List of known Mac Viruses

h4lp m3

macrumors 6502
Original poster
Jun 29, 2011
430
22
New Orleans
No one here wants to hear this or admit it, but we are in the age of the MAC VIRUS and until we admit in, we won't be about to address it.

I am in IT and I have seen a 2000% increase in cases of clients claiming to have a Mac virus. While there's some discrepancy about the technical definitions of what is a "virus" and what is "malware", to the average user, pop-up windows, redirects, browsers hijackers and apps you can't delete constitutes as a "virus" in their minds.

I've seen it with my own eyes. This MacKeeper thing... Deleted it multiple times from the Application folder and keeps coming back. I don't care what you say about dragging the App to the trash, THAT DOES NOT WORK when it implants multiple files like MacKeeperATD into the Library folder which is now hidden by default. I would have never noticed if it weren't for a thorough inspection in the Activity Monitor.

I've seen Safari hijacked to no end where normal text on the page was converted to links and even Gmail.com was redirected to some bogus phishing site that wanted to steal passwords.

This isn't just me being an alarmist like so many in the past have freaked out at a couple of pop-ups, the Mac platform has grown so big that it's now a target... A big one. I think it's time to accept this fact and address it rather than ignorantly deny it. I used to get a call about once a year for this tye of thing, now I get them every day. As I was writing this, someone called asking if I could wipe their drive because they couldn't get rid of Advanced Mac Cleaner even after trying ALL OF THIS.

The pc guys keep detailed lists... Not of just the apps, but the system files, processes and dlls. Do we have anything like that for Mac? Not really. I google helperamc and didn't really find much information, but I'm sure it's part of Advanced Mac Cleaner.
 
Last edited:

h4lp m3

macrumors 6502
Original poster
Jun 29, 2011
430
22
New Orleans
Most of the things you mention...
You mean both of the things.
I'm not ready to pee in my pants yet
I wouldn't expect anyone to pee their pants, not even end-users.
The words I have written on the screen exist solely for experienced IT professionals and persons who want to actually CONTRIBUTE to a growing list of malware for mac, rather than deny it's existence.
 
Last edited:

Weaselboy

Moderator
Staff member
Jan 23, 2005
30,458
10,263
California
The pc guys keep detailed lists... Not of just the apps, but the system files, processes and dlls. Do we have anything like that for Mac? Not really. I google helperamc and didn't really find much information, but I'm sure it's part of Advanced Mac Cleaner.
Just judging by the number of new members on this site reporting malware/adware problems, I would agree with you it is more of a problem that in previous years. I think much of this is because of well known sites like CNet's download.com and others bundling adware in along with app installers.

The developer who wrote the malware/adware remover AdwareMedic (now MalwareBytes) has some trojan and malware lists at these two links that sounds like what you are after.

http://www.thesafemac.com/mmg-catalog/

http://www.thesafemac.com/arg-identification/
 

Ray Brady

macrumors 6502
Dec 21, 2011
291
252
I am in IT and I have seen a 2000% increase in cases of clients claiming to have a Mac virus. While there's some discrepancy about the technical definitions of what is a "virus" and what is "malware", to the average user, pop-up windows, redirects, browsers hijackers and apps you can't delete constitutes as a "virus" in their minds.
If you work in Tech Support, you should understand the value of using precise terminology. If you want to talk about Malware, you should say so in your thread title. As I'm sure you're aware, the most reliable way to combat Malware is by educating your user base. Insisting on such blatant falsehoods as "we are in the age of the MAC VIRUS" is just spreading disinformation, and will always be counterproductive.
 

mtasquared

macrumors regular
May 3, 2012
197
39
I don't think there are any viruses for Mac. There are however several vulnerabilities that have been proven to exist recently, with privilege escalation. You can acquire malware that exploits these by plugging in infected thunderbolt peripherals, or letting your Mac go to sleep under the right circumstances, for example. Apple is providing mitigation only for Yosemite and up. Considering how many users still want to use earlier versions of OSX this is execrable. You can read more here.
 

Queen6

macrumors G3
There is simply a great deal of denial about OS X and it`s security which results in false security for many, as they assume that all have the same usage and workflow, which is generally never the case.

