Notes from an insecure web

Protecting Your Mac From Malware

Read Time: 3 minutes Discover tricks hackers use to compromise your Mac security.


TL;DR: use
in Finder to view detailed information about any file on your computer.⌘i In Finder select
> preferences > advanced always show file extensions

Intro

Mac has a reputation for not being susceptible to viruses and malware. This reputation is partly earned through solid security and through highly effective marketing. However viruses and malware affect OSX just as much as they effect any other operating system. Malware like CookieMiner, CrossRaider and over 10 others have been released just this year (2019). A large list of OSX malware samples have been collected at Objective-see malware list

How does most of this malware find its way onto targeted computers? By tricking users to run it. The malware may be an office document or zip file from an impersonated colleague or business partner. It could be adware installed from a web page the user visited or it could come from another source altogether. Whatever the case there are some steps your should take before double clicking on that file.

What's That File?

Apple tries to make life easy for its users and usually does a good job at that. Sometimes, this simplicity hides important details. For instance, the Mac Finder (File Explorer) hides the file extension from users and will display any icon included in the file. This means that an .app named "application" will display in finder as "2020_Taxes_PDF.app". If the application also includes a PDF icon, it will appear like a PDF file: 2020_Taxes_PDF

This looks like a PDF document, but what is it really?

Bring up detailed file information by selecting the file and pressing ⌘i (Command i). In the general section of the popup you can see that this file is actually an application. OSX finder has hidden the actual contents from us and displayed the bundled application icon which is PDF icon.

By default OSX finder will hide the extension of applications which can make it difficult to determine if a file is an app, or malware.

You can force Finder to always display file extensions by opening Finder then select:
preferences > advanced > always show file extensions

You can enforce this behavior with the following command:


            # defaults write NSGlobalDomain AppleShowAllExtensions -bool true