Just like people, many viruses prefer Macs while others like PCs. Traditionally, malicious software programmed for Windows won’t work on Macs, but cyber criminals have found a way around that. According to a recent CSO Online article, hackers are starting to design more malware that will function on both platforms. How do they do it? By targeting popular third-party applications.
By targeting exploits in applications such as Java, hackers don’t have to code viruses for PC and Mac separately, according to CSO. Efficiency is usually a good thing, but it’s a little more troubling when it applies to malware!
“Microsoft spotted the latest trend while investigating malware called Backdoor Olyx, which the software vendor first spotted a year ago,” the article stated. “Subsequent variants since then demonstrated the cross-platform approach taken by malware writers.”
The bad news is that malware evolves and may not always care about which operating system you have. The good news is that CSO offered several tips for mitigating application-based security risks, including:
• Run applications with the safest possible security settings
• Block applications from running if you’re not using them
• Keep all third-party applications up-to-date
• Update your antivirus and other security software
Java exploit sneaks by antivirus
A recent SC Magazine article reported on a specific Java exploit incident that affected customers of payroll outsourcing company ADP. The hacking attempts began as phishing attacks, which tricked payroll administrators into clicking on links that were laced with exploitation webkits.
“One attack reported by some of ADP’s 600,000 customers attempted to con users with warnings that the company’s digital certificate was close to expiry,” the article stated. “ADP issued an advisory warning customers of the attacks and pledging to track down the offenders.”
The attacks also highlighted the importance of layered security, as the malicious code was only detected by eight of 41 antivirus vendors. The article stressed the importance of educating employees within organizations in regard to phishing attacks. By looking through email logs, users can usually identify format and other unique characteristics of legitimate emails from an organization and fake phishing emails from cyber criminals.
Do you use a large number of third-party applications like Java? Do you always keep them up to date?