me slippin... (Score:2)
Huh? (Score:5, Insightful)
Re: (Score:1)
The problem with Windows is that it auto-installs a lot of viruses or allows the user to install something without prompting for elevated privileges. They then changed it so that everything is asking for elevated privileges so now users just type it in regardless.
Re: (Score:1)
> The problem with Windows is that it auto-installs a lot of viruses
In what way? And if you say autorun.inf I'll reach through the screen and punch you, this isn't pre-XP SP2.
Re: (Score:1)
That is how I read his post: Windows used to allow the user to install software without notification which spread a lot of viruses and other malware. But Microsoft changed this behavior and now Windows asks for elevated privileges so often and for the most simple things that many users simply started to click 'yes' on every window to get the job done.
Re: (Score:2)
The problem with Windows is that it auto-installs a lot of viruses or allows the user to install something without prompting for elevated privileges. They then changed it so that everything is asking for elevated privileges so now users just type it in regardless.
2001 called, it wants it incorrect argument back.
For a long time, even pre-SP2 XP malware relied upon social engineering to be installed. Even the dumbest users didn't open an email attachment without a reason in the 90's unless it said something like "Denise Richards naked with hot grits". Social engineering has always been and still remains the number one infection vector for malware and since the mid 2000's it's been the vector for 99% of Windows malware.
Re: (Score:2, Flamebait)
Exactly.
Unlike Windows, the *nix-like nature of OSX keeps it pretty damned clean. Aside from the rare "Repair Permissions" run in Disk Utility to fix something that opens funny, you shouldn't have to do anything on a Mac for OS maintenance. Hell, I had a dual G5 PowerMac that ran 10.3 for years on end w/o any kind of OS-level maintenance, yet it never slowed down.
Stupid Registry BS...
Re: (Score:2)
To be honest, I haven't had to touch the registry since begrudgedly getting Windows 7 for gaming. Even using it for pretty much day to day tasks, there isn't much reason to dig into the registry unless you can't find off the shelf util's to do it for you. Ex. I WOULD use it to make windows look like Windows 2000, but thankfully all of those lovely settings (and lots new code) exposed through Windows Classic Shell. In order to make my ideal desktop functional without haivng to dig around in obscure systems f
Re: (Score:2)
there isn't much reason to dig into the registry unless you can't find off the shelf util's to do it for you.
That's the thing... I don't even have to do/use that. No need for CCleaner or any such utility. Sure, OSX has OS-level utilities (see also the old Onyx utility), but nearly all of them are either for performance-tweaking or Hackintoshing, not day-to-day cleanup/maintenance.
Re: (Score:3)
Re: (Score:3, Insightful)
Re: (Score:2)
not sure if you're talking about Cisco devices or iPhones...
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Err, waitaminute... assuming you're not talking about Cisco IOS, there is no such thing as an "iOS" box from Apple. There is an iOS emulation environment within OSX (comes with XTools), but that's a totally different thing.
Second, the number of iOS devices out there number in the hundreds of millions - iPhones, iPads, now the iWatch thingy... so, well, what do you mean "a lot less"?
Also consider that any development box, of any OS brand or type, is going to need periodic cleanups, because the typical develo
Re: (Score:2)
I've worked in the middle of a bunch of IOS techs for years. They have all the problems that windows users have, just with some different names, and a few variations of specifics, this includes malware. The main reason there are so many less infectors is because they are a much smaller priority for the scum making the malware because there are a lot less IOS boxes than there are Windows boxes. They are looking for quantity, whether it's part of a scam to get money, or to score points for destroying someones data, and targeting IOS is automatically limiting your maximum targets. Hate windows all you want, but don't ever mistake obscurity for any kind of real security.
You are truly an idiot.
WTF is an "IOS[sic] box"???
Not even a nice try.
Re: (Score:2)
You're already at +5. I wish there was +6, Jesus I Need a Drink
Re: (Score:2)
I thought MacKeeper was already malware.
Damn straight - Stay well away from that shit.
You don't say? (Score:2, Insightful)
A crapware "product" to "solve" a usually non-existent "problem", most heavily promoted by deceptive pop-ups on porn sites, turns out not to be entirely trustworthy? I'm shocked, shocked, I tell you!
Re: (Score:1)
MacKeeper itself is malware (Score:1)
It tricks people into installing it with sleazy ads, does nothing useful (and often stuff that is harmful) while slowing down the victim's system. I've yet to meet someone running it that wanted it on their computer.
And now yet another reason to avoid it.
I wish Apple would revoke their dev certificate so the low-info users could at least be protected from this shit by Gatekeeper.
Big deal... (Score:2)
If you have the MacKeeper malware on your Mac, it means you are already installing any malware/crapware/virus etc on your system by yourself. This added attack vector is not even needed...
Wait, wait.... (Score:1, Troll)
Re: (Score:2)
But all the Mac fanbois tell me that Apple products never get viruses....
