May 26, 2011 7:40 pm

Apple Macs hit by scareware attacks

One of the most pervasive and costly types of infection is now hitting Mac computers, signalling the end of an age of innocence for Apple customers, who until now have been spared many common cybersecurity problems.

Known as rogue antivirus or scareware, the scam programs warn PC and now Mac owners that they have been infected, then demand credit card payments to clean the machines.

The operators of the programs are typically criminals who may resell the card details or try to install more malicious software.

PCs running Microsoft’s Windows operating system have been besieged by scareware for years. Though scareware infections can begin in a number of ways, they are often triggered by the ability in popular web browsers to download programs automatically.

In the past few weeks, a large number of Mac users have run into the same problem, encountering scareware with names like MacDefender, MacSecurity and MacProtector when using Apple’s standard Safari browser for web surfing. The programs sport professional-looking interfaces and have been lurking in advertisements on media sites and links returned by Google searches.

For Mac owners running Safari in the default mode that enables downloading of “safe” files, the malicious programs began installing automatically and then prompted the users for their passwords to finish the job. If they complied, the software ran when the machine restarted, reporting bogus infections and asking for payment.

Apple’s initial response to waves of callers to its AppleCare tech support lines was unhelpful, according to leaked internal instructions posted on the tech news site ZDNet.

Staff were told to neither confirm nor deny infections and to steer callers to Apple’s online stores for security products.

Apple on Tuesday posted an article on its website acknowledging the problem and offering a guide for step-by-step removal.

The criminal gang behind the infections responded quickly with an upgrade that security researchers said allowed it to launch an installation of a bogus “Mac Guard” program without requesting user passwords. Users see an installation screen and can still abort the process, according to security company Inteko.

Apple customers have always been vulnerable to the same sort of “social engineering” tricks such as “phishing” attacks, where e-mail recipients can be duped into entering passwords or other credentials on imposter websites.

They remain far less prone to viruses than owners of Windows PCs, especially the worst, self-spreading varieties. The cybercrime world has largely ignored Macs because their market share of less than 10 per cent has made mass attacks less valuable.

But as Apple’s Mac shipments surge this is changing. Buyers are likely to be targeted, forcing Apple to rethink its security or lose one of its key selling points.

Copyright The Financial Times Limited 2014. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

NEWS BY EMAIL

Sign up for email briefings to stay up to date on topics you are interested in

SHARE THIS QUOTE