Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps

[gnasher729]

Seems to be a catch22 for Apple. The more successful and ubiquitous it becomes, the more it will be targeted by the nefarious. All the more so because of the statistical affluence of the user base. That's a shame.

"Statistical affluence of the user base" + downloading a cracked copy of a £2.99 app = deserving everything they get.

We say the same thing regarding side loading questionable apps with possible malware within Android. Yet people blame Android. See what I did there?

I can see what you did, and another attempt at badmouthing Apple fails. The thing is, there are perfectly fine and safe versions of these apps are on the App Store. And MacOS X has GateKeeper, which the user can set into the "very safe" mode where it only accepts apps from the App Store, or into the "safe" mode where it only accepts apps that have been code signed by developers known to Apple, and the "unsafe" mode where it accepts any app, but only after giving the user a very very visible warning. So the user had to: 1. Deliberately search for a cracked version of the app. 2. Set GateKeeper to the "unsafe" made. 3. Install and run the cracked version of the app, against two very visible warnings that Apple gives you.

 

[CausticPuppy]

Seems to be a catch22 for Apple. The more successful and ubiquitous it becomes, the more it will be targeted by the nefarious. All the more so because of the statistical affluence of the user base. That's a shame.

Apple is not being targeted.

People who knowingly and deliberately circumvent Apple's default protections in an effort to install pirated apps are being targeted.

Now, if this Trojan were showing up in Apps that are in the App Store, there would be a news item here.
But this is just normal every-day "pirated app contains something bad."

 

[Carlanga]

Tim Cook, masquerading as CEO, and other popular Mac tricks....

----------

Only trust this coin:

Image

Well the only thing I trust is gold no matter from where.

 

[Skika]

What I meant was...do not have faith in Bitcoin, have faith in the US Cent and Dollar...our currency is one of the most stable on Earth, and so many people don't give it enough credit. The dollar is recognized worldwide and trusted. It is solid and has a low inflation rate. Our dollar is worth something. And to me, Bitcoin is a fly-by-night.

Hehe yes yes goood goy! Only the fiat currency that the fed can create out of thin air is real! Dont worry about the fed being privately owned by secret shareholders, its in good hands with honest intentions is swear! We only print 85 billion a month and surely it has no impact on inflation or purchasing power! Trust the government not the free market hehe good good.


:
:
:>
:
:
:3
:

 

[WestonHarvey1]

Protocols don't have "lines of code".

 

[BlendedFrog]

But...but I thought everyone here at MR said that there wasn't a real piece of malware available for a mac and that there was no reason to worry. Isn't this evidence to the contrary?

What say you now?

 

[gnasher729]

Where does this talk about cracked software for OSX, I feel like I'm missing something ..

The user downloaded and ran software that they _thought_ was a cracked version of Angry Bird, trying to safe £2.99. Instead, they got a Trojan.

 

[thekeyring]

I think the point he's making is that even 10 years ago, hen Apple was < 5% share of all computers out there, selling a few thousand a year, Nobody cared to write anything that affected Apple computers and OSx.

Now that Apple computers are a household name, with a lot more sales and actually starting to penetrate the PC market in a measurable way, Their claim that Apple computers are infinitely more secure than Windows based PC's because of obscurity is starting to diminish.

We are seeing more and more OSx based attacks over the last year.

Yes, but obscurity wasn't what made OS X more secure than Windows, even though it helped a great deal.

I think we're a lonnnggg way from needing anti-virus software for Macs, in the same way Windows users need it.

 

[LaskoVortex]

Why bash him? I’m in the same boat but I want to say that it’s untraceable money. I personally don’t have an interest but this has been in the news for over a year now.

Because a forum is not sufficient to describe something as elaborate as bitcoin. It's a troll bait question.

If you are really curios, read https://bitcoin.org/en/how-it-works

Then, if you have questions or criticisms, post them at bitcointalk.com.

Otherwise, it's trolling and FUD.

Like this: Apple doesn't care about viruses. This article is proof.

 

[thekeyring]

But...but I thought everyone here at MR said that there wasn't a real piece of malware available for a mac and that there was no reason to worry. Isn't this evidence to the contrary?

What say you now?

The saying is still true 'Macs don't get Windows viruses'.

OS X is more secure than Windows, so even if the install base was 50/50 we have very little reason to worry.

 

[gnasher729]

But...but I thought everyone here at MR said that there wasn't a real piece of malware available for a mac and that there was no reason to worry. Isn't this evidence to the contrary?

What say you now?

I say that your claim of what people say on Macrumors is wrong. You are confusing "malware" and "virus". This app is a trojan, where the user has to go out of their way, by actively looking for pirated software, trying to install the pirated software, turning an important security feature of MacOS X off, and ignoring two severe warnings that MacOS X gives you. A virus on the other hand infects a computer without the user doing anything wrong. There are no viruses for MacOS X in the wild.

 

[LaskoVortex]

Protocols don't have "lines of code".

The bitcoin wallet is the reference implementation for the bitcoin protocol. Without the reference, you don't have a protocol. Ergo, the code of the bitcoin wallet defines the protocol.

http://en.wikipedia.org/wiki/Reference_implementation

(Lot's of learning here today!)

 

[CausticPuppy]

But...but I thought everyone here at MR said that there wasn't a real piece of malware available for a mac

Straw man. Find one example of somebody on MR saying that there's no malware for a mac.

and that there was no reason to worry. Isn't this evidence to the contrary?

