Apple Updates Malware Definitions to Protect Against Botnet Threat Coordinated Via Reddit
Last week, Russian anti-virus firm Doctor Web disclosed a newly discovered piece of OS X malware known as Mac.BackDoor.iWorm that at the time had affected roughly 17,000 machines around the world. While the exact mechanism of infection was unclear, an interesting twist to the story involves compromised machines running search queries on Reddit to obtain instructions about which command and control servers should be used to manage the botnet.
It is worth mentioning that in order to acquire a control server address list, the bot uses the search service at reddit.com, and -- as a search query -- specifies hexadecimal values of the first 8 bytes of the MD5 hash of the current date. The reddit.com search returns a web page containing a list of botnet C&C servers and ports published by criminals in comments to the post minecraftserverlists under the account vtnhiaovyd.
Once connected to a command and control server, the backdoor opened by the malware on the user's system can receive instructions to perform a variety of tasks, from stealing sensitive information to receiving or spreading additional malware.
In an effort to address the threat, Apple has now updated its "Xprotect" anti-malware system to recognize two different variants of the iWorm malware and prevent them from being installed on users' machines.

First introduced with OS X Snow Leopard, Xprotect is a rudimentary anti-malware system that recognizes and alerts users to the presence of various types of malware. Given the relative rarity of malware targeting OS X, the malware definitions are updated infrequently, although users' machines automatically check for updates on a daily basis. Apple also uses the Xprotect system on occasion to enforce minimum version requirements for plug-ins such as Flash Player and Java, forcing users to upgrade from older versions known to carry significant security risks.
Popular Stories
At WWDC 2022 last year, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple said the first vehicles with support for the next-generation CarPlay experience would be announced in late 2023, but it has still not shared any additional...
If you have an iPhone 15 and drive a BMW, it might be best to avoid charging the device with the vehicle's wireless charging pad for now. Over the past week, some BMW owners have complained that their iPhone 15's NFC chip no longer works after charging the device with their vehicle's wireless charging pad, according to comments shared on the MacRumors Forums and X, formerly known as Twitter. ...
Apple plans to release an iOS 17 update to address a bug that may contribute to the reported iPhone 15 Pro and iPhone 15 Pro Max overheating issue, according to a statement the company shared today with MacRumors and Forbes reporter David Phelan. Apple also says some recent updates to third-party apps have overloaded the system and contributed to the overheating issue. The report notes that...
Significant changes are expected to arrive with Apple's fourth-generation iPhone SE, in terms of both design and hardware, MacRumors has learned. The iPhone SE 4, known internally under the codename Ghost, is expected to receive a new design derived almost entirely from the base model iPhone 14. According to our sources, the iPhone SE 4 will use a modified version of the iPhone 14 chassis...
MacRumors has obtained preliminary information on the weights and dimensions planned for the iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max. The information corroborates previous reports suggesting that the iPhone 16 Pro and 16 Pro Max will feature larger displays. iPhone 16 and 16 Plus Current information suggests that the iPhone 16 and 16 Plus will maintain the same...
CarPlay is not working as expected for some iPhone 15 users, an issue that is likely linked to the transition to USB-C. There are multiple complaints from MacRumors readers and Reddit users who are unable to get CarPlay to work with their new devices. Cable type and available port options are a common theme in the CarPlay reports, with many of the functionality problems linked to USB-A to...
Wednesday September 27, 2023 1:57 pm PDT by
Juli CloverJust a week after releasing iOS 17, Apple has seeded the first beta of iOS 17.1 to developers. iOS 17.1 adds some features that Apple promised were coming to iOS 17 in the future, plus it refines and improves some existing features. This guide covers everything new in the first iOS 17.1 beta. Apple Music Favorites You can favorite songs, albums, playlists, and artists in the iOS 17.1...
Top Rated Comments
No amount of malware security can fix stupid.
EDIT: Link to evidence: http://www.thesafemac.com/iworm-method-of-infection-found/ (http://www.thesafemac.com/iworm-method-of-infection-found/)
Good update - a lot of the "Hey look! Mac malware!" hue and cry has, of course, come from the usual places, namely antivirus software houses - and that hue and cry has not mentioned how the damn thing gets in your Mac in the first place.
That was a glaring omission, and it was right for MacRumors to hold off until now.
You won't find it in either because the update is via xprotect, which is updated automatically. I know there used to be a way to force an update using a terminal command, but iirc there isn't a way to do this in Mavericks (yet).
However there's a thing that really annoys me when installing software: allowing administrator rights. Ok, let's give administrator rights so the app can copy stuff to some system folders, but since it should not be the standard behavior of any app, why OSX doesn't give a more detailed explanation of what will be done with the root access I'm giving? It could throw that warning popup with a button providing additional details of the operation, don't you agree?
No offence but is the file safe? not to be rude but this thread is about downloading files from unknown sources and just installing them
IF this bad software actually did spread BY ITSELF, then it would seem to be the first real-world successful OS X “virus.” (Technically, “worm” is the better term: a “virus” specifically infects/alters apps, while a “worm” is less specific: any malware that spreads on its own.)
But that doesn’t appear to be the case—making this just another trojan.
Any OS is vulnerable to lies, and that’s what a trojan is: someone lies to you and says “trust this program with your system!” Luckily, OS X makes trojans pretty hard to get these days: you have to go to some very specific effort to run un-trusted, unsigned code. If you know how to do that, you should know better! (Signed code can be remotely shut down by Apple if it's determined to be bad--even outside the App Store.)
Pirates beware: don’t trust shady downloads.