5 Easy Ways to Infect Your Mac With Malware

65

Mac users have it easy when it comes to computer security. There’s no need to run resource-hogging anti-virus software, worry about the lion’s share of exploits that specifically target Windows users, and your Mac will even scream at you for trying to install software from an unknown source.

As a result you might think it’s pretty difficult to infect your Mac with malware, but there are always exceptions. Apple’s desktop operating system can be compromised in a number of ways — here’s five of them.

Download Pirated Software

This is probably the most obvious way to put your Mac at risk, and the same is true for Windows users. You could however argue that Windows users are in a better situation purely by virtue of the fact that there are a huge number of virus scanners available for the platform, and most users understand the importance of security software on Windows. Personally I haven’t got a virus scanner on my Mac, and I doubt you have either.

That’s because Apple’s operating system has long been considered a relatively safe platform, but when you install software you’re opening that platform up to third parties. While it’s likely that many (most?) providers of pirated software out there are mostly concerned with making paid software available for nothing, there’s no way to know for sure.

cracked_apps

There’s a huge amount of trust involved in running keygens and other third-party activation tools to crack expensive software packages. There’s no way to know what’s been tampered with, and by who. While your Mac sandboxes software by default, anything that asks for an admin override to gain unfettered access to your system should ring alarm bells.

It’s also unwise to trust everything you read in the comment section of your favorite torrent tracker. While the software may indeed work once all of the steps have been followed, many users may not realize they are infected. A blog post by Sophos published in May 2016 mentions infected torrents consisting of a reworked version of iWorks (Apple’s office suite), a reworked version of Xcode (Apple’s developer tool), and even a download of Linux Mint that included Linux-specific malware.

If you don’t want to install more than you bargained for, stick to free alternatives or open your wallet and download software from legitimate sources.

Install Fake Anti-Virus Software

Remember Mac Defender? It surfaced in 2011 and positioned itself as an anti-malware tool that could help you clean up your infected system. The scam was made all the more believable by a fake webpage that warned users they had been compromised, and that installing Mac Defender was the best way to rectify the situation. The problem became so widespread that it prompted Apple to post instructions about removing and avoiding the software.

Generally speaking, the dodgier the website the more likely you are to see such a bogus warning. This goes hand-in-hand with pirated software, though these adverts have a tendency to infiltrate legitimate advertising networks too. Many take control of your browser, flooding you with pop-up dialog boxes that require you hit “Continue” which in turn serves a bogus download.

mac_defender

While online virus scanners do exist, they don’t present themselves as unwanted tabs or start unsolicited scans of your system while you are browsing the web. Many browsers protect against this sort of dishonest and aggressive approach by providing flood protection against dialog boxes, and in the case of some browsers (like Chrome) blocking access to websites altogether.

Related:  How to Disable the Action Center Taskbar Icon in Windows 10

After lying to you about having an infected machine, scams like this usually install ransomware which requires you hand over some cash in order to remove the software you didn’t need in the first place. There are legitimate Mac antivirus programs available, but you really only need a few free tools for a secure system.

Use Unpatched Flash

The Flash browser plugin is Adobe’s leakiest product, responsible for more of the company’s security issues than any other single product. So far in 2016, more than 200 vulnerabilities have been recorded. It’s also becoming more and more obsolete, as technologies like HTML5 allow modern browsers to perform many of the same tasks natively.

Flash is outdated, poses a security threat and, thanks to a concerted effort by the industry, is currently being phased out. As recently as last year we called for users to uninstall Flash altogether as it’s quite possibly the biggest threat to platform security on any operating system. But don’t just take our word for it — in June 2016 Apple started automatically blocking versions of Flash that are out of date in the Safari browser.

security_safari

Firefox disabled Flash at one point, and Google’s Chrome browser has long included a sandboxed version of Flash which restricts the plug-in by running it in a secure environment that can’t hurt your PC. If you are running Safari, you can force the browser to ask you to “trust” websites that try to run Flash under Preferences > Security >Plug-in Settings.

It’s worth noting that even running the latest version of Flash doesn’t mean you’re safe, as zero-day vulnerabilities where the vendor (Adobe) isn’t given time to fix the exploit before its details are made public still pose a threat. If you really want to be safe, disable Flash altogether in Safari by unchecking Flash in Preferences > Security >Plug-in Settings, or better yet uninstall it from your system completely.

Enable Java’s Browser Extension

Noticed a pattern forming yet? The biggest security concern faced by Mac users comes predominantly from third-party software. By design, Apple’s operating system is generally pretty secure (but only a fool would believe it’s completely water-tight). Another way of opening your system up to attack is by installing Java and its browser extension, which allows you to run software written in Java right in the browser.