As someone who relies on their Mac`s for a living absolutely yes OS X does require protection above and beyond what Apple offers, I see the same question, same rhetoric, over and over;

There are multiple reasons to run antivirus/malware detection on OS X especially if you are dealing with mixed environments. Passing on malicious code, even inadvertently will do you no favours in the professional world, let alone your family and friends. What does not hurt OS X may well bring a Windows based system to it`s knees. By far the vast majority of companies that you may potentially work with, or interact with will require a level of antivirus protection, regardless of platform.

You do need to be careful on the choice of application; perviously I ran ClamXav (now a paid app) as the app is extremely light and only looks in realtime at what you specify, equally time has moved on and ClamXav has remained rather static. I now use Avast. Same scenario no impact to performance with a greater scope of realtime protection. Does anyone seriously still believe that running Avast or ClamXav on today`s modern hardware impacts performance? The paid packages I agree are unnecessary on OS X, as the free alternatives are currently perfectly adequate.

Avast or ClamXav will have no impact on a modern Intel based Mac. To have a free, low headroom, accurate scanner and not utilise it, is somewhat stubborn at the very best. The retorts of AV being a resource hog, boils down to one thing, research; Avast or ClamXav will not bog your system down. If it does your system either has other inconsistencies that need addressing, or your hardware is so old it`s well and truly time to upgrade. On my Early 2008 2.4 MBP ClamXav is simply invisible, there is absolutely no degradation of performance, as for the Late 2011 i7 2.4 MBP, Mid 2012 Retina, 2.8 13" Reina and now new 1.2 12" Retina MacBook it`s completely transparent, as is Avast, same applies to the rest of the Mac`s we own, used both in the professional environment and at home.

I have literally decades of work on my systems, and have no intention of losing any data, or suffering any downtime. Antivirus is but one tool in a multilayered security safety net. Lets face it, if and when OS X is compromised it will spread like wildfire, as many fundamentally believe that OS X is invulnerable, then it will "be all over, bar the shouting". I am not entirely sure posts that overly reinforce this false sense of security are remotely helpful to the average user. Even Apple recognises the security threat, however the updates are too slow to be considered a truly preventative measure. As of OS X 10.6 your Mac is running anti malware like it or not courtesy of Apple`s xProtect... Virus/Malware gains traction by exploiting vulnerabilities on unprotected systems. I don't believe for one second that any antivirus/malware detection application is the single security solution for OS X, it is however one of many effective barriers.

I have never had a positive hit in all the years I have run drive scans with ClamXav and now Avast, equally I have observed malicious code blocked by Avast`s Web Shield. OS X is gaining ever more traction and it`s simply a matter of time before someone figures it out, thinking otherwise is simply naive. Avast and ClamXav cost me nothing monetarily, nor time in productivity. This is a safety net that costs little more than a few minutes of your time period.

A significant aspect for those of us who rely on our Mac`s for income is downtime; spending hours tracking down malicious code is simply a negative financially to me, as ever prevention is far more effective than cure. In the field should my hardware fail to perform due to a software issue, it can cost me up to and more than price of the Notebook in use, for everyday it`s down, the math is simple.

There are many compelling reasons to run Avast, ClamXav or similar, and few if any not too. Personal choices aside I fundamentally believe that suggesting that OS X is 100% safe to all and does not need such tools is very much a step in the wrong direction; not all are technically minded, neither do all users who may have access to systems follow safe computing rules and guidelines. The vast majority simply point and click to get to where or what they want, Avast or ClamXav simply serves as a barrier to protect those that are unaware, and some cases unconcerned, ultimately such safeguards protect the community as a whole.

Install, don’t install it`s down to you...


Q-6
 
Last edited:

Martin29

macrumors 6502
Nov 25, 2010
281
25
Quimper, France
Thank you for a well thought out and balanced response Q-6.

Vigilance is the keyword here and responsible use of our valuable machines. No need to be paranoid about anything, simply be aware that whatever you do when connected could expose you to unexpected and unwanted intrusions.
 
  • Like
Reactions: Queen6

Queen6

macrumors G3
Thank you for a well thought out and balanced response Q-6.

