Apple updates Mac OS X malware definitions to neutralize ‘DevilRobber’ Trojan horse

Apple has updated the malware definitions in Mac OS X Lion and Snow Leopard to neutralize the “DevilRobber” Trojan horse which was discovered for the first time on November 1st by Intego, Italian-language site Spider-Mac reports.

If you try to install malware that’s on Apple’s Mac OS X XProtect.plist list, a warning appears, asking you to move the file to the trash. If DevilRobber was installed prior to November 1st, Mac OS X is able to locate, disable, remove, and restore any configuration changes that the trojan has performed. Once the damage is repaired, a message appears that the malware was removed,” Spider-Mac reports.

Read more in the full article, via Google translate, here.

[Thanks to MacDailyNews Reader “Stefano Donadio” for the heads up.]


  1. I was explaining to my wife last night the advantages of Mac OS X. As opposed to windows, and this was one of the main points, Apple’s security, and response to security issues as they appear. 6 days for this turnaround is rather remarkable.

  2. It is important to note this is an update to Apple’s malware definition, which, if you haven’t noticed, means Apple *is* running malware detection software at root levels of MacOS that can identify and remove such breaches, even in the event the user gives a Trojan authorization to install itself.

    With 98% of the world market, the number of attacks on Windows is far more than they can keep up with and still have a usable OS, hence the need for many private security vendors. Apple’s response time to deal with security breaches has been historically too slow but they often got away with it because: 1) the software installation process has been fundamentally more secure for decades, and 2) less Mac users (potential victims) mean fewer attacks.

    1. Wrong, number 2 is BS. It has everything to do with posix permissions and nothing to do with numbers.

      There are millions of macs in the wild, more than enough to run ddos attacks. Mac users are more affluent, so the potential identity theft is more tantalizing. There also isn’t a more high profile target to generate publicity through a successful virus.

      The fact is windows is a patchwork piece of crap security nightmare. OS X is not..

      1. “Millions”… Apple is closing in on selling 5 million Macs every QUARTER (likely to be exceeded this quarter). That means more than 20 millions Macs are being added to the “wild” every year. If that’s not an attractive target, what is…?

        But the story about the numbers has “some” truth. To me, it works like this. If a thief knows there is $1000 cash in a bank safe deposit box and $1000 in a gym locker, which one is going to be the target? And for every $1000 in a bank safe deposit box, there are TEN gym lockers with $1000. Does the thief even make an attempt at the $1000 cash in a bank safe deposit box?

        Even if Mac market share reaches equivalency with Windows, the “low hanging fruit” will still be Windows. Windows will continue to be the target, because it is easy. Mac OS X is hard. Why even attempt the “hard” when the “easy” is so numerous…?

        1. Agreed. Sure there is more money in the banks or in an armored car, but most thieves opt to break into a 7-11 where there ideas than $100. Better the easy $100 than millions that you have to fight for. Mac’s inherent security makes M$ the easier target, regardless of market share. iPhone, similarly is the most prolific singular phone out there, yet its secure ecosystem leads to zero instances of malware, unless it’s jailbroken.

        2. I think we are spitting hairs on “Millions” Which equals more than one, less than a billion.

          I don’t like the market share myth, it serves as a way to marginalize macs, and is foolishly clung to by windows bigots as if it somehow makes it better that windows has so many exploits. The whole premise offends me it is so lacking rationality. IMO..

          I’m OK with the argument that they go after the low hanging fruit (Windows) because it is easy, that is a reasonable assessment.

          The fact that there has been malware developed by russian organized crime, leads credibility to this argument. OS X does not have viruses because of the posix permission structure. Sure there are trojans, but they are easily avoided.

          Surely the mobsters have the resources to try to develop something. If they are stealing identities/financial information for criminal profit, one could imagine that Mac users would be a juicy target due to their affluent demographics. (More to steal) Yet it isn’t happening. That speaks volumes.

      2. Think about this for a second – If you were a hacker, virus writer etc., and you managed to get a virus onto a mac, you would be the hero of all hackers. So do not give me the % of mac users garbage is holding back the hackers. Fact is yes they can crack into windows easier – and I bet would love to be the one that can crack OSX… But cannot

        Thats why we have macs.

    2. Your #2 is irrelevant: You may want to look up the Witty worm–100% infection of a total worldwide population of about 12 thousand target systems in about 45 minutes. In addition, Mac users would be prime targets for both economically motivated and notoriety-oriented hackers.

