“I’m buying a Mac,” your friend tells you. “Macs don’t get viruses.”
As anyone who has felt the panic that comes with realizing their PC is infected with malware can tell you, the lure of a virtually virus-proof Apple product is strong. Once you’ve been stung by malware that steals your personal information or takes over your machine, you’re willing to do anything to prevent it from happening again.
Until recently, Mac’s reputation for being impervious to viruses has been well-deserved. It’s only been the past few years that sales of the computers have begun to creep up on PC sales and they still only hold about a third of the entire computer market. It’s this relative scarcity that has actually been the biggest boon to its virus-free reputation. Because so few people actually used Macs, it wasn’t worth the time and effort for cybercriminals to develop malware to attack them.
However, as the number of users has grown, Macs have lost a lot of their immunity to malware — and security experts are warning Macs are just as vulnerable to infection as PCs. In some ways, they are even more vulnerable.
Yontoo and Flashback
In the fall of 2011, Mac owners were hit with an early version of a Trojan horse virus — and by some estimates, more than half a million machines worldwide were infected. The malware exploited Java vulnerability; users who visited infected websites were prompted to download bogus versions of Adobe Flash player via a message indicating a Flash error. When the user downloaded the fake player and accepted the security certificate claiming to be from Apple, the malware was installed — and immediately began disabling Mac’s Virus Protection.
Since then, the virus has morphed into a more powerful version that exploits other weaknesses in Java. Version two, known as “Flashback,” does not require the user to download or install any software — it installs itself from an infected site. Flashback malware prompts the user for an administrator password, but if the password is not provided it will still install via any vulnerable apps on the machine. The “Flashback” malware is especially worrisome, as it is focused on stealing passwords, allowing criminals to steal a user’s money and their identity.
Perhaps less dangerous, but nevertheless annoying, is the increase in adware targeting Mac users. The most recent detected threat is a Trojan known as Yontoo, which downloads software via a media player that tracks and transmits information about online activity to a central server. What’s notable about Yontoo to security experts is the fact it was originally designed for Windows. The fact it’s now attacking Macs as well indicates cybercriminals are now writing malware to attack both types of machines — and that Macs’ days of virus immunity appear to be over.
Protecting Your Mac
For years, Antivirus Software has been marketed almost exclusively to Windows-based PC owners. While Macs do come with a form of virus protection in Gatekeeper, that protection does not extend to components like Java or web-browser plug-ins. However, with Apple’s increased market share and the increase in reported attacks on Macs, it’s becoming clear the formerly invincible machines need more robust virus protection. If nothing else, a Mac with antivirus software prevents it from becoming a conduit for Windows-focused malware. With such protection, a Mac owner can clean infected files they receive from Windows machines and avoid passing them on to other PCs.
Mac owners additionally need to consider taking precautions that they may previously have dismissed as being a “Windows problem.” Keeping components updated prevents vulnerabilities, such as those that allow Flashback malware to take hold and being selective in the apps you download can prevent inadvertently installing malware or creating system vulnerabilities.
As cybercriminals become more sophisticated and more intent on stealing information, Macs have become as vulnerable as any other computer to malware and cyber attacks. It’s no longer safe to assume your Mac won’t be compromised – for if you believe that now, you could be sorry later.
Writer Natasha Gajewski has worked for a cyber security firm for most of this past decade. An Apple fan for life, she has yet to experience a virus on her devices, but she updates her antivirus software frequently.