One in every five Apple Macs is infected with malware, according to a survey by security software firm Sophos.
And the malware on the Macs is a combination of both Windows and Mac threats, Graham Cluley, senior technology consultant for Sophos, said in an April 24 post on the company’s NakedSecurity blog. Sophos took a “snapshot” of 100,000 Macs that recently had downloaded the company’s free Mac antivirus software, revealing what Cluley called the “disturbingly high level of malware on Mac computers—with both Windows and Mac threats being discovered.”
Twenty percent of the Macs were carrying at least one—and sometimes more—instances of malware aimed at PCs running Microsoft’s Windows operating system, while 2.7 percent—or about one in 36 Macs—were found to be infected with malware targeting Apple’s Mac OS X malware.
“Although Windows malware on Macs won’t cause symptoms (unless users also run Windows on their computer), it can still be spread to others,” Cluley warned.
Sophos’ survey comes at a time of heightened awareness of Mac systems’ vulnerabilities to malware, thanks to the widespread infection of the Flashback exploit. The malware, which was first detected last year as a Trojan horse masquerading as an update to Adobe Flash, was found again earlier this year operating as a drive-by exploit, infecting systems of users who had surfed to malicious or compromised Websites.
The malware, which exploited a flaw in Java, infected more than 600,000 Macs—or more than 1 percent of all the Macs in use worldwide. Last week, security experts from Symantec and Kaspersky Lab reported that the numbers of infected systems were on the decline, but researchers from Dr. Web and Intego refuted those findings, saying the number of compromised Macs was still in the range of 650,000, despite a patch issued for the Java vulnerability April 3 and the host of free tools security vendors and Apple created to detect and remove the malware from Macs.
In addition, researchers with Mac security software vendor Intego said they have detected a new variant of the Flashback malware—Flashback.S—operating in the wild.
Macs have carried a reputation of being less vulnerable to malware than their Windows PC counterparts, but security experts are warning that as those systems—and other Apple devices, such as iPhones and iPads—become more popular, cyber-criminals will target them more.
“Sadly, cyber-criminals view Macs as a soft target, because their owners are less likely to be running antivirus software,” Cluley wrote. “Bad guys may also believe that Mac users are likely to have a higher level of disposable income than the typical Windows user. So, they might believe the potential for return is much higher. Some Apple fans might feel relieved that they are seven times more likely to have Windows malware on their Macs than Mac OS X-specific threats, but they shouldn’t be.”
Instead, he wrote, what “Mac users really need to do is protect their computers now (there really is no excuse, free antivirus software is available for Mac home users), or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.”
Of the OS X malware found on Mac computers, the Flashback exploit—called Fishplyr by Sophos—was by far the most dominant. Flashback made up 75.1 percent of the Mac malware found on the systems. The second most common malware was fake antivirus attacks, which accounted for 17.8 percent.
Cluley said malware can spread to Macs in a number of ways, from USB drives and email attachments to downloads from a Website and drive-by installations “where the user doesn’t realize their Mac’s security has been subverted.”
He also said that Mac owners have done “a pretty poor job” in keeping Windows malware off their systems.
“Amazingly, some of the malware discovered by Sophos on the 100,000 Mac computers sampled dates back to 2007, and would have been easily detected if the users had run an antivirus sooner,” he wrote.
The top Windows malware found on the Macs was Mal/Bredo, which Sophos officials said is a family of malicious programs sent out via spam and accounts for 12.2 percent of Windows malware found on Macs. The first Bredo variant was detected in 2009, followed by many other versions, and officials said it was still a threat. A variant was used this month in a malicious email campaign.
Cluley laid out some quick advice for Mac users, which included running an up-do-date antivirus program and keeping security patches—for operating systems and programs alike—up-to-date. He also warned Mac users to be cautious about the programs they install, links they click on and attachments they open, and to keep informed about threats.
“If you keep clued-up about security threats, you are less likely to be tricked by a cyber-criminal into making a poor decision,” he wrote.