News

Security issues hit Apple as new OS X released

Warwick Ashford

Researchers have confirmed the existence of new Mac malware just hours before the release of Mountain Lion, the latest version of Apple's OS X operating system.

Within hours, researchers at security company Sophos also confirmed an iOS app in Apple's App Store was found to contain malicious Windows executable files.

The iOS malware was initially found by a user of the Apple Support Communities discussion board who downloaded an app called "Instaquotes – Quotes Cards For Instagram" from iTunes, but his antivirus software alerted him that it contained a worm, identified as Win32/VB.CB by Microsoft.

"Initially thought to be a false positive, it turned out that there was Windows malware embedded inside the app," wrote researcher Joshua Long in a Sophos blog post.

He said it was likely the infection was caused accidentally by an infected developer's computer. Because the malware cannot run on a Windows PC without first being extracted from the iOS application package, it is unlikely to have caused any damage to users' systems. Apple withdrew the app from the Apple App store. 

"Perhaps what's most disappointing about the discovery of Windows malware inside an iOS app is that Apple doesn't seem to have conducted a simple virus scan as part of its app vetting process," Long wrote.

"Just extracting all files from the package, and scanning them with anti-virus software, would have prevented the Windows malware from getting into the iOS App Store in the first place."

Earlier, Sophos researchers announced that the Morcut Mac OS X malware, also known as "Crisis", had been distributed as part of a multi-platform attack, designed to hit  Windows and Mac users.

After analysing a sample of the Morcut malware, researches said it was embedded in an archive file that appeared to be Adobe Flash Player.

According to Sophos, the threat, which has not yet been seen in the wild, is complex.

When run on an OS X system, it drops multiple components, reconfigures system settings and installs a backdoor and rootkit combination that connects to a remote server and waits for instructions from malicious hackers.

When run on Windows systems, a version of the Swizzor malware is installed instead.

"Analysis of this malware is ongoing, but Mac users are protected right now if they are running a good, up-to-date antivirus," said Graham Cluley, senior technology consultant for Sophos.

"The good news is that this threat has not been seen in the wild so far, but we are seeing increasing evidence of cyber criminals exploiting the fact that many Mac users have still not got the message that they need to protect their computers.

"There is much less malware for Macs than there is for Windows, but that doesn't mean it's non-existent. If Mac users are too laid back about security and leave their bellies exposed, they're asking for trouble," said Cluley.

SophosLabs experts are continuing to analyse the Morcut malware and warn that, even if the threat does not break into the wild, the techniques it uses could be deployed by other malicious hackers in the future.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy