During installation, the package asked the user for his or her administrative password, which the adware then used to gain root privileges and create a new, hidden system account that could install more software. Likewise, OSX/Pirrit, the insidious piece of adware that Serper detailed in his presentation, came with purportedly cracked versions of Microsoft Office or Adobe Photoshop found online. (Apple has patched macOS against all the individual pieces of malware described here.) The last came bundled with a well-known scareware product. Two of them, including the first (and so far only) example of Mac encrypting ransomware, had been written into corrupted versions of the BitTorrent application Transmission.Īnother pretended to be a document converter. Rise in macOS MalwareĪt least four major pieces of Mac malware discovered in 2016 used social engineering to get into the system, Wardle said. None of these protections will stand up to a good social-engineering attack, in which the Mac user is duped into installing malware and, if necessary, granting it root privileges. Wardle said both he and German Mac-security researcher Stefan Esser had found several bypasses to this protection, not all of which had been fixed. Then there's System Integrity Protection, which restricts access to the root account, the highest level of system control.
