The Truth about Macs and Viruses

Contrary to popular belief – and despite Apple’s best efforts – Macs are not immune from malware like viruses, worms, Trojan horses and ransomware. However, malware on Macs is not as prolific as it is on Windows machines.

The aim of malware is to spread to as many machines as possible, and because malware is essentially just malicious software, it is coded to run on a specific operating system. The motive behind many malware attacks is profit, and since Apple hold a much smaller market share of computer and laptops than Windows, Mac users have benefited from “security by minority”. As of February 2019, Mac operating systems are installed on only 9.65% of desktops and laptops, compared with the 87.56% that run Windows; Linux accounts for 2.14%. From 2009 to 2017, however, macOS has more than tripled. It’s not just consumers who are switching to Macs either. Many businesses, particularly creative ones, use Macs for their work, and Google now predominantly uses Macs in their offices. You can see, then, why Macs are becoming a more attractive option for malware developers.

One of the earliest examples of malware targeting Mac users was in 2006, when the Trojan horse known as Leap or Oompa Loompa started to spread. Spread via the iChat instant messaging service, Leap’s code was hidden in a file named latestpics.tgz, which purported to contain screenshots from OS X 10.5, the next operating system at the time. When the compressed archive is expanded, the Leap malware installed itself on the host system. The malware immediately attempts to spread itself by sending the image file to everyone on the user’s iChat contacts list. To make matters more complicated, the host user won’t know, since there is no activity on their end. Then, Leap will begin infecting Cocoa applications via an InputManager installed in your user directory. Leap wasn’t a particularly sophisticated form of malware, in that it only prevented some applications from being opened, and relied on users actually falling for the trick in order to be launched.

Since Leap, frequently dubbed the first Mac virus, there have been several notable viruses targeting users of macOS. In 2016, a DoS (denial of service) attack known as Safari-get began targeting Mac users via a link hidden inside what appeared to be a genuine Apple tech support email. The link then loads a malicious site, and drafts hundreds of emails with the subject “Warning! Virus detected! Immediately call Apple Support”, and a bogus phone number. The sheer quantity of draft emails causes the user’s Mac to run out of memory, seize up, and force them to phone the bogus number, where unsuspecting victims may part with their card details. Safari-get affected Macs running OS X 10.9 through to 10.12, and was fixed with the 10.12.1 update which warned the user if a website was trying to compose an email.

While the WannaCry and Petya ransomware attacks exclusively affected Windows machines back in 2017, there are some examples of ransomware that target Mac operating systems. In 2016, the KeRanger ransomware affected more than 7,000 unsuspecting Mac users via an infected version of Transmission, a popular BitTorrent client. The infected image file was signed with a legitimate developer certificate, so it didn’t trigger any security warnings either. KeRanger encrypts more than 300 file types such as .doc, .docx, .csv, .jpg, .mp3 and .zip, using RSA and RSA public key cryptography. All files in the /Users folder are encrypted, as well as those in the /Volumes folder, highlighting the importance of having a backup of your data that isn’t always connected to your Mac.

Check out our guide to protecting the data on your Mac for some tips on how to avoid potentially costly malware attacks.

Mac Viruses