Vigilance is the keyword here and responsible use of our valuable machines. No need to be paranoid about anything, simply be aware that whatever you do when connected could expose you to unexpected and unwanted intrusions.
There are far too many arguments on this issue, with many splitting malicious code into multiple subdivisions simply too allow them to state OS X is 100% secure for their own purpose. Bottom line the hardware and what applications are installed adds up to the sum of the system and it must be secured...

Personally I don't worry as my systems are protected by user knowledge, multiple hardware and software barriers, I focus on my work and enjoy working in the OS X environment, as a result.

Q-6
 
Last edited:

MacFrag

macrumors member
Jul 24, 2015
66
22
The Netherlands
I have a little problem with people who use l33t speak. I do not take anybody serious who uses it because most of the ones who do have almost zero knowledge.

You are using leet speak in your forum name and use CAPS to get your point across. Also you claim to work in the IT/ICT sector to add more weight to your posts.

Next to that, you are clearly shouting that malware targeted at mac users either injected by website code or piggy bagged with an installer is a virus. You are shouting mac virus, yet all you describe in your post is malware behaviour.

I do not know for sure, there might be OS X viruses out there. But we need proof from trust worthy security researchers.
 
  • Like
Reactions: millerj123

h4lp m3

macrumors 6502
Original poster
Jun 29, 2011
430
22
New Orleans
Today I deleted a plethora of vmalware from a clients MacBook that were the hidden Library folder. Here's a few

  • com.TuneupMyMac.TuneupMyMac.plit
  • com.Genieo.settings.plist
  • com.Zipeg.appleowner.plist
  • com.installmc.global.settings.plist
  • com.installmc.settings.plist
 

Linuxpro

macrumors regular
Jan 31, 2015
174
4
Singapore
I think most of what is being described as "viruses" is more frequently DNS cash poisoning. Another, all too frequent attack is to place links behind words in HTML documents. More than one fool has been mis-directed to BonkofAmerica rather than BankofAmerica. It happens all the time.

Personally I keep the ip address of my bank on hand. I copy that into Safari. i never keep important links on any computer for any reason.
 

djtech42

macrumors 65816
Jun 23, 2012
1,429
49
Mason, OH
I still think that this is fear mongering at this point. Until we get a real virus for OS X, the only thing that has changed is a slight increase in trojan malware. I'm sure many of the people calling are mistaking some problem for malware. They get one popup and start screaming about viruses. The one scary thing I've seen so far was a trojan that got past the admin password.

The dangerous trojans are added to XProtect definitions, and the rate of new trojans doesn't seem to be too fast for Apple to keep up. I'm not saying that it won't be a problem in the future, but there's no emergency right now. UNIX-based operating systems are much better at preventing unwanted access to the system files.
 

Linuxpro

macrumors regular
Jan 31, 2015
174
4
Singapore
I have seen "virtual machine" escapes mentioned a few times in the press. Often they are associated with malware. The articles are usually nonsense, and very clearly written by a non-technical people. Anyone can be a journalist these days.
 

Queen6

macrumors G3
Apple does not always keep up, at times taking several months to patch known security exploits, and malicious code is ever evolving. All said and done, it`s important that one has a fair understanding of ones exposure to threat; usage, locations, networks, applications etc. Only then can you consider an appropriate security solution, as ever a multilayered approach will provide the best level of protection. Nor do you want to overly "lockdown" the system so that the user experience is compromised.

I still stand the same on AV, people need make their own informed decisions based on the perceived threat, user environment, network usage (open vs secure) etc. Being aware of the potential threat goes a long way to deriving the "Threat Model" and required solutions "if any" nor is AV the default solution for OS X rather more an aspect of a comprehensive solution.

I would also recommend that people consider installing Malwarebytes for Mac, as has been frequently stated malicious code is ever evolving and we as a community should equally be fluid. Malwarebytes for Mac is solely run by the user and has no persistent modules, unlike typical AV applications. The occasional scan will reveal if any installed/persistent commonly known Malware is present on the system and remove it.

One thing you can be assured of is malicious code is always on the move, latest from Thomas Reed - https://blog.malwarebytes.org/2015/08/ There are many security centric tools available that can help ensure our systems and community remain safe, as ever much will depend on peoples mindsets, perceptions, needs and requirements...

Q-6
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.