Spliwave? Mac OS

Silver Sparrow Security firm Red Canary discovered malware targeting Macs equipped with the M1 processor. The malware is dubbed Silver Sparrow, and uses the macOS Installer Javascript API to. MacOS malware includes viruses, trojan horses, worms and other types of malware that affect macOS, Apple's current operating system for Macintosh computers. MacOS (previously Mac OS X and OS X) is said to rarely suffer malware or virus attacks, and has been considered less vulnerable than Windows. There is a frequent release of system software updates to resolve vulnerabilities. From the Apple menu  in the corner of your screen, choose About This Mac. You should see the macOS name, such as macOS Big Sur, followed by its version number. If you need to know the build number as well, click the version number to see it. Which macOS version is the latest?

(Redirected from Mac Malware)

macOS malware includes viruses, trojan horses, worms and other types of malware that affect macOS, Apple's current operating system for Macintosh computers. macOS (previously Mac OS X and OS X) is said to rarely suffer malware or virus attacks,[1] and has been considered less vulnerable than Windows.[2] There is a frequent release of system software updates to resolve vulnerabilities. Utilities are also available to find and remove malware.[1]

History[edit]

Early examples of macOS malware include Leap (discovered in 2006, also known as Oompa-Loompa) and RSPlug (discovered in 2007).

An application called MacSweeper (2009) misled users about malware threats in order to take their credit card details.

The trojan MacDefender (2011) used a similar tactic, combined with displaying popups.

In 2012, a worm known as Flashback appeared. Initially, it infected computers through fake Adobe Flash Player install prompts, but it later exploited a vulnerability in Java to install itself without user intervention. The malware forced Oracle and Apple to release bug fixes for Java to remove the vulnerability.

Bit9 and Carbon Black reported at the end of 2015 that Mac malware had been more prolific that year than ever before, including:[2]

  • Lamadai – Java vulnerability[3]
  • Appetite – Trojan horse targeting government organizations
  • Coin Thief – Stole bitcoin login credentials through cracked Angry Birds applications

A trojan known as Keydnap first appeared in 2016, which placed a backdoor on victims' computers.

Adware is also a problem on the Mac, with software like Genieo, which was released in 2009, inserting ads into webpages and changing users' homepage and search engine.

Malware has also been spread on Macs through Microsoft Word macros.

Ransomware[edit]

In March 2016 Apple shut down the first ransomware attack targeted against Mac users, encrypting the user's confidential information.[4] It was known as KeRanger. After completing the encryption process, KeRanger demanded that victims pay one bitcoin (about US$400 at the time, about US$51,801.90 as of February 18, 2021) for the user to recover their credentials.[5]

References[edit]

  1. ^ ab'Mac OS X Malware details'. Retrieved 2015-03-12.CS1 maint: discouraged parameter (link)
  2. ^ ab'2015 Mac OS X Malware'. Retrieved 2016-03-21.CS1 maint: discouraged parameter (link)
  3. ^'Lamadai Mac Operating System Attack'. Retrieved 2016-03-21.CS1 maint: discouraged parameter (link)
  4. ^'Mac OS X Attack March 2016'. Retrieved 2016-03-07.CS1 maint: discouraged parameter (link)
  5. ^'Apple Shuts down First ever ransomware'. Retrieved 2016-03-07.CS1 maint: discouraged parameter (link)


Retrieved from 'https://en.wikipedia.org/w/index.php?title=MacOS_malware&oldid=1020847585'
Learning has never been so easy!

Spiceworks has a tough time identifying and scanning Apple devices running OSX if Spiceworks is not configured to scan with an Administrator account, if your Mac does not have Remote Login (SSH) enabled, or if your Mac's firewall is blocking SSH access.

Use these steps to get your Mac properly configured:

4 Steps total

Step 1: Create an Administrator account

From the System Preferences page, select Accounts. Click the + button in the bottom left to add a new user.
-
Be sure to select 'Administrator' in the 'New Account' dropdown.
-
Note: To make this easier, use the same Account name (username) and password for each one of your Macs.

Step 2: Enable Remote Login

From the System Preferences page, select Sharing. Check the Remote Login checkbox, and be sure to 'Allow access for' either All Users, or only the new Administrator account you created in the previous step.

Spliwave?

Step 3: Configure the OSX firewall

From the System Preferences page, select Security. Click the Firewall tab, and ensure the Firewall is 'off'.
-
The OSX firewall is off by default. If the firewall is on, click the Advanced... button and ensure you have Remote Login (SSH) listed as 'Allow incoming connections'. Also be sure 'stealth mode' is not checked. This ensures Spiceworks can ping your Mac, and use SSH to scan your Mac on port 22.

Step 4: Configure Spiceworks to use your new Administrator account

You're ready to rescan! Be sure you have Spiceworks configured to use the new Administrator username and password we setup in step 1 above.

Spliwave Mac Os Download

You will need to complete these steps on each Mac device on your network if Spiceworks is not finding all of your Macs.
-
Remember, to make this easier use the same Account name (username) and password when configuring each one of your Macs.

References

  • Apple - About Remote Login, OpenSSH
  • Apple - Allow a remote computer to access your Mac

15 Comments

Spliwave Mac Os Update

  • Jalapeno
    wehttam Jan 14, 2014 at 03:15pm

    Have you had any trouble adding OS X Mavericks to your scan?

