Remote Access Torjan (RAT) - fearmongering or actual threat?

Discussion in 'Mac Basics and Help' started by Bubwell, Oct 24, 2016.

  1. Bubwell macrumors newbie

    Joined:
    Oct 24, 2016
    #1
    Hello! Hopefully someone can shed some light.

    I'd like to ask if those Remote Access Trojans that articles write about are actual threat or just panic mongering.
    http://www.pcmag.com/article2/0,2817,2456683,00.asp
    https://www.intego.com/mac-security-blog/adwind-rat-malware-everything-you-need-to-know/
    https://www.intego.com/mac-security-blog/new-mac-spyware-discovered-osxdockster-a/

    And this garbage that contains some other trash
    https://www.intego.com/mac-security...re-and-vulnerabilities-what-you-need-to-know/

    Is paranoid user like me who is interested only in basic apps and ones I want from outside App Shop are VLC, GIMP and LibreOffice, don't go to porn and so on, no torrents, would it mean I can breath easy?
     
  2. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #2
    The latter, while a threat - they still need to be installed, executed, ask for the root pass, etc. The architecture of macOS is different at the kernel level and file system level, than say Windows.

    Don't call yourself paranoid. cause you're being smart, preventative and cautious. There's a difference.

    Human behavior is usually the problem. And I do not mean that people are stupid. Well, they are as well. But for example. It's harder for people of age to distinguish between one email over the other, a popup or a real thing.

    Use unique, strong, and long passwords for every account you have. Store this data securely with a respectable app that doesn't share your private keys with others, or on their own service (like 1Password), and backup the best you can.

    If your behavior of not clicking on "just click it, you know you want to, i am not a scam" emails is a habit, and not installing "but it says it speeds up my internet!" apps and fall for things that are too good to be true. Together with using the mac app store, licensed software, etc.

    Then you're not protected, but you damn sure are a lot better protected than those who do not.
     
  3. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #3
    The risk is certainly present, but there is no need for panic. Thomas Reed, a respected security blogger around here, wrote a blog post about Adwind this summer, which you might want to check out. Dockster is also not new. If you are interested about this, you should pay attention to his blog to stay in the loop. The go-to program for some peace of mind is Malwarebytes Anti-Malware (also made by Reed), which you can use regularly to check your system.

    Avoid plugins such as Java and Adobe Flash if you can, acquire software from trusted sources (avoid sites like MacUpdate, Softonic), do some basic research if you are interested in a program, keep your system up to date (make sure that security updates are installed automatically), make sure that Gatekeeper is enabled, don’t open links in emails or open attachments from unknown sources, use an adblocker with a malware blocklist and have a healthy portion of skepticism, especially when programs ask for credentials. There are some other things you can do to increase the security of your system, such as using a standard account for your day-to-day usage.
     
  4. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #4
    Don't forget that Apple also has GateKeeper which it can silently upgrade.
     
  5. Bubwell thread starter macrumors newbie

    Joined:
    Oct 24, 2016
    #5
    Thank you for your reply!
    You mean that I'm not protected, but it is best that can be hoped?


    Thank you very much!
    Standard account for every day usage would mean that if something gets in, it is unable to get to the main system that is behind admin account?
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #6
    It is basically another layer of defence. Standard accounts cannot use programs like sudo, cannot change many system and device configurations and cannot install programs into /Applications. When you use a standard account for your regular use, then you can limit the admin account to system configuration and application installation. Many programs can actually be installed in your home directory, you just have to create a directory ‘Applications’ there yourself. Whenever you do need more access, OS X will ask you for your admin account name and its password, making you more aware of the privilege separation. It is almost never required to log into the account.

    I must stress though that programs can still compromise your data. Any program you run yourself can do this (unless sandboxed, like Mac App Store applications), so having a standard account will not protect you against such threats.
     
  7. EwuDahela macrumors newbie

    Joined:
    Oct 26, 2016
    #7
    Sorry for troubling, but I can't seem to find answer that if there is some sort of RAT in Mac, will Malwarebytes detect it?
     
  8. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #8
    I don't have the answer to that. I don't use that software.
     
  9. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #9
    Yes, Malwarebytes Anti-Malware for Mac should be able to detect infection by all known RATs and remove the malware.
     

Share This Page