Last week on my Mac: a new surge in malware?

I don’t think that I can ever remember another week in which two new varieties of malware for the Mac have been announced. The first was worrying, and the second brought that sickening feeling that perhaps our halcyon days are behind us. Has OS X (or macOS) finally become the new target for malware?

First it was Backdoor.MAC.Eleanor, then the following day OSX/Keydnap. Neither of them sounded particularly alarming, but coming in such quick succession seemed very worrying.

Backdoor.MAC.Eleanor (or OSX.Backdoor.Eleanor) seems to be the more prevalent at present, and that is hardly widespread. It has probably been around since March or April 2016, and although Bitdefender Labs reckons that it was available “online from reputable sites”, it doesn’t seem to have been popular. MacUpdate made it available on 16 March 2016, and it was pulled from there on 5 July 2016 once it had been recognised as being malware. Over that period, MacUpdate records that it was only downloaded 117 times, some of which may have been to obtain a sample as malware. It did not, of course, make it into the App Store.

Neither does it show signs of particular sophistication. It is a simple Trojan which runs scripts packaged using a simple freeware utility. It doesn’t appear to exploit any deep or new vulnerability, although the backdoor which it opens is certainly very serious.

Keydnap seems to get onto Macs as an attachment to a spam message. Although it uses a couple of fairly basic tricks if you inadvertently open that attachment, it cannot work its way past Gatekeeper, so cannot normally get run from a web download. It seems to have been around since May 2016, but if it is delivered in spam it is very hard to estimate how well established it has become. Internally it is more sophisticated than Backdoor.MAC.Eleanor, although it doesn’t seem to exploit any worrying vulnerability in El Capitan, for instance.

The astute and careful Mac user should never be at any significant risk of getting ‘infected’ by either. If you check your inbox critically, and don’t download and run unknown apps, you should never come near either Backdoor.MAC.Eleanor or Keydnap.

The danger in both is that most of us have times when we may not be so critical, careful, or astute. But your primary defence against both of these malware products must be in your behaviour. You should not abrogate responsibility for protecting your Mac to any software product, no matter how trustworthy it might seem. Had you done so back in June, for example, before anti-virus products were updated to protect against these, you could be very worried that your Mac might have been attacked by either, or both.

Over the period between the release of these malware items and the present, your best software protection would have been Objective-See’s free BlockBlock, which should have detected and blocked both. While you are on that site, be sure to download and install protection against ransomware, in the form of RansomWhere?, which will detect and stop malware from locking your files away.

Because neither of these malware products exploits any internal vulnerabilities in macOS (or OS X), the security improvements coming in macOS Sierra are unlikely to do anything to address them. They both rely on getting the user to activate them, and to invite them to take their Mac over. They are thus good examples of malware which could only really be prevented by locking down macOS more like iOS, and removing important features.

If you genuinely feel that you are struggling to cope with the likes of Backdoor.MAC.Eleanor and Keydnap, then I suggest that you ask yourself whether you would not be better using an iPad Pro than a Mac. There will always be threats to Macs, because of the features in macOS which many of us need. If you want someone else to protect you from all that, then iOS is probably the way to go.

The good news this week is that new versions of macOS are still steaming ahead. El Capitan 10.11.6 betas are progressing well, and we should expect the final release in the coming week or three. Whether or not it will prevent so many Macs from freezing is another matter. macOS Sierra seems also to be coming along steadily, according to the brave who have been prepared to start working with it. If you want to learn more about it, MacFormat is carrying a lot of information.

We have plenty to look forward to this autumn/fall.