  • Ben.B (Spiceworks) Jan 14, 2014 at 05:48pm

    Haven't had any reports - if you do have a problem with a Mac running Mavericks we'd like to hear about it, though! Could you post up here? http://community.spiceworks.com/topic/new?forum_id=2

  • Pimiento
    dennis.wurster Aug 29, 2014 at 08:43pm

    This works fine, but I can't recommend turning off the firewall. Better to allow incoming connections for SSH while the rest of the firewall is intact.
    The 'OS Kernel' field on the scan reports is useless to Mac Adminstrators, though. As of this writing, it lists a value of 'Darwin 13.3.0'. This is accurate, but is not valuable. We need the version of the System, not of the Kernel. System Version values would report '10.9.4' instead, for example. I've submitted a question/topic via Ben.B's link above. Would love to submit a feature request, but I'm not sure where to do this.

  • Ben.B (Spiceworks) Aug 29, 2014 at 09:09pm

    Thanks for the feedback Dennis. I think the firewall is disabled by default in OSX (at least that was my thinking when I wrote the steps) - I agree, though, its better to open up access through the firewall for just SSH, instead. I'll open up a feature request internally on the OSX version for ya.

  • Pimiento
    DannoJB Apr 1, 2015 at 08:39pm

    Struggling a little to get my head around root access required, shared across the estate that is then opened through ssh to a spiceworks server potentially hosted in the cloud... doesn't seem safe?

  • Ben.B (Spiceworks) Apr 1, 2015 at 09:47pm

    Hi Danno, typically you run scans using Spiceworks on a local network, rather than from the cloud. Administrative (root) access is required to run some of the SSH commands we execute to collect the various information we pull into Spiceworks for you.

  • Pimiento
    JHamel Jun 19, 2015 at 05:03pm

    I've used this method and it works, but the company I work for has approximately 40 other macs, and I do not want to go to each one manually. Is there a way to automate this process/perform remotely?

  • Ben.B (Spiceworks) Jun 19, 2015 at 08:00pm

    It looks like this should be possible using Configuration Profiles. Here's some info on that: http://training.apple.com/pdf/wp_osx_configuration_profiles_ml.pdf and https://www.apple.com/support/osxserver/profilemanager/

    I haven't done this before, but it looks like OSX Server has an app called Profile Manager that allows you to create configuration profiles, which can then be deployed to your Macs.

  • Anaheim
    jddj Jun 24, 2015 at 06:07pm

    Any update if you can enable remote login thru OSX profile manager, that is the only thing i'm missing. If not possible, anybody knows how to push a script to be run by macs during start up, just to start the ssh service

    Thanks

  • Ben.B (Spiceworks) Jun 24, 2015 at 06:16pm

    Hey guys, if you don't get any replies on this here from other Apple experts you might be able to get a reply by posting in the Apple group here on the Community. Surely someone out there is using profile manager... https://community.spiceworks.com/hardware/apple

  • Anaheim
    Jason Rasmussen Mar 23, 2016 at 07:45pm

    I have multiple Macs on premise, and this has worked in the past, but with the new El Capitan I cannot get Spiceworks to scan it.

  • Ben.B (Spiceworks) Mar 24, 2016 at 08:34pm

    Hey Jason, I just retested/confirmed with 10.11.4 (El Capitan), and this tested out ok. Once I enabled 'Remote Login' (SSH) in Settings > Sharing, I was able to manually login via SSH using my admin credentials. I ran a scan with the same credentials and got a good scan - so we should able to scan them for you. If you're having trouble getting your Macs scanned in we can help you sort it out - just email us at support@spiceworks.com. :)

  • Poblano
    Dave MacMedix Nov 23, 2016 at 06:53pm

    I just started with SpiceWorks, and my network has mostly Macs. Because there is no DC, I went to each Mac, (via remote control screen sharing which was already enabled), added a new admin account in Users & Groups, gave it admin privs, then opened the Sharing System Preference & enabled 'Remote Login' allow it for only this 1 new account.
    Older Macs, like OSX 10.4 aren't as selective, they either have Remote Login on or off, they can't enable SSH for just selected accounts. SpceWorks seems not able to scan the even older G3 Macs running Mac System 9. (Yes, there are some still pre-OSX Macs in play, they just keep going - Since the 1990's!).

    If you don't give Admin privs to this account, SpiceWorks will still get some info, but not all the great info you'd like to have.

    As for the account password, you have 2 choices.
    Use the same username AND the same password for all machines. OR
    Use different usernames and different passwords for each machine.
    What does NOT work is to use the same username and different passwords for each machine.

    I did run into one problem; You must not enable Remote Login on a SFTP server. That is a conflict on port 22 (probably after you reboot) and only 1 service will win. You probably want your SFTP server to serve SFTP, so leave that alone. If you really want to scan your SFTP server, you could disable the SFTP service, enable SSH Remote Login, scan it, disable SSH, and launch the SFTP server again.

    I don't know that an agent would be any easier, (I actually don't know) but if it could run on an unused port (not 22) that would be nice.

  • Ben.B (Spiceworks) Nov 23, 2016 at 08:22pm

    Thanks for the response, Dave. I don't think we've done any testing with pre-OSX. Sorry that doesn't work. Its pretty cool that you still have some of them running since the 90's!

    We are working on a Mac agent (currently in testing) that might help for the machines where you have an SSH/SFTP port conflict. Look for an announcement on that in the coming months. :)

  • Pimiento
    Deskue Feb 24, 2019 at 04:33pm

    Hello All,

    Trying to scan a Macbook running Mojave and SW says that the device was scanned but still only giving me basic information like device name.