A macOS malware discovered in April has found a new vector of attack, with people searching for software on Google finding malware presented as legitimate ads.
Probably because windows and Linux users aren’t searching for free Mac apps. While I agree that it would probably be difficult to implement an attack like this for Linux (partly because it’s Linux and partly because it’s userbase is generally more technically apt), Windows has been susceptible to viruses since the dawn of time because users just install random shit on autopilot and click through installers without checking what extra bloat is included (which is often malware disguised as an extra third party program). I don’t think I agree that this specifically is Apples fault. No one blames Windows or Linux distros for user error and poor security practices.
Google’s fault for not vetting the ads they let through? For sure. The users fault for not paying attention while installing the app and just clicking through the request to bypass Gatekeeper and then entering their system password when a pop up randomly asks for it for no discernible reason? Absolutely.
What should Apple do to fix this? Lock the machine down to the point where users aren’t allowed to have admin privileges on their own machine?
Actually it seems you may have made some mistakes in researching causes of viruses. Viruses have infected Windows machines more in the past as it is a larger target, there are far far more Windows users than Apple and Linux users by a large large margin which means you have a higher target for your attack. MacOS makes up about 7% of the operating system market at its peak and Linux hovers are 2-3% so planning a virus to affect one is not a great idea unless… Microsoft’s security started to become so strong that malware developers now have to seek the open vulnerabilities (see op). Since that’s not understood we can move on
As far as the article indicates the ad itself was not actually a Google fault whatsoever, it actually appears as a Google ad though. The malware itself is installed by other means entirely but the user themselves, the relation to Google here is that the malware already installed on the machine disguises itself as a Google ad. Really, honestly, read the article next time. This is 100% standard malware attack on an unprotected system.
I’m not sure where I said anything about the reason any of those platforms get viruses because you’re right, Windows was often more targeted because its footprint was massive by comparison (whole lotta end users out there, but also tons of domain controllers and enterprise systems running it) - I’m not arguing that.
AMOS itself is distributed in all kinds of ways including phishing, being bundled into crap no-name software, shady ads, tainted torrents, whatever. You still have to be tricked into downloading whatever it is that infects your machine with it.
As to this partially being Google’s fault, from the article itself:
The ads are legitimate and paid for but disguise themselves as the website or software the user is searching for.
In the given example, it sounds like the ad was for Trading View, a pretty popular stock market charting platform, but the ad itself took users to trabingviews.com and it looked like a clone or Trading View’s site or some kind of landing page that purported to be a download for a desktop client. In the Malwarebytes article I share below, the fake URL purporting to be Trading View’s website is actually tradingsview.com
I’m not exactly sure where you’re getting the idea that this was a fake ad caused by malware pre-existing. These are “legit” Google ads that are bought and paid for and not quality checked by Google before they display them.
Here’s the article directly from Malwarebytes, the folks who kindly did the write up the author of the above article is talking about:
My guy, I don’t know what you want from me. A Google ad is purchased in a legitimate manner, but the ad itself actually links to a page where you download malware.
You answered really fast, so you clearly didn’t read the actual source material I linked at the bottom - specifically the Distribution section.
It was already explained in the original article. It’s not what you want to believe but it is the actual situation and I’m not gonna spend forever writing a response because it won’t actually change the fact of you reading things
The “original” article is the one I linked - the one written by the actual security researchers at MalwareBytes who did the research on this malware and then provided the detailed write up (which is what security researchers do). The one shared in the OP is referencing that article.
But it’s all good. All you had to do was tell me you can’t read and I would’ve backed out of this thread like 2 responses ago. :) Have a great night!
Explicitly by the users negligence, same as any negligent user installing some freeware on windows and ending up with BonziBuddy and 34 search bars in their browser. Or alternately, by clicking “Ignore” on on an alert in their AV and proceeding with the installation anyway.
7% is percent market sale. Not sales. Mac’s have very rapid EOL as you can’t update to newer versions for reasons of revenue so you will so you will actually see more older PCs running than anything and with Mac’s declining sales you will see fewer and fewer as time goes on especially since Intel mac’s are losing support already
No, current Macs May have rapid EOL but prior to 2015 Macs were much more upgradable and lasted longer than comparable PCs. The 20% market share was during that period.
I haven’t been subscribed to this community for long. I feel every apple-critical comment gets downvoted a lot, suggesting this is more of an apple_blind_fandom than an apple enthusiast community.
Why can’t we critically object to elements of things we like? Thanks for your comments, I think adding nuance and counterarguments (in a respectful way) adds to this community.
This is a really poor example of a comment to highlight an apple bias. The parent commenter is objectively wrong on the topic; OSX security is similar to Linux security.
Thanks for pointing it out, I am a noob in technology so have no diea.
My point about a very strong bias still stands due to all kinds of experiences in the past though. As I said - I really think in general it is good to even be critical of products we are really fond of.
The problem is there’s nothing to criticize Apple about here. The notion that it’s Apple’s fault that people are writing malware targeting macOS is just as stupid as it being Google’s fault that people are writing Android malware. It comes across as misguided “I hate Apple”-ism that adds nothing of substance to the discussion and intrinsically can’t be discussed without it turning into some shit-flinging argument. (case in point: the 18+ comment chain that resulted)
That’s why those comments are downvoted: people are using the feature as intended to hide the visibility of low effort troll garbage. You’ll find there are plenty of threads here with people genuinely criticizing Apple and their comments are upvoted just fine.
