Viruses, worms and Trojans have probably done as much for Apple’s ascendancy in recent years as any single advertising campaign. Talk to any recent defector from Windows and invariably the security issue will be among the reasons for making the switch. Compared to the patch-obligatory PC experience, a war zone of zero-day exploits and encrypted Trojans, the Mac world is a walk in the park, it seems. While Mac users are blissfully unaware of malware their neighbour’s PC has no doubt been commandeered by Russian gangsters, or worse, by the Chinese military preparing for a cyber invasion on Parliament at 0100 hours.

Unfortunately, the cybercrime wave has caught up to Mac users in recent months. It was only a matter of time…

“Mac is still a safer place to be than Windows by a long stretch,” says Graham Cluley, senior technology consultant at Sophos.

“But, the truth is, financially motivated hackers are targeting Mac users like they never have before,” he said, adding that he expects Mac-specific security threats to escalate over the next year. In the past, Mac exploits were written by researchers for the purpose of threat-modelling. The occasional piece of Mac-specific malware would circulate online, but it never travelled very far and never attracted the interest of profiteering hackers who were too busy plundering PCs. That has all changed within the past few months.

In November, Mr Cluley said, the most sophisticated exploit yet specifically targeting Mac users emerged in the form of a piece of malware called the “OSX/RS Plug.” The RS Plug, a type of Trojan, employed all the latest gimmicks to ensnare its prey. It embedded itself on friendly looking websites, where an errant click by the Mac user would infect the computer. Once inside the victim’s machine, the Trojan would do the usual nasty thing, sniffing out valuable personal details on the hard drive. RS Plug was written by a prolific hacking group called ZLOB, an outfit that specialises in Windows exploits and have infected hundreds of websites with this piece of malware, Mr Cluley said.

RS Plug is not on anybody’s ‘top five threat’ list, but its emergence is still significant. If financially motivated hackers succeed in fleecing Mac users with their exploits, more and more Mac exploits will be written in the future, the thinking goes. Call it a proof-of-concept. If Mac users prove as vulnerable as their Windows brethren you can bet the hacking gangs will diversify to reach this emerging market.

“Mac users need to get their head out of the sand and say to themselves there could be more serious threats I need to watch out for,” says Mr Cluley, himself a Mac user.

Web security specialists are not well liked by the everyday computer user. Their job is to identify all the risks involved in being connected, all the websites we shouldn’t visit, all the e-mail attachments we shouldn’t click on. It’s a sermon we don’t want to think about when we’re chatting with friends, checking e-mail or leisurely surfing the web. I understand, fellow Mac user, your instinct to dismiss Mr Cluely’s tip as hot air, a ploy maybe to sell more anti-virus software. (I also understand that Mac users are truly the most stubborn creatures on the planet who snarl at any suggestion that there could be a flaw in an Apple product).

As a Mac user myself, one who made the switch last year, I too would like to think this is a threat that will pass. After all, Mac users are more sophisticated. We wouldn’t unknowingly install some dubious code or fall for a too-good-to-be-true phishing scam, unleashing a global contagion. Would we?

Of course one of us would. And that’s the worrying part. It just takes a few stumbling Mac users to put us all in harm’s way.

Well now, you’ve been warned. Your invincibility shield no longer exists. Your Mac is only marginally more secure than your neighbour’s PC. I know this is all very hard to swallow. But there is some hope yet. There is still time to put the genie back in the bottle. If we stay clear of dodgy e-mail attachments and websites the hacking gangs will ignore us and concentrate solely on the tens of millions of PC users out there. Mac users, don’t be stubborn this time.

---

Bernhard Warner, a freelance journalist and media consultant, writes about technology, the internet and media industries. He can be reached at techscribe@gmail.com