Malware on Mac OS

My computer was acting strange, for example even though I had Google set as my search engine in Safari, it would always use Yahoo instead. I finally decided to run a Malware scan from Malwarebyes. This found malware and removed it. The computer is working much better now. But I’m concerned that the computer is forever compromised. What is the best course of action at this point? Should I reformat the hard drive and reinstall Mac OS or is that too drastic?

BTW, when I told my son about this, he admitted to installing some kind of Flash update when he noticed the computer acting strange after that. I’m surprised malware was able to infect the computer this way. His account is not an Administrator, so I thought that would protect the OS. But I guess not.

I’ve seen this on some family and client machines. These little bits of malware are rally just changing some files in your user folder, which should be more difficult in Catalina. I trust MalwareBytes; if it says it found everything I think you’re probably good to go.

It’s a good reminder to only install things like Flash from the source (Adobe, in this case), not some unknown website.

6 Likes

If you have Flash installed on your Mac… there are 2 places you should update it from.

  1. Visit the Adobe website directly, not from a link, to get it.
  2. System Preferences > Flash > Updates > Check for Updates and follow the prompts.

I would also encourage people to clear their Browser History.

Uninstall Flash or at least set it to auto update and never click the “update Flash now” button that pops up on a website.

Malwarebytes is good. But my experience is that Sophos catches more.

Be very critical about browser plugs inn’s and the default page of your browser set to some other site.

Today I encountered an other interesting thing on 2 computers in the same household. In the System preferences I found two profiles installed that had no business of being there ad looked very suspicious. An other “fun” one is a suspicious proxy server set in the Network preferences…

1 Like

Yes, I had the proxy server problem too. Malwarebytes removed that too.

1 Like

@ismh I still don’t understand how my son’s account without admin permission, could download malware that effected Safari on my account. From what I understand from the security model, a non-admin account can only install software that runs in their limited user space. It should not be allowed to effect an app like Safari systemwide. Am I wrong about that?

Maybe he hopped on while your account was logged in.

Unintentially installing something bad in a web browser can happen to the best of us. The criminals have become very good at attacking Mac users :hot_face:

1 Like

Good point, I try to go to the login screen or put the Mac to sleep when I walk away, but I’m sure there have been times when I didn’t.

How do you quantify that? And why the affiliate link? Not that Soohos is bad, but not really an unbiased opinion when using affiliate links…

Chill please you are benefitting from free advice. Also are you still listening to MPU after all they advertise!

A possible way malware gets on your system is through “privilege escalation” exploits. These types of exploit will allow the malware process to run as Admin or root. I’m not aware that any exist in a fully patched macOS, but that is no guarantee there isn’t a zero day exploit out there.

That said, Flash itself should be identified as malware, and it really needs to die.

1 Like

It’s not advice when you use an affiliate link. It’s an ad.

On MPU ads; it’s THEIR podcast. It’s cool dude. Just trying to understand what you meant by finding “stuff”. The affiliate link explains it…

I remember arguing with people 10+ years ago that the Mac security model is better than Windows because it uses Unix under the hood. Looking back on it now, that’s not really true. Windows was vulnerable because it had a huge install base vs the Mac. Now that Apple is so successful, the Mac has become a bigger target and is just as susceptible to malware as Windows is.

iOS is safer because the App Store prevents most (all?) malware from getting installed. Having a review process and a kill switch is what is necessary to prevent malware.

Hmm I think the Mac was certainly safer then MS windows PC’s. Meanwhile Windows has become better and Mac OS has become more interesting for bad guys. So the margin has of vulnerability has become smaller.
So far Malware on the Mac is still “limited” to the browser to steal info and implant plugins for pushing ads.
Spoofing the user is the biggest oportunety for the bad actors. The user is always the weakest link…

On the app store there are unfortunately many apps that spy on the user. While not a virus or malware corrupting the iOS operating system. But it does archieve the goal of spying on the user to collect and sell the information about them.

1 Like

That’s a good point, but on iOS you still have control over the apps. If I think an app is spying on me, I can delete the app and be confident it is gone. For this Safari exploit, I couldn’t do anything until I installed Malwarebytes and scanned the system and it removed the software.

Absolutely right. To bad its hard to tell on iOS if an app is spying on you neither is there an other app or service to detect this. Only option is to snif the entire network traffic going in and out of the iOS device and analyze the data.

So, I downloaded to give this a whirl… I’ve never used Virus/malware software… I try and stay smart on the internet etc… How important are these things to have? I am fine with dishing out the 36/year if the general consensus is that it’s needed. Also, I remember the scare tactics that these types of programs slow down your computer… Thoughts??

Thanks for the feedback

I never believed in it and always told my clients we dont need it. Until I was more or less forced to crank up the protection for some of my bigger target clients. One of them was under an ongoing tread.

So I researched and interviewed the various solutions and ended up with Sophos firewall and their endpoint protection.

Seeing what is detected and blocked on the network by the firewall and the things found after the first scan of the endpoints (Macs) opened my eyes and made me realize that we do need protection.

Please note that the endpoint protection first runs a regular scan and later a deep scan. Make sure you schedule at least once a week a deep scan!
It might find things during the deep scan. For example it was finding things in the Time
Machine backup on my NAS! These were “just” malicious email attachments and not active programs but still remarkable!

Unlike other anti virus software Sophos doesn’t just rely on a library of known bad stuff. It actively searches for suspicious behavior of applications and data traffic.

The good news is that unlike other AV software Sophos doesn’t effect the performance of your Mac at all. Neither does it annoy the user with all kind of BS. It just sits
there quietly doing its job. Occasionally giving the use a small notification that it took
care of something and no further action is needed. Sometimes you have to manually delete a file (usually an email attachment).

The firewall (hardware) keeps an eye out for patterns in the network traffic. Sophisticated hackers don’t exfiltrate at lot of data at once but try to disquise it in many small instances witch makes it blend in with the rest. The XG firewall and its (expensive) subscription software looks for this.

Hope this helps

Rogier

Typed on an iPhone…

1 Like