Bet you don't see the irony of that statement.
Re: (Score:3)
But all the Mac fanbois tell me that Apple products never get viruses....
This is a Trojan. Every OS will ultimately allow $StupidUser to defeat $SECURITY_FEATURE to install ANYTHING from ANYBODY from ANYWHERE. But, without going into details, OS X has several redundant features that both make the $StupidUser far less likely to just casually click-install their way into slavery, and to attempt to minimize the damage that can be wrought by $MALICIOUS_CODE.
Nothing is ever foolproof; but OS X is pretty damned secure; to the point that AV apps are still unnecessary.
Re: (Score:3)
If Trojans are called viruses on Windows they can be called viruses on OS X.
No.
Windows used to (maybe still does) have examples of true, self-replicating malware. Those are legitimately called "viruses".
OS X has never had a virus. Only Trojans. BIG difference, since ANY OS that allows the installation of software can fall prey to a USER-INSTALLED Trojan; but only non-secure OSes can support virus propagation.
Nice try, but repeating an error is not a justification for committing the error in the first place. Or, as my Mom used to say "Two wrongs don't make a right."
Re: (Score:2)
Win32.Rmnet.12 is a complex multi-component file infector, consisting of several modules. This program is capable of self-replication.
Re: (Score:3)
Why? If you don't like JS, turn it off. JavaScript is an okay scripting language. This is talking about JS interacting with an already installed malware plugin. Off course once your computer has been compromised, you can do whatever you want. You could make it into a clapper (clap on/clap off), not that hard to do.
wow, the joke is not really a joke (Score:5, Interesting)
So the first thought I had on reading the title was the predictable joke about MacKeeper being malware. But from reading the article, it sounds to me like MacKeeper installs a custom URL handler, which directs to a process that they installed which parses a command script from the URL and executes it. So, a component which allows any web site to run code outside your browser. That's malware, not in the sarcastic "less-than-useless" sense, but in the literal "actively installs attack vectors" sense.
Re: (Score:2)
If it isn't malware, it's massively badly written code by a bunch of idiots.
Once again, companies take shortcuts, and add in security holes.
I'm not entirely sure I know anything about MacKeeper, what with me not having used a Mac in a very long time ... but this sounds idiotic.
CRAZY TALK! (Score:2)
Re: (Score:3)
The only idiot here is the one who apparently doesn't realize that MacKeeper has as much to do with Apple as Flash has to do with Microsoft.
Re: (Score:2)
Apple just works! Even when badly written by a bunch of idiots!
Pssssst! Mackeeper is not code written by Apple! Keep it under your hat!
Just thought I should let you know before you make yourself look like a fool.... oh, sorry. I was delayed in traffic. If only I'd made it here sooner!
Never mind.
Re: (Score:3)
Reality distortion field: activated.
We're seeing a slow backing-away from the ideal:
- Mac doesn't get viruses.
- Mac doesn't get viruses if you use trusted software and mainstream web pages.
- Mac doesn't get viruses if you use Apple software and the Apple website.
- Mac doesn't get viruses if you don't use it.
- Mac gets viruses.
We'd all come off more honest if we just agreed that Mac gets viruses.
For the nit picky, the second-to-last in that list seems ridiculous, but it isn't. Non-user-initiated infections are possible if it's a bug in the network stack or system services and it requires no user interaction to cause the infection. This is why XP machines get infected within 15 minutes *even if you don't do anything* (and especially if you don't patch it like a rabid maniac jabbing the Windows Update button). You can claim this is impossible on a Mac if you like but I won't believe you.
What reality distortion field? I'm not sure what part of my comment would result in that, given that I was replying with a factual statement to a comment that seemed to think that Mackeeper was software written by Apple, or that somehow Apple devices were immune to bad code. Or is that just your go to attempt at an insult? Pretty weak either way.
You're arguing from a position that does not really exist - the whole "Macs don't get viruses" thing (let's ignore that this is a trojan and not a virus, but whatev
Thanks, Slashdot! (Score:1)
Meanwhile, on this very comment page for this very article about how MacKeeper is spreading malware... there are two ads on this page pushed by Slashdot for.... wait for it... MacKeeper.
Re: (Score:2)
Interesting, I'm using a Mac and I see and Ad for Azure and another for Catchpoint. Maybe because I'm in the UK
Re: (Score:1)
127.0.0.1 in my host file for MacKeeper.com (Score:1)
And I do the same on friends' machines when performing maintenance.
Not a flaw. (Score:2)
Re: (Score:3)
And because 99.999% of mac users are complete morons who think simply running the OS makes them immune to all hacking this is going to be extra effective. Good job, crapple marketing team. You've raised a whole generation of users are are completely unprepared for what's coming.
No.
Most of the people who are swelling the Mac's marketshare are coming from Windows; and a good percentage of them can't even imagine a platform essentially without malware, and so the INSIST on running AV.
Plus, OS X has some (very) basic AV capabilities of its own, too.