Malware might still only be a minor threat to Mac users, but adware continues to grow like a plague. The latest exploit comes in the form of a Trojan horse posing as a download utility.
The virus attacks a recently-discovered vulnerability specific to systems running OS X Yosemite. It modifies a file called sudoers, giving all users—including guests—the privilege to write files and install new programs without requiring a password. Once that’s done, it installs adware and junkware, opening the door to pop-up ads and other pests. It’s not exactly threatening, but it is irritating.
Luckily, adware seems to be the extent of the danger so far, and this is the first known exploit. Hypothetically, more malicious hackers could use the lack of password protection to install much more harmful malware, according to Malwarebytes’ Thomas Reed.
Apple has patched the vulnerability in the beta versions of Yosemite and its upcoming major release, El Capitan, but the update isn’t yet available for non-beta users. Until then, the best way to avoid it is to be cautious of what you download.
Does this look infected?
Once the virus has root permissions on the host computer, it runs the VSInstaller app, which in turn installs the VSearch adware. Typically, this adware turns certain words into hyperlinks or displays pop-up ads. If you think you might be infected, find instructions for removing it here.
The virus will also install a variant of an adware called Geneio and junkware dubbed MacKeeper, which you can find removal solutions for here and here, respectively.
Lastly, the virus directs the user to download the Download Shuttle app—a download accelerator and manager—on the App Store.
The flaw in Yosemite was first disclosed to the public by German researcher Stefan Esser last month. Esser has received some scorn for allegedly blogging about the vulnerability before alerting Apple.
The exploit reflects poorly on Apple, who created the zero-day bug when adding new error-logging features to Yosemite. Worse yet, Apple failed to act after being alerted to the vulnerability by another researcher who goes by the Twitter handle @beist prior to Esser’s release.
A bit depressing when you see someone releases bugs you also found but you keep quite as you reported it to vendor, you wanna be good. #fail
— beist (@beist) July 22, 2015
Now that the first known exploit is already spreading, Apple is left with little excuse as to why its users aren’t protected.
Esser created a software tool to protect against the exploit, but seeing as he was the person who drew adware scammers’ attention to the bug in the first place, not everyone trusts him. You can find his fix here, but be wary that it isn’t sanctioned by Apple.
Adware is becoming more and more prevalent on Macs because it often goes undetected by antivirus programs. In the 2014 Security Bulletin from Kaspersky Labs, nearly half of the top 20 most common threats designed for OS X were adware programs.
“As a rule,” the report reads, “these malicious programs arrive on users’ computers alongside legitimate programs if they are downloaded from a software store rather than from the official website of the developer.”
Once installed, adware adds advertising links in web browsers’ bookmarks, causes pop-up ads, and changes the default search engine, among other behaviors. Even if an antivirus program spots and deletes the original adware installer files, the infection will likely have already spread.
Try ExpressVPN for Mac for better Internet security and privacy.
Featured image: Vidady / Dollar Photo Club