What say you now?

No, it's not evidence to the contrary. It's just evidence that if you deliberately and knowingly go around OS X's protections (which have to be explicitly disabled, because they are enabled by DEFAULT), and then install cracked applications which are, by definition, modified from their original source, you are GIVING UP any expectation of security.

Once again, if you're unable to keep up-- IF YOU EXPLICITLY CHOOSE TO GO AROUND APPLE'S PROTECTIONS, you're ON YOUR OWN.

 

[Flood123]

Because a forum is not sufficient to describe something as elaborate as bitcoin. It's a troll bait question.

If you are really curios, read https://bitcoin.org/en/how-it-works

Then, if you have questions or criticisms, post them at bitcointalk.com.

Otherwise, it's trolling and FUD.

Like this: Apple doesn't care about viruses. This article is proof.

It isn't a troll bait question. I truly don't understand it and was hoping that someone would be kind enough to explain it. That's all. I'm sorry if i was misunderstood. Thank you for the link. I will educate myself and hopefully be able to contribute to the debate after reading it.

 

[Apple_Robert]

Those infected get what they deserve, (re: pirating software) in my opinion.

I think some here are trying to make this a bigger story than it really is.

 

[gnasher729]

I think the point he's making is that even 10 years ago, hen Apple was < 5% share of all computers out there, selling a few thousand a year, Nobody cared to write anything that affected Apple computers and OSx.

"A few thousand computers" was in 1977, the year after Apple computer was founded in 1976.

 

[FirstNTenderbit]

How is it a catch 22 for Apple when there are idiots going out to download pirated software because they're too bloody cheap to purchase a legitimate copy via the AppStore? That's like blaming Microsoft for some person downloading Creative Suite off a bittorrenting website then complaining that all their credit card information has been stolen and its apparently all Microsoft's fault.

Easy. Perception is often a commodity more traded than truth. Take the title of the thread: Bitcoin-Stealing OS X Trojan Now Masquerading as 'Angry Birds' and Other Popular Mac Apps

To the uninformed, OSX has malware. Full stop. Nothing in that title suggests pirated software. To the informed, it's more nuanced than that. Bolded portion of your comment: That happens here all the time. The blame goes to Microsoft, fairly or unfairly. Same with Android where the majority of the malware is in the unregulated corner of interwebs. Maybe I worded my comment poorly, but hopefully you get the gist of what I am saying... or trying to say.

Evidence of the uniformed:
Originally Posted by BlendedFrog View Post
But...but I thought everyone here at MR said that there wasn't a real piece of malware available for a mac and that there was no reason to worry. Isn't this evidence to the contrary?


This is what I am talking about.

 

[Antares]

I have to wonder why you can buy a $1,000 Apple computer, but you can't buy a $5 game.

Those people deserve it. Mining your own money, but taking someone else's? No excuse.

What Apple computer are you getting for only $1,000?

 

[Flood123]

Why bash him? I’m in the same boat but I want to say that it’s untraceable money. I personally don’t have an interest but this has been in the news for over a year now.

Thanks man. It is appreciated. It was an honest question. I was just hoping for an explanation as to what bit coin is. I don't get the concept. The link he posted in a later post should help. It's just a shame the link pointing me in the right direction couldn't have come first without the negativity attached to it. Such is life in a forum I suppose. It's hard to gage intention in written word alone I guess. People typically gravitate to the worst case scenario.

 

[WestonHarvey1]

The bitcoin wallet is the reference implementation for the bitcoin protocol. Without the reference, you don't have a protocol. Ergo, the code of the bitcoin wallet defines the protocol.

http://en.wikipedia.org/wiki/Reference_implementation

(Lot's of learning here today!)

Ridiculous semantical argument. There are protocols, and implementations of protocols. One is abstract, the other is concrete.

 

[Flood123]

It's an alternate currency used for purchasing goods or services online. It's weird to think about it, but by having a "middle-man" currency can afford you certain benefits.

Thank you man. That absolutely helps me understand it a bit better. I'm going to read up on it. I am curious because i hear the term thrown around often.

 

[Alenore]

So...

People downloading softwares with viruses on windows = Windows is terrible at security.
People downloading shady apps on Android = Android is terrible at security
People downloading softwares including viruses on Mac = That's not a security issue, people are just dumb.

Sure.

 

[LordVic]

Yes, but obscurity wasn't what made OS X more secure than Windows, even though it helped a great deal.

I think we're a lonnnggg way from needing anti-virus software for Macs, in the same way Windows users need it.

oh, I agree. Windows 7and 8 have really clamped down on what made XP and earlier so easily targeted, but the sheer volume of Windows in the wild still makes it a pretty large target.

MOST users of any platform shouldn't need any Anti-virus. unfortunately, no matter what platform people are on, doing stupid things will lead to problems.

 

[Shrink]

So...

People downloading softwares with viruses on windows = Windows is terrible at security.
People downloading shady apps on Android = Android is terrible at security
People downloading softwares including viruses on Mac = That's not a security issue, people are just dumb.

Sure.

You might want to check on the difference between a virus and a trojan.

Just a suggestion to avoid further embarrassment....

 

[LaskoVortex]

Ridiculous semantical [sic] argument.

Huh? You originally raised the issue of semantics by taking issue with my use of the word "protocol". If you don't want semantic arguments, don't start them.