    1. I think the point is that you don’t have to worry about it, or even think about it. The Mac takes care of it.

      The option to make your Mac do it is here (for Lion). System Preferences, Security & Privacy pane, General tab. There is a checkbox that says “Automatically update safe downloads list.” If it is checked, “pop up” description for the option (roll over it with pointer) says, “Checks daily for updates to the safe downloads malware detection signature list and installs new signatures if they are available.” So make sure it is checked.

    2. Launch from your Application/Utilities folder
      Copy this instruction into the Terminal window, after the $:

      more /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

      (It should have only one space, after the command “more”.)
      Press the return key.
      You should get a response something like this:

      Tue, 01 Nov 2011 16:56:54 GMT

      The date in the middle (“01 Nov 2011 16:56:54 GMT”) is the date of the most recent update to your list. The original article states that the most recent update was November 1. Your computer should check every day for updates. To force an update, launch System Preferences from the Apple Menu. Select Security -> General, then uncheck the box in front of “Automatically update safe downloads list”. (You may need to unlock the System Pref and provide administrator credentials.) Recheck the box and close System Prefs.

  3. Remember, Apple’s malware definitions call out program can easily be obfuscated by any good malware coder. It is worthless with advanced malware.

    We haven’t seen really good advanced malware yet, except maybe the latest bitcoin trojan. OSX has 1/3 more code the Windows and many pentesters have said OS X is only a hair more secure then Windows 7 after Lion. Leopard and Snow Leopard was swiss cheese to an advanced pentester.

    Security through obscurity, that is OS X Leopard and Snow Leopard in the real world. The sniper sights have not been laid on OS X yet. Only play time fun so far.

    1. Yes, because Macs are SOOOO “obscure” these days…

      > The sniper sights have not been laid on OS X yet.

      I actually “somewhat” agree with you. But you have it backwards. It’s NOT Macs being ignored because of “obscurity” (which is a ridiculous statement that only a moron would make in 2011). It’s Windows being targeted much more because it’s a much easier target, compared to Mac OS X. The hackers know it. If Mac OS X was easier (and profitable) to compromise and Windows was harder, you KNOW Macs would be targeted much more at the current level of “obscurity.”

      Security through obscurity? Real world evidence (lack of effective and successful malware) shows that Mac OS X is very secure. That is precisely why Mac OS X is not targeted as much as Windows. So in a sense, Apple enjoys the benefit of “security through Microsoft’s incompetence at security.”

  4. Apple went back to square one each time they developed a new operating system. Windows, on the other hand, just kept adding to and tweaking what they had. Windows 7 is just a hacked and patched version of Windows 98. With all the money Microsoft has they could at least design domething new from the ground up. Old school programer mentaliy breeds arrogance and obviously laziness.

  5. @ken1w

    Your wrong, maybe you need to start listening to professional pentesters to get a feel how the real world is and not just what a fanboy want’s “to feel” about his beloved OS X.

    Don’t get me wrong, I own 5 Macs 2 iPads and only have 2 BootCamps of Windows 7 to play with Malware.

    Pentesters will argue that both are so close now in total security robustness. Yes, Windows is secure, it just has the momentum of the status quo going for it. Plus 85% user base.

    You have SO MUCH momentum and brain power into Windows hacking and Windows still has 85% market share, why dick around with learning OS X when you have tens of millions of Windows users that are vulnerable. The hackers momentum is staying with the status quo.

    That is the reality, and only a moron would believe differently. It’s time you educate yourself on the real world of gray hats, black hats and stop listening to that clueless Mac security fanboy Derek Currie.

    Charlie Miller is one example of when you put the time in, you can exploit OS X at will. WAKE UP!

    1. It doesn’t matter what “professional pentesters” say or do. In the “real world” (not in some hacker lab), Macs ARE more secure. Why? Because there is FAR less malware that affect Macs. Why is there less malware for Macs, especially malware that actually causes widespread harm. Why are there no compromised Mac spambots or Mac-based botnets? Why are there no self-propagating Mac viruses, just lame trojans? I say it’s because Windows is a much easier target (compared to Mac OS X), and you can it’s because 5 million Macs sold per quarter (and growing) is still “obscure.” But, who cares?

      You can argue all you want about the technicalities, but it is a FACT that using a Mac IS a more secure experience. I don’t think even you would argue that point. I don’t have to buy an annual subscription to have my Mac protected from malware. I don’t even think about malware, except when I’m intentionally thinking about it (like right now). And THAT is priceless advantage of being a Mac user.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.