How to prevent Mac malware – don’t steal
The latest Mac malware to attract attention should be seen as a poster child for what life is like outside of Apple’s curated App Store model – and also as a warning that if you want something for nothing, you’ll eventually end up with nothing.
You’ve always known:
Don’t steal software
Just don’t.
Don’t steal music, movies or books, come to that.
You’re not launching a revolution if you insist that creative people shouldn’t be paid, you’re just adding yet another layer to the exploitation all working folks endure.
So don’t do it – or you might end up installing something that wrecks your computer, steals your data, or – as in the case of the latest malware attack – turns your Mac into a cryptominer, consuming all your processing power and devouring your bandwidth.
Which isn’t a good thing.
And certainly bad for you, right?
BirdMiner is coming to get you
The latest malware release is called OS X.BirdMiner and was identified by MalwarebytesLabs this week.
They have an extensive blog post describing what the software does.
The first thing it does is disguise itself inside a cracked installation file for the highly popular Ableton Live music production software.
Then, when someone who wants to use Ableton Live without paying for it downloads the cracked installer, it installs a few additional surprises – two tiny Linux emulators/applications that quietly mine crypto on your machine.
“Obviously, this malware provides a solid example of why piracy is not a good idea. If you’re engaging in piracy, you’re likely to get infected, even with antivirus software installed. Like a railing on a bridge, antivirus software can protect you, but it’s much less effective if you’re actively jumping the rail and engaging in risky behaviour,” said MalwareBytes.
In other words, piracy is risky.
There are other risks. I think this one looks more fun:
A small target zone
Now, the attack surface for this malware is pretty slim – people who want to use Ableton Live, don’t want to pay for it, but are familiar enough with the wild web to find and install this installation.
The key is they don’t want to pay for it:
- Even though there’s a free trial version of the application you can download legitimately from the developer.
- Even though it offers 40% student discounts.
- Even though the introductory version only costs under $100.
Though I guess free usually beats fee.
And not everyone has the cash they need to even start to imagine their dreams.
Which seems a pity in terms of all that lost but locked-up potential. And not everyone wants to get into using Apple’s quite powerful and also free music creation software, GarageBand.
All the same, this particular crack can only really reach a small number of people.
Which isn’t to minimize it, just to point out that the target zone is limited.
We’re in bandit country
Of course, downloading malware, keyloggers and passcode watchers is path of the course outside of Apple’s platforms.
You know that’s true, right?
The wild west web remains alive and well and millions of people seeking apps for (another smartphone brand I won’t mention today) run the risk of encountering such nasties every time they download software from a non-curated app store.
Which is one of those points at which open doesn’t really seem any better than closed.
Perhaps it never was:
“If you built a chaos factory, you can’t dodge responsibility for the chaos,” as Apple CEO, Tim Cook, said.
But the truth seems to be – if you are a Mac user and you come across software that purports to be free, always – always – check where it came from and check the file name in your search engine and social media feeds.
Though someone always needs to fall first to things like this.
Don’t let it be you…
I don’t want it to be you.
If it looks too good to be true, it isn’t
And if you are downloading something that usually costs cold cash for nothing, then why not take a few moments to check for genuinely free alternatives?
As the consequential cost of downloading what seems to be a “free thing” may be way higher than the money you’re not saving in the first place.
Apple’s Steve Jobs used to say that stealing music was “bad Karma”.
It’s the same with software.
(And banking — though many think today’s bank robbers live behind the counter).
And while karma (like wealth) is far from equally shared, some rules remain the same no matter which suits you wear:
If it looks too good to be true, it isn’t.
Don’t steal.
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.