Proof of concept Mac OS X adware debuts

Hackers have created a proof-of-concept sample of adware that targets Apple Mac OS X users called “iAdware” by anti-virus firm F-Secure.

Kamil writes for F-Secure:
We recently received a proof-of-concept sample of an adware program. Normally that wouldn’t be worth blogging about, but in this case it’s for Mac OS X. In theory, this program could be silently installed to your User account and hooked to each application you use… and it doesn’t require Administrator rights to do so. We won’t disclose the exact technique used here, it’s a feature not a bug, but let’s just say that installing a System Library shouldn’t be allowed without prompting the user. Especially as it only requires Copy permissions. An Admin could install this globally to all users.

The result: This particular sample successfully launched the Mac’s Web browser when we used any of a number of applications.

This is easier to do than with Windows. After all, it’s a Mac.

“The malware is notable for its rarity rather than its threat value, which remains minimal. There’s hundreds if not thousands of ad-ware packages floating around that are capable of infecting Windows users with intrusive pop-up software that impairs system performance,” John Leyden reports for The Inquirer. “iAdware is the first such application for Macs that we’ve come across.”

Full article here.

[Thanks to MacDailyNews Reader “Dirty Pierre le Punk,” “RadDoc,” and “Fred Mertz” for the heads ups.]

37 Comments

  1. Calling it specifically adware doesn’t seem accurate. That sounds like a security hole that should generally be closed. While it could be used to launch a browser, and PRESUMABLY direct that browser to a specific sight, calling it Adware diminishes the threat.

    Apple should take steps to control this ASAP and not do their typical silent act in relation to this one.

  2. Well thanks to these morons, and other morons like them I am sure they will release how this occurred, and instead of TELLING APPLE they will tell some idiot spammer.

    It should be illegal to release malware information to ANYONE but the manufacturers of the software.

    These people think they are doing something good for the world? The only thing they should do is tell apple directly and not ever tell the public.

    Fools…

  3. I agree with theloniousMac. Apple should be very open about these issues, recognise them and even give a timetable or actual status of the solution proces. Secrecy is this area will certainly harm Apple and does not make sense.

  4. well folks, if I am reading right what was blogged this is not a real threat, not at all.
    one needs Admin privileges to install a System Library (the iadware) and THEN it can do its damage. They are not saying that the System Library itself can get installed without a warning or asking for admin password. All they say is that AFTER it is installed it can go about doing its thing behind your back.

    easy then, do not install anything coming from an unknown source.

    (mw:rest) as in rest assured they’ll keep posting alarming headlines on OS X malware, maybe someday they’ll hit one, but it is not this one

  5. I still don’t see the fun in all this Adware and Virus stuff..

    Can ANYONE explain what the use of it is???

    It’s like the nice people who key your car & slice its tires.

    They do it because it’s easy, and to just be general assholes.

    Since real Mac OS X malware has been impossible so far, we get this crap.

  6. It can only affect one user. if you log out and log in as another user , that user is unaffected.

    It doens’t install a “system library” it installs only in the users home directory.

    And without a registry to manually redownload it can’t reinstall itself. so once you delete it it’s gone.

    The wost case is if it changes it’s own owner to root or admin, and then all it takes is to

    su rm dumb/adware/filepath/name and enter the admin password.

    it won’t take special tools that only sometimes work.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.