Not to be confused with JavaScript, Java is a programming language that and runtime environment that some apps require you install before they will work properly. It has also been used to run software — known as applets — on web pages, and exploited as such. If you ever played Minecraft in its early beta days, you’d have been running a Java applet in your browser.

When the technology first arrived in 1995, it was a game-changer and allowed for the development far more advanced web-based software than ever before. But Java’s browser plugin quickly built up a reputation for putting devices at risk, running malicious code within the browser, and untimely updates from Oracle themselves.

Related:  Read Xbox One S Reviews, Apple Thinks the iPad Pro Is a Computer… [Tech News Digest]

The Java Runtime Environment, which allows users to build and distribute standalone apps, has proven to be just as secure as any other development framework; but there have been many flaws in the way the Java browser plugin handles sandboxing. Oracle has demonstrated time and time again that they are unable to secure the technology, and now major browsers have started to phase it out.

In 2015 Google’s Chrome browser dropped Java and a few other plug ins entirely, making it impossible for them to run. If you’re using Apple’s own browser, you can disable it entirely by unchecking the relevant box in Safari’s Preferences > Security > Plug-in Settings menu.

It’s unlikely you’ll need to rely on websites that use the Java browser plugin any more, and if you do there are likely alternatives you can turn to that use a more modern technology. For that reason you can uninstall Java and its browser plugin altogether, or at the very least limit your system to the Java Runtime Environment for running local software.

Blindly Trust Apps & Browser Extensions

Since GateKeeper came along, Apple has been meddling in your Mac’s affairs on a third party software level. The technology prevents unsigned applications from running by default, and can even be locked down to only allow software from the Mac App Store to run. This means that by default your Mac can’t just run software from anywhere — you have to disable the feature or override on a per-app basis under System Preferences > Security.

The reality is that most unsigned software is safe, even if it isn’t signed by Apple. Of course there are exceptions, but the reality is that your own discretion is one of the most valuable security tools you have available. Not all developers can justify the cost of enrolling as a trusted developer, and others have to work outside of the boundaries set by the Mac App Store. Many apps that we recommend here at TheGN are not available on the App Store, nor are they signed by a “trusted” developer — but they’re still legitimate apps that won’t harm your system.

gatekeeper

App sandboxing exists in OS X to safeguard your machine, which prevents apps from having unfettered access to your system. App permissions also help restrict your computer giving away too much information about you, just like in Apple’s mobile operating system iOS. Your Mac will now ask you if you consent to an app having access to your Contacts, or to manage your Accessibility options.

Some apps require admin-level permissions, and require you enter your admin password upon installing or when trying to perform a certain operation. These are apps you want to keep an eye on, but you don’t necessarily need to distrust all. Most will simply need a higher level of access, like all-in-one Apache, SQL and PHP installer XAMPP, or Duet Display which turns your iPad or iPhone into a second display but requires the installation of a driver in order to do so.

Related:  Top Programs That Can Make Your Computer Run Faster

Other apps may pose a risk — some third party tweaks apps may ask for admin-level permissions to run sudo commands, which you could just run yourself in Terminal. The more obscure the app, the higher the risk — above all avoid apps that are hosted on file lockers like Mega or cracked apps downloaded via BitTorrent.

Browser extensions should also be treated with the same level of scrutiny. Whenever you add a new extension to Chrome, Firefox, or Safari, you’re explicitly allowing another piece of code to run inside your browser. While attempts are made to mitigate this sort of intrusion using measures like Chrome’s permissions system, many browser plugins ask for full access to your browsing data. They can be used to scrape personal information and credentials, and even insert adverts into web pages without your knowledge.

safari_extensions

As a result, question every browser extension you have installed. On Safari, you can head to Preferences > Extensions and click on a browser to reveal the Uninstall option. Regardless of which browser you’re using, it’s better to get rid of extensions you rarely or never use to free up space, resources and revoke unwanted access to your browsing data.

Sometimes apps you trust that are already installed can put you at risk, though these occurrences are few and far between. In March 2016 it was found that an update to trusted Mac BitTorrent client Transmission was infected with ransomware, which compromised your Mac simply by installing the update. Fortunately developers pulled the update and issued a new version, as well as instructions for removing the update altogether.

Don’t Be Scared

Security is one of the things Apple has a history of getting right. As more people buy Macs, and Microsoft tightens up security on their end, malware developers often turn their gaze towards Apple. The reality is that the pay-off is still relatively low due to a small installed user-base, so your Mac isn’t as big a target as you probably think it is.

The biggest threat to your Mac usually comes from third-party software like web plug-ins and browser extensions that harvest your information. Many such exploits can be used across multiple platforms, so the pay-off is bigger. Fortunately the reliance on security risks like Flash and Java is waning, as the technologies are phased out in favor of more secure modern technologies.