Probably because windows and Linux users aren’t searching for free Mac apps. While I agree that it would probably be difficult to implement an attack like this for Linux (partly because it’s Linux and partly because it’s userbase is generally more technically apt), Windows has been susceptible to viruses since the dawn of time because users just install random shit on autopilot and click through installers without checking what extra bloat is included (which is often malware disguised as an extra third party program). I don’t think I agree that this specifically is Apples fault. No one blames Windows or Linux distros for user error and poor security practices.
Google’s fault for not vetting the ads they let through? For sure. The users fault for not paying attention while installing the app and just clicking through the request to bypass Gatekeeper and then entering their system password when a pop up randomly asks for it for no discernible reason? Absolutely.
What should Apple do to fix this? Lock the machine down to the point where users aren’t allowed to have admin privileges on their own machine?
Actually it seems you may have made some mistakes in researching causes of viruses. Viruses have infected Windows machines more in the past as it is a larger target, there are far far more Windows users than Apple and Linux users by a large large margin which means you have a higher target for your attack. MacOS makes up about 7% of the operating system market at its peak and Linux hovers are 2-3% so planning a virus to affect one is not a great idea unless… Microsoft’s security started to become so strong that malware developers now have to seek the open vulnerabilities (see op). Since that’s not understood we can move on
As far as the article indicates the ad itself was not actually a Google fault whatsoever, it actually appears as a Google ad though. The malware itself is installed by other means entirely but the user themselves, the relation to Google here is that the malware already installed on the machine disguises itself as a Google ad. Really, honestly, read the article next time. This is 100% standard malware attack on an unprotected system.
I’m not sure where I said anything about the reason any of those platforms get viruses because you’re right, Windows was often more targeted because its footprint was massive by comparison (whole lotta end users out there, but also tons of domain controllers and enterprise systems running it) - I’m not arguing that.
AMOS itself is distributed in all kinds of ways including phishing, being bundled into crap no-name software, shady ads, tainted torrents, whatever. You still have to be tricked into downloading whatever it is that infects your machine with it.
As to this partially being Google’s fault, from the article itself:
In the given example, it sounds like the ad was for Trading View, a pretty popular stock market charting platform, but the ad itself took users to
trabingviews.com
and it looked like a clone or Trading View’s site or some kind of landing page that purported to be a download for a desktop client. In the Malwarebytes article I share below, the fake URL purporting to be Trading View’s website is actuallytradingsview.com
I’m not exactly sure where you’re getting the idea that this was a fake ad caused by malware pre-existing. These are “legit” Google ads that are bought and paid for and not quality checked by Google before they display them.
Here’s the article directly from Malwarebytes, the folks who kindly did the write up the author of the above article is talking about:
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising
I think your should read again. You seemed to understand the parts separately but when they came together you got a bit confused
My guy, I don’t know what you want from me. A Google ad is purchased in a legitimate manner, but the ad itself actually links to a page where you download malware.
You answered really fast, so you clearly didn’t read the actual source material I linked at the bottom - specifically the Distribution section.
It was already explained in the original article. It’s not what you want to believe but it is the actual situation and I’m not gonna spend forever writing a response because it won’t actually change the fact of you reading things
The “original” article is the one I linked - the one written by the actual security researchers at MalwareBytes who did the research on this malware and then provided the detailed write up (which is what security researchers do). The one shared in the OP is referencing that article.
But it’s all good. All you had to do was tell me you can’t read and I would’ve backed out of this thread like 2 responses ago. :) Have a great night!
I mean, at the end of the day the malware is being allowed to install on the computer is it not?
Explicitly by the users negligence, same as any negligent user installing some freeware on windows and ending up with BonziBuddy and 34 search bars in their browser. Or alternately, by clicking “Ignore” on on an alert in their AV and proceeding with the installation anyway.
Your numbers are off. Apple was 7% of new computer sales but the install base was close to 20% because Macs last longer than PCs.
7% is percent market sale. Not sales. Mac’s have very rapid EOL as you can’t update to newer versions for reasons of revenue so you will so you will actually see more older PCs running than anything and with Mac’s declining sales you will see fewer and fewer as time goes on especially since Intel mac’s are losing support already
No, current Macs May have rapid EOL but prior to 2015 Macs were much more upgradable and lasted longer than comparable PCs. The 20% market share was during that period.
I haven’t been subscribed to this community for long. I feel every apple-critical comment gets downvoted a lot, suggesting this is more of an apple_blind_fandom than an apple enthusiast community.
Why can’t we critically object to elements of things we like? Thanks for your comments, I think adding nuance and counterarguments (in a respectful way) adds to this community.
This is a really poor example of a comment to highlight an apple bias. The parent commenter is objectively wrong on the topic; OSX security is similar to Linux security.
Thanks for pointing it out, I am a noob in technology so have no diea.
My point about a very strong bias still stands due to all kinds of experiences in the past though. As I said - I really think in general it is good to even be critical of products we are really fond of.
Care to elaborate on what OSX security and Linux security are?
The problem is there’s nothing to criticize Apple about here. The notion that it’s Apple’s fault that people are writing malware targeting macOS is just as stupid as it being Google’s fault that people are writing Android malware. It comes across as misguided “I hate Apple”-ism that adds nothing of substance to the discussion and intrinsically can’t be discussed without it turning into some shit-flinging argument. (case in point: the 18+ comment chain that resulted)
That’s why those comments are downvoted: people are using the feature as intended to hide the visibility of low effort troll garbage. You’ll find there are plenty of threads here with people genuinely criticizing Apple and their comments are upvoted just fine.
There have been issues with Apple bot army’s on lemmy just as they have on Reddit.
Rather ironic that your post is getting downvoted
It is, isn’t it? Glad that we need to worry about imaginary points even less on this site than on Reddit.