Macs Don't Need Antivirus, Right? Maybe Not Anymore…

Discussions about Mac computers requiring antivirus or anti-malware software are typically quite terse -- most feel that antivirus software for Mac computers isn't necessary, though it's not a bad idea per se.

Even among professionals in the cyber security industry, there is very little use of anti-malware software. I don't have any survey to prove this (nor do I feel the need to even search for one) -- I see it every day working in San Francisco. One of the products I manage, MetaDefender Endpoint Management, is designed to monitor endpoint security compliance, especially the presence of antivirus products on workstations. When telling people about the product, they often say, "Oh this is pretty cool and I can definitely use it for my Windows workstations, but I personally have a Mac, I don't really need antivirus right?" My answer used to be a confident, "Not really, especially if you keep your system and software patched. Scan any suspicious downloads and attachments with MetaDefender Cloud and you'll probably be fine."

Even if someone did manage to get their Mac infected with malware, it was usually just adware (again, no stats to back this up, just my own observations). They would then need to figure out what malware they had and then hit up Google for removal instructions. A little bit of time lost and frustration but no serious damage.

Some of the more exotic exploits like Thunderstrike 2, while definitely more serious than adware, wouldn't even be detected or blocked by anti-malware software, so that's not a good reason either.

Now I think things are starting to change. I was reading the Security Affairs blog and saw that a few days ago a Brazilian researcher, Rafael Salema Marques, published a proof of concept (PoC) ransomware for Mac OS X called Mabouia. The video shows a Microsoft Word file (.docx) being opened and instantly the personal files on the device are encrypted with 32-rounds XTEA encryption. And while 32-rounds of XTEA isn't perfect, this is just a PoC and the level of encryption isn't the point of the demonstration.

While watching the video, you'll notice that when the user executes the weaponized Word file, they aren't prompted for their username and password. No super user rights are required for the malware to do its damage. If the user places value in their personal files, then the malware doesn't need to look beyond the current logged-in user to wreak havoc.

Video Credit: Rafael Marques

I'm not saying this PoC of Mac ransomware is the first horseman of the OS X security apocalypse. I don't expect to see code like Mabouia enhanced into a self-replicating Mac ransomware infection that can wipe out an entire school district anytime soon, but with reports showing that CryptoWall 3 may have grossed over $325 million USD, it's naive to think someone isn't thinking about how to profit from the over 60 million Mac computers out there.

In the past, my advice about using anti-malware software on a Mac used to be based on the fact that the repercussions of an infection weren't severe. But, I would think that the prospect of a $387 (1 BTC) ransom is a pretty convincing reason to install anti-malware software with real time protection on a Mac.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.