Most Mac users are used to not requiring any additional security software, and that’s largely true. You still may want to exercise a bit of common sense when installing software and providing admin-level access to applications that request it though — just to be safe.

Have you ever had an infected Mac? Tell us all about your security problems (or lack of them) below.

65 comments

  • Thank you for sharing superb informations. Your website is so cool. I am impressed by the details that you¡¦ve on this blog. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for extra articles. You, my pal, ROCK! I found just the information I already searched all over the place and just could not come across. What a great web site.
  • I like what you guys are up too. Such clever work and reporting! Keep up the excellent works guys I¡¦ve incorporated you guys to my blogroll. I think it'll improve the value of my website :)
  • This is really interesting, You are a very skilled blogger. I have joined your feed and look forward to seeking more of your magnificent post. Also, I've shared your site in my social networks!
  • Very good written article. It will be supportive to anyone who usess it, including yours truly :). Keep up the good work - looking forward to more posts.
  • I've been surfing online more than 3 hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. Personally, if all web owners and bloggers made good content as you did, the net will be much more useful than ever before.
  • Definitely believe that which you said. Your favorite reason seemed to be on the net the simplest thing to be aware of. I say to you, I certainly get annoyed while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks
  • I was just searching for this information for some time. After six hours of continuous Googleing, finally I got it in your website. I wonder what is the lack of Google strategy that don't rank this type of informative web sites in top of the list. Usually the top sites are full of garbage.
  • I'm extremely impressed with your writing skills and also with the layout on your blog. Is this a paid theme or did you modify it yourself? Anyway keep up the nice quality writing, it is rare to see a great blog like this one today..
  • I am so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that's at the other blogs. Appreciate your sharing this best doc.
  • download film terbaru Thanks a ton for blogging this, it was very helpful and told a ton Thanks a ton for blogging this, it was very helpful and told a ton
  • As I site possessor I believe the content matter here is rattling magnificent , appreciate it for your hard work. You should keep it up forever! Best of luck.
  • Wow! This could be one particular of the most useful blogs We've ever arrive across on this subject. Basically Great. I'm also an expert in this topic therefore I can understand your effort.
  • Its like you read my mind! You seem to know a lot about this, like you wrote the book in it or something. I think that you can do with some pics to drive the message home a bit, but other than that, this is great blog. A great read. I'll certainly be back.
  • I like what you guys are up also. Such smart work and reporting! Carry on the excellent works guys I¡¦ve incorporated you guys to my blogroll. I think it will improve the value of my site :)
  • It¡¦s actually a cool and useful piece of info. I am happy that you shared this useful info with us. Please keep us informed like this. Thanks for sharing.
  • Excellent web site. Plenty of helpful info here. I am sending it to a few buddies ans also sharing in delicious. And naturally, thank you for your effort!
  • I together with my buddies ended up reading through the great secrets and techniques from your web blog while before long I got a terrible feeling I never thanked you for those techniques. These men came so very interested to learn all of them and have now certainly been making the most of these things. I appreciate you for being so helpful as well as for going for this sort of helpful subject matter millions of individuals are really needing to understand about. My honest regret for not expressing appreciation to you sooner.
  • Useful info. Fortunate me I found your website accidentally, and I'm surprised why this twist of fate didn't happened in advance! I bookmarked it.
  • I would like to point out my appreciation for your kindness for folks who must have assistance with this theme. Your personal dedication to passing the message along turned out to be extremely informative and has specifically empowered regular people just like me to attain their aims. Your valuable guidelines can mean much a person like me and far more to my peers. With thanks; from everyone of us.
  • Great tremendous things here. I¡¦m very satisfied to look your article. Thanks a lot and i am having a look ahead to touch you. Will you please drop me a e-mail?
  • Normally I do not learn post on blogs, however I wish to say that this write-up very pressured me to take a look at and do so! Your writing style has been surprised me. Thanks, quite nice article.
  • Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with some pics to drive the message home a bit, but other than that, this is wonderful blog. A fantastic read. I will certainly be back.
  • Magnificent beat ! I would like to apprentice while you amend your website, how could i subscribe for a blog website? The account aided me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear idea
  • I carry on listening to the news lecture about receiving free online grant applications so I have been looking around for the top site to get one. Could you advise me please, where could i get some?
  • Wonderful beat ! I would like to apprentice while you amend your site, how could i subscribe for a blog site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept
  • Wow, amazing blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is wonderful, let alone the content!
  • Hi there, You have done an incredible job. I will definitely digg it and personally suggest to my friends. I'm confident they'll be benefited from this web site.
  • Whats Going down i am new to this, I stumbled upon this I have found It positively useful and it has helped me out loads. I am hoping to contribute & aid other customers like its helped me. Good job.
