Hacked Off!

I have just been hacked. My bank told me to use an anti-virus software program so I used 'AVG'. It found 137 'threats' which it eliminated. My bank said I would be free to continue online banking. However I double checked it with 'AVAST' and found 242 more 'threats'.

I have to wonder what is really going on. Was I safe after the use of AVG and were all the AVAST threats real? Do other anti-viral programs 'think different'?

I believe almost all the viruses were PC specific and therefore benign to Apple equipment, but I was surprised to find so many. My hacker came from my attempts to get help from Canon to instal my new printer when I inadvertently acquired the wrong phone number from the internet and was assured I was speaking to the real company. I know, I should have been more careful.

I'm now very nervous of downloading software. When I get a prompt to update my browser or Flash Player, Java, Paypal etc. how can I be sure they are for real? Any advice gratefully received.

Paul Macbook Air, Yosemite

None of the AVs can clean up all of the malware from your system, or from any other systems for that matter. In my view, the best course of action at this point is to do a clean install of the latest OSX version that your Macbook Air supports. Here's the guidance from Apple Support for clean install OSX:

https://support.apple.com/en-us/HT204904

Prior to doing a clean install, backup your important data, pictures, etc. Even if you use iCloud, you may have data that the system never backed up to the cloud.

As for the future... Install apps that are digitally signed. If my memory servers me right, even Yosemite popped up a security warning if the app did not have a digital signature. In El Capitano, it's a manual override to install unsigned apps.

Also, do not login with an account with root access rights, use a standard user account for everyday tasks.

You should be a OK...

paultilling said:

I'm now very nervous of downloading software.

Click to expand...

I would advise you to just not download anything from a site you just discovered. Only download from sites you know are reputable.

Try to always download from a developers website.

And if there's any question about something...always check the internet address before clicking "download".

- Nick

Paul, probably 99% of those threats were in emails from Windows users. You may have picked up one or two from the dodgy websites, but most of them are in emails that get sent to you. Most of them are probably spam, too. There aren't any viruses for OS X in the wild at this time, so all that your AV software can find are Windows threats. Banks aren't very sophisticated about this, so they just issue a blanket "you must have A/V" decree. If my bank ever does that, I'll move banks. I don't want to do business with a technologically inept bank.

Download Malwarebytes for Mac which is reputable. As others said avoind dogey downloads, in particular anything from Softonic and CNET.


https://www.malwarebytes.com/antimalware/mac/

Uninstall AVG and try to access your bank. Most employ Windows 'experts' who know nothing about Macs in most cases.

Quote from MacInWin:

There aren't any viruses for OS X in the wild at this time, so all that your AV software can find are Windows threats.

Click to expand...

Virus, maybe, but there are malware for OSX:

http://www.pcworld.com/article/3092227/security/new-tor-powered-backdoor-program-targets-macs.html
http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/

I don't disagree that Mac has less, much less than Windows, but there are some. For all practical purposes, paultilling may have some of the above or other malware, all we know at this point. Telling him not to worry about "Windows threats and spam" could actually be the wrong message...

I read the two articles. Both clearly show that the malware requires the user to install, or permit to be installed, the malware. That's not a virus. Malware, sure, but not a virus in any sense of the word. To activate the first one you have to download a specific application--EasyDoc Converter--and install it. Given that the application doesn't come from a trusted source, the Gatekeeper will jump up to advise the user that it's not trusted. If he allows it to install, that's stupid. There isn't any defense from stupid. The other malware also requires the installation of the product, but this time it tries to masquerade as an image. But when you click on the icon, the application tries to run but again Gatekeeper blocks it. From the article:

The downloader is an unsigned Mach-O executable. Thus, if the file is downloaded from an internet browser and Gatekeeper is activated on the machine – the default in recent versions of OS X and macOS – it will not execute and display a warning to the user.

Click to expand...

Again, given that it's masquerading as an IMAGE, it doesn't need installing or running, so the Gatekeeper warning is a clear giveaway that it is not what it seems. Again, smart computing (keep Gatekeeper active, keep SIP in place, don't download from dodgy sources, keep Ghostery (or similar) in place to block hijackers and malwarebytes around just in case one gets through) and you should be MUCH safer than Windows. Again, still no viruses in the traditional sense for OS X in the wild.

We don't really disagree Jake, but...

First, paultilling may have installed some of the software prior to it becoming a known malware and published around the web. Either on his own and/or installed by the alleged "Cannon tech support".

You may not install apps that are not trusted, but others do. Are they taking risks by doing so? They certainly are, but that does not mean you should call these people names. Not everyone is educated/trained in computer security to follow the "basic security principals". Most people just want use applications and care less about the OS and its restrictions that prevents them to have the apps. They have no time and/or inclination to learn basic computer security and I can understand that...

Cr00zng, I won't disagree, much.

Mostly the issue I have is that antivirus software cannot find an OS X virus because none exist. So running AV software is only going to find Windows viruses that cannot impact OS X. And while there IS malware, if you use OS X as it comes, that is, Gatekeeper active and SIP enabled, plus reasonably safe surfing, just about all you have to worry about are annoying hijacks of your browser, and those can be blocked with Ghostery or cleaned up with malwarebytes app. The two most recent attacks to OS X both rely on the user permitting them to be installed. IF the user does that, without knowing what they are doing, then they are NOT being safe, period. Whenever you computer surprises you, you need to stop and think about what made it surprise you. Blindly pressing "OK" when you don't know what you are doing is, no matter how you look at it, stupid behavior.

My late Father-in-law could never learn NOT to click on "FREE" anything. And he was constantly getting whatever nasty was out there for Windows at the time. He would call me in because he never learned what to do about getting rid of the viruses he kept getting by clicking "FREE." That is, in a word, stupid. Not that HE was stupid, he was a very smart man, but his actions were stupid. And I would say the same thing about anyone who lets unknown software, from unknown locations be installed on their Mac when the OS itself is trying to protect them from just that behavior. Yes, there are naive users out there. And they do stupid things in that naivety. That's not meant to be calling them names, just describing their behavior.

I feel the same way about people who text and drive. Stupid. May be rocket scientists, geniuses, very smart, but stupid to text and drive.

Jake, I am glad that we won't disagree much.

If you manage Windows boxes, you may want to look at Malwarebytes Anti-Exploit, or MS EMET, in addition to AV. Both of them are free and do a decent job in blocking unknown viruses and malware.

You could also have a white list based protection for Windows. This is what my Windows box shows, when I open an unsigned file:



I develop websites on my Windows machine and it always pops up when xampp control panel is opened. Yes, I could exempt this program, just don't want to. WoodooShield might be too much for some people, albeit it can be configured to silently block unsigned files.

The default OS security, while matters, it certainly can be improved with layered protection. But you're correct... The end users are the greatest risk to computer security...

I also, just became aware of Malwarebytes Anti Exploit, about three months ago. Before that I was using HitMan Pro Alert and it worked well. I have it on all the Windows pc's in the house.

I no longer have any Windows machines for our ministry or in my home office, however, I have seen the Malwarebytes Anti Exploit app when going to their site and obtaining updates. Many of our members run Windows machines in addition to their Macs, so it's good information to know.

You should be ok with updating your mac with the intended software updates. Just make sure that the updates are legitimate, and actually from a reputable company. You should for sure educate your self on how systems are hacked. There are a plethora of hacking tutorials for windows and mac computers. Here is another on how a Mac is hacked in the first place. http://www.hackmac.org/