Macs Face New Threat with iWORM
One of the more persistent tech myths is that Macs cannot get infected. While past incidents have proven this to be untrue, there are still Apple users who feel that their devices are invincible.
Right on the heels of the Shellshock vulnerability comes yet another threat that specifically targets Mac users. Reports have come in that a botnet has infected thousands of computers running on Mac OS X. The malware, known as iWORM and detected as OSX_IWORM.A, makes a connection to a command-and-control (C&C) server. This connection will allow the malware to receive and perform different commands and routines. These may range from information theft to file download to configuration file changes.
One curious detail about this malware is its use of the popular site Reddit. The malware connects to Reddit and searches for specific posts in a category or “subreddit” that actually contain IP addresses belonging to the C&C network. Other sites have reported that the IP addresses included in the Reddit posts belong to compromised computers and are now unreachable.
We checked the activity of several IPs and found that some of these IPs were in fact highly active during the time of the period of infection. Some of the IPs experienced a noticeable spike in activity when comparing the months of August and September (when the infections began). For example, one IP address got more than 500% increase in terms of activity. Another IP experienced around a 200% increase.
This iWORM incident, along with the Shellshock vulnerability, should act as a wake-up call to Mac owners that they too need to protect their devices. Users should always take the necessary precautions when going online. Simple things like scrutinizing emails before clicking embedded links or downloading attached files can help prevent infection. Users should also limit their online surfing to known or reputable sites. Lastly, Mac users should also invest in a security solution that can protect their devices from threats such as the iWORM.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale