PoC malware bombards OS X users with pop-ups


Security researchers have discovered proof-of-concept (PoC) code for an adware program that targets Apple's OS X operating system.

The program - named iAdware - installs itself through a feature in the operating system (OS) that allows system libraries to be installed, but doesn't require user permission to do so, according to researchers at F-Secure.

"We won't disclose the exact technique used here, it's a feature not a bug, but lets just say that installing a system library shouldn't be allowed without prompting the user," researchers posted on the company's weblog. "Especially as it only requires copy permissions. An administrator could install this globally to all users," it continued.

The Finland based company tested the PoC and found that it automatically launches a browser window each time the user opens an application. This could be used by hackers to bombard people with unwanted pop-up advertisements based on data gathered from the adware.

Mikko Hypponen, F-Secure chief research officer, said that while criminals continue to target Windows users, the Mac is becoming an increasingly attractive target for hackers.

"This proof-of-concept example was made by a known security researcher to highlight Mac vulnerabilities, but other malicious parties may be interested in exploiting it," he said. "We have yet to see adware and spyware that targets the Mac for financial gain. But, the Mac is not 100-percent safe; sooner or later we will see adware that targets Mac users. We have already seen viruses. Nevertheless, in practice you are still more secure using a Mac online - at the moment."

Because this latest program installs onto the computer without permission, this could lead to an increase in silent hacking attacks, according to David Frazer, F-Secure director of technology services.

"For a long time now Mac users have had the feeling that malware is only going to the PC market. This could potentially open the risk for scams that Mac users never see," he said.

Apple did not return requests for comment.

This posting from F-Secure comes at a time when other PoC code has been released for OS X, reigniting the debate of whether Apple's OS is less vulnerable to malware attacks than Microsoft's.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.