  • wonderful post, very informative. I wonder why the opposite experts of this sector do not realize this. You should proceed your writing. I am confident, you have a huge readers' base already!
  • I do consider all the ideas you've offered for your post. They are very convincing and will definitely work. Still, the posts are very short for beginners. Could you please extend them a little from subsequent time? Thank you for the post.
  • I was recommended this website by my cousin. I am not sure whether this post is written by him as no one else know such detailed about my problem. You are wonderful! Thanks!
  • Great work! This is the kind of information that should be shared across the net. Shame on Google for now not positioning this post upper! Come on over and seek advice from my website . Thanks =)
  • I keep listening to the news speak about getting free online grant applications so I have been looking around for the most excellent site to get one. Could you advise me please, where could i find some?
  • Hello there, just became aware of your blog through Google, and found that it is truly informative. I’m going to watch out for brussels. I will appreciate if you continue this in future. Many people will be benefited from your writing. Cheers!
  • I'm very happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this greatest doc.
  • Thanks for another informative site. The place else could I get that type of information written in such a perfect means? I've a challenge that I'm simply now running on, and I have been at the look out for such info.
  • Hi, Neat post. There is an issue together with your site in web explorer, may check this¡K IE still is the marketplace chief and a big portion of people will omit your wonderful writing because of this problem.
  • Valuable information. Fortunate me I found your web site unintentionally, and I am surprised why this twist of fate did not happened earlier! I bookmarked it.
  • I delight in, lead to I discovered exactly what I used to be having a look for. You have ended my 4 day long hunt! God Bless you man. Have a nice day. Bye
  • I simply wanted to make a word so as to appreciate you for the marvelous tips and hints you are giving at this website. My rather long internet investigation has finally been rewarded with really good details to exchange with my partners. I would point out that we readers are rather fortunate to live in a magnificent site with many special people with very helpful techniques. I feel extremely happy to have encountered your entire web pages and look forward to plenty of more fun minutes reading here. Thanks a lot once again for all the details.
  • Thanks a lot for giving everyone an extremely superb chance to discover important secrets from this website. It can be so fantastic and also packed with a lot of fun for me and my office peers to search the blog minimum three times weekly to see the latest stuff you have. And definitely, I am actually amazed considering the mind-blowing tactics you serve. Selected 3 points in this post are easily the simplest we have all had.
  • Whats Taking place i'm new to this, I stumbled upon this I have found It absolutely useful and it has aided me out loads. I am hoping to give a contribution & aid other customers like its aided me. Great job.
  • Very good written article. It will be supportive to anyone who employess it, as well as me. Keep doing what you are doing - looking forward to more posts.
  • I was just seeking this information for a while. After 6 hours of continuous Googleing, at last I got it in your site. I wonder what is the lack of Google strategy that do not rank this type of informative web sites in top of the list. Normally the top web sites are full of garbage.
  • I am not sure where you are getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for wonderful information I was looking for this info for my mission.
  • of course like your web-site however you need to take a look at the spelling on quite a few of your posts. Many of them are rife with spelling problems and I to find it very bothersome to tell the truth nevertheless I¡¦ll definitely come back again.
  • Hey, you used to write great, but the last few posts have been kinda boring¡K I miss your tremendous writings. Past few posts are just a little bit out of track! come on!
  • I have been browsing online more than 3 hours today, yet I never found any interesting article like yours. It’s pretty worth enough for me. Personally, if all web owners and bloggers made good content as you did, the web will be much more useful than ever before.
  • Wow, superb blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your website is excellent, let alone the content!
  • you're actually a good webmaster. The web site loading pace is incredible. It seems that you are doing any unique trick. Furthermore, The contents are masterwork. you've done a wonderful activity in this subject!
  • I am just commenting to let you be aware of what a beneficial encounter my wife's daughter went through studying yuor web blog. She mastered many pieces, not to mention what it's like to have an ideal giving heart to make men and women really easily completely grasp selected specialized subject matter. You truly surpassed readers' expectations. Thank you for coming up with those invaluable, safe, explanatory and easy tips on this topic to Janet.
  • I must show appreciation to you just for bailing me out of this problem. As a result of browsing through the world wide web and coming across notions which were not pleasant, I thought my life was done. Existing without the solutions to the problems you have solved by way of your website is a crucial case, as well as those that might have adversely damaged my entire career if I hadn't noticed the blog. Your own competence and kindness in maneuvering all the stuff was useful. I'm not sure what I would have done if I had not come upon such a solution like this. I am able to at this moment look forward to my future. Thanks for your time very much for this high quality and effective guide. I will not be reluctant to refer the website to anybody who should have guide on this matter.
  • you are in reality a just right webmaster. The web site loading velocity is amazing. It kind of feels that you're doing any distinctive trick. Also, The contents are masterwork. you have performed a wonderful activity on this topic!