1 / 19

Mac Malware

This article explores the evolution of Mac malware from 2004 to 2014, highlighting significant threats such as Trojan horses, worms, and scareware. Key malware examples include the Leap worm, iMunizator scareware, and CoinThief Trojan, all designed to deceive users into compromising their systems. The discussion covers the methods employed for propagation, such as social engineering and disguise techniques, while emphasizing the risks to Mac users. Despite the popular perception of Mac safety, this analysis reveals critical vulnerabilities and the ongoing risks posed by malware.

tekla
Télécharger la présentation

Mac Malware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mac Malware By: Shane Binkerd, Shane Moreland, Travis Gardner

  2. Amphimix • Appeared in 2004 • Trojan Horse • Disguised as an MP3 file • Including the MP3 icon

  3. Leap • First appeared in 2006 • Worm • Used a graphic icon to mimic a JPG • Spread by a file claiming to be the latest Leopard Mac OS X screenshots • Through iChat messenger

  4. Inqtana • Appeared in 2006 • Worm • Used the Bluetooth OBEX Push request

  5. Jahlav • Appeared in 2007 • Trojan Horse • Fake video codec • Claims to solve an Active X object error • Disguises itself as a MacAccess installer

  6. Macsweeper & iMunizator • Appeared in 2008 • First reported scareware • Fake security application • Claimed to be a 3-in-1 Mac cleaner • Flagged legitimate applications and processes • Offered to fix for money • iMunizator closely related to Macsweeper

  7. HellRTS aka the Hellraiser • First malware of 2010 • Backdoor Trojan • Intercept passed information • Spread by Social Engineering

  8. OpinionSpy • Appeared 2010 • Spyware • Spread by part of the installation process for a number of screensavers • Allowed backdoor access

  9. Boonana • Appeared 2010 • Java-based Trojan • Can infect Windows, Linux, Mac • Spread across social network sites as a form of video • Attempt to retransmit via a reblog or repost

  10. BlackHole • Appeared in 2011 • Backdoor Trojan • Execute shell commands remotely

  11. MacDefender • Appeared in 2011 • Spread via bad links • Made use of some Safari exploits

  12. Kitmos & Hackback • Appered in 2013 • Backdoor Trojan • Allows attacker to run executables sent to victim’s machine • Take screenshots and send them to the attacker • Modifies loginitems.plist to ensure startup execution • Hackback zips .txt, .doc, .eml, .pdf, etc. and sends to attacker • Tied to Operation Hangover

  13. Icefog • Found in 2013 • Backdoor • Targeted attacks against East Asian companies and governments • Disguised as legitimate programs like AppDelete and CleanMyMac

  14. CoinThief • Appeared in 2014 • Multiple legitimate applications used to hide • BitVanity, StealthBit, LitecoinTicker, Angry Birds • Browser extensions • Attacks Bitcoin-QT wallets • Modified to send Bitcoins to remote machine • Found by only F-Secure, Sophos, Trendmicro

  15. LaoShu • Appeared in 2014 • Trojan • Spread by fake email from FedEx • Cleverly disguised as PDF of legitimate FedEx domain • Actually executable • LaoShu is digitally signed • Gatekeeper lets it pass

  16. Appetite • Appeared in 2014 • Backdoor • Seems to be aimed at government, diplomatic, and corporate targets • Contains Windows components • Uses rootkit and bootkittechniques to hide • Noted for encoding configuration data and encrypting network traffic

  17. Conclusion • There is no safe haven for Windows or Macs • Windows is a much larger percentage of the OS’s used • 9.9% Mac users • 81% Windows users (9.4% XP) • http://www.w3schools.com/browsers/browsers_os.asp

  18. References • "Antivirus scan for CoinThief - VirusTotal." Antivirus scan for CoinThief - VirusTotal. 14 Feb. 2014. 27 Apr. 2014 <https://www.virustotal.com/en/file/398aa459eea689dafdb98567644a2ab1f4d5b90cb4e3ad3a06ab7e0b2da4d8ad/analysis/>. • Cluley, Graham. "Press Releases." First ever virus for Mac OS X discovered. 16 Feb. 2006. Sophos. 27 Apr. 2014 <http://www.sophos.com/en-us/press-office/press-releases/2006/02/macosxleap.aspx>. • Cohen, Peter. "Sophos warns against iMunizator 'scareware' | Macworld." Macworld. 2 Apr. 2008. Macworld. 27 Apr. 2014 <http://www.macworld.com/article/1132800/imunizator.html>. • Cortes, Santiago. "OSX.Kitmos." Technical Details. 16 May 2013. Symantec. 27 Apr. 2014 <http://www.symantec.com/security_response/writeup.jsp?docid=2013-051616-5911-99&tabid=2>. • Leyden, John. "Scareware scammers target Mac users." • The Register. 15 Jan. 2008. The Register. 27 Apr. 2014 <http://www.theregister.co.uk/2008/01/15/mac_scareware_scam/>. • Li, Yi. "OSX.Hackback." Technical Details. 20 May 2013. Symantec. 27 Apr. 2014 <http://www.symantec.com/security_response/writeup.jsp?docid=2013-052003-5213-99&tabid=2>. • Liu, Yana. "OSX.Apptite.A." Technical Details. 13 Mar. 2014. Symantec. 27 Apr. 2014 <http://www.symantec.com/security_response/writeup.jsp?docid=2014-021723-5609-99&tabid=2>. • "Mac Malware Facts." Mac Malware Facts. ESET. 27 Apr. 2014 <http://www.eset.com/int/mac-malware-facts/>. • Niemela, Jarno, and GergelyErdelyi. "Worm:OSX/Inqtana.A." Worm:OSX/Inqtana.A. 22 Feb. 2006. F-Secure. 27 Apr. 2014 <http://www.f-secure.com/v-descs/inqtana_a.shtml>.

  19. References • "OSX/HackBack [Threat Name] go to Threat." OSX/HackBack.A. ESET. 27 Apr. 2014 <http://www.virusradar.com/en/OSX_HackBack.A/description>. • "OSX/HackBack-A." Detailed Analysis. 19 June 2013. Sophos. 27 Apr. 2014 <http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OSX~HackBack-A/detailed-analysis.aspx>. • "OSX/Icefog-A." Detailed Analysis. 27 Sept. 2013. Sophos. 27 Apr. 2014 <http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OSX~Icefog-A/detailed-analysis.aspx>. • "OSX/Kitm [Threat Name] go to Threat." OSX/Kitm.A. ESET. 27 Apr. 2014 <http://www.virusradar.com/en/OSX_Kitm.A/description>. • "OSX/StealBit-B." Detailed Analysis. 20 Feb. 2014. Sophos. 27 Apr. 2014 <http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/OSX~StealBit-B/detailed-analysis.aspx>. • "Press Releases." Mac OS X MP3 Trojan horse threat overhyped, says Sophos. 13 Apr. 2004. Sophos. 27 Apr. 2014 <http://www.sophos.com/en-us/press-office/press-releases/2004/04/va_macmp3.aspx>. • "Threat Encyclopedia." OSX_CARETO.A. TrendMicro. 27 Apr. 2014 <http://about-threats.trendmicro.com/us/malware/osx_careto.a>. • "Trojan-Downloader:OSX/Jahlav.A." Trojan-Downloader:OSX/Jahlav.A. F-Secure. 27 Apr. 2014 <http://www.f-secure.com/v-descs/trojan-downloader_osx_jahlav_a.shtml>.

More Related