Skip to main content

OS X iWorm botnet has spread to more than 17,000 Apple Macs worldwide

A Russian security firm has highlighted a new piece of malware which has struck some 17,000 Macs across the globe.

The Mac computer and OS X platform is often viewed as a secure haven, particularly when compared to the threats aimed at the far more widespread Windows, but Mac users are treading a thinner and thinner line if they view their machines as impervious to security threats.

Related: Almost one in ten Android apps infected by malware

The security company, Dr Web, wrote a blog post about the malware Mac.BackDoor.iWorm, which it discovered last month. It has infected and built up a botnet of more than 17,600 Macs as of the last week of September, and it gives the attacker remote backdoor access to the target machine, allowing for various commands to be issued to a wide range of potential ends (from further malware infection of the host, or swiping data, through to spreading infections to other Macs, spamming and so forth).

Dr Web states: "Criminals developed this malware using C++ and Lua. It should also be noted that the backdoor makes extensive use of encryption in its routines. During installation it is extracted into /Library/Application Support/JavaW, after which the dropper generates a p-list file so that the backdoor is launched automatically."

Another strange twist with this malware is that once in place, it attempts to hook up with the hackers' command servers using info secreted away in Reddit posts.

Related: WikiLeaks releases copies of FinFisher 'weaponised surveillance malware'

The botnet doesn't seem to be actively doing anything at the moment, so it appears that Dr Web has caught it in the earlier stages of being built up. The UK has seen the third most amount of infections with around 1,220, with the US unsurprisingly in the lead on 4,600.

Dr Web has, naturally enough, added the virus to its definitions so if you're running its antivirus program for OS X, it'll catch and scrub the malware – and presumably other security firms won't be far behind.