Those of us in the anti-malware industry spend a lot of time talking about financially motivated malware. For those of you reading this, that is what most of you are most likely to be affected by, as everyone has something of value to cybercriminals on their machine, even if it’s just using the processing power of the machine to send spam. However, there are groups of people that have much more to worry about – they’re also in the malware cross-hairs for political reasons. In these cases, it doesn’t matter what sort of machine you use. Malware authors will find a way to get to you, regardless of how rare it is for the general population to be affected on that OS, unless you take the threat seriously.
A recent article that quoted Seth Hardy of The Citizen Lab brought up an interesting point about threats that have been discovered for Macs over the past few months: There has been an increasing number of politically-motivated targeted attacks. Imuler, Tibet and Sabpab targeted Tibetan activists, and Crisis targeted Moroccan journalists. There is evidence that a lot of people who are in positions to be targeted have moved away from Windows, thinking Macs were malware-proof. Clearly, that’s not the case, and spyware continues to plague them.
Activists are increasingly becoming susceptible to malware attacks.
Malware authors have proven on every platform that if there is a “need” for malware (especially spyware), it can and will be created. Trojans and commercial spyware tools have even been discovered for Blackberries, which were ostensibly created with security in mind, for business applications. These spyware applications were created for cell phones as soon as phones started having the ability to run code – the more powerful the device, the more powerful the spyware could be.
It’s not significantly more difficult to develop malware for Macs, it’s just that there is less money to be had on Macs due to the smaller market share. The malware landscape of OS X often resembles sort of a malware writer’s value-add, creating an OS X version of an existing Windows malware kit. But if money is not the malware writer’s aim, if their end-goal is instead to spy on someone, a different OS version is not a significant hurdle.
Regardless of what computing device you’re using, you need to protect yourself. This can be of life or death importance if you’re involved with politically sensitive groups like activism or journalism. The same advice we’ve been giving for over a decade still applies:
- Don’t open attachments you were not expecting (no matter how scary or titillating their content may seem)
- Apply layered security – paranoia plus anti-virus software alone does not count. Be sure to encrypt your traffic and use a firewall in addition to employing anti-virus software and paranoia.
It’s unlikely that this surge in targeted attacks on OS X will decrease – the people sending these spyware tools have found success with the attacks, however limited they may be. If the attackers only need a few bits of information, the malware doesn’t need to be on a machine for long to be successful. Not every targeted attack needs to be like the Stuxnet or Flame trojans and lie dormant for years. If what you’re doing on your computer could be considered a threat to a government or state agency, your anonymity can be critically important, not something to simply be trusted to whatever protection may lie within the obscurity of your operating system of choice.