Apple Machines Suffer from Infections with the Help of Reddit
Apples’ malware blacklisting system XProtect has been updated to block the bug which has caused an attack and possible infections on more than 18,500 Macs. The VPN would of course prevented such issue from happening.
Nevertheless, Doctor Web, Russian antivirus firm, last week uncovered the so-called iWorm. Oddly, the compromised machines were as well established trying to obtain instructions which helps to figure out which C&C (command and control) servers should be used by running searches on Reddit.
This iWorm brings to the machine more malware or even steals users sensitive information, once it is hooked up with the suitable command and control server and has opened a back door to get to work.
Graham Cluley, independent security researcher has stressed in his blog that this was not really Reddit’s fault as they did not do anything wrong as such. He also wrote that even if Reddit would terminate the accounts that were silently a part of botnet, the hackers behind this campaign still could not be stopped from using other services (such as Twitter) or just creating more accounts on Reddit itself to continue communication with the infected computers.
What that means is that Reddit wasn’t the one responsible for the infection – it was just ‘granting an access’ for the botmasters to the infected Mac computers by providing a platform to communicate with them. That is exactly why Reddit has not been able to really successfully prevent iWorm from spreading.
According to Dr. Web, statistically speaking, the botnet managed to claim 18,519 IPs by September 29 (all of those were unique) – however they were still not sure about how exactly this worm variation spreads itself or replicates. The majority of the machines were located in English-speaking countries. A quarter of these machines were located in the US and about 1,250 each in the Canada and UK – such numbers while being quite scary still probably could not be one of the biggest breaches of the month.
Just to remember the infection called Flashback which happened in 2012, infecting close to 600,000 Mac machines just via jeopardized websites that would contain exploits for Java flaws and fake Adobe Flash updates or installers, this bug is not that massive but still quite worrying due to it targeting Apple ecosystem and in its exponential growth.
Three different iWorm malware variants labeled OSX.iWorm.A, OSX.iWorm.B and OSX.iWorm.C are now being recognized by Apples XProtect software which was updated in order to combat this concerning issue.
Due to Mac malware being quite rare compared to Windows-focused parasites, Apples’ XProtect does not need frequent updates that are quite rudimentary already, addressing less than 40 threats. Still, updated machines should be protected from being infected by iWorm.