1. New Mac Virus
  2. Mac Os Virus Software
  3. Let's End The Virus Mac Os Catalina

In this article, we will look at the most common Mac viruses and security flaws, how to detect them, prevent your Mac from getting them, and how to remove them.

The more macOS grows in popularity, the more lucrative it becomes to hackers and rogue programmers, and with no anti-virus, your MacBook is at risk of attack. Viruses on Mac are more common than you might imagine. We’re going to run through known Mac viruses, malware, and security flaws and show you how to keep your computer safe using CleanMyMac X.

Researchers created Thunderstrike 2 firmware malware that could remotely infect Apple computers and remain even if a user were to wipe the hard drive and reinstall the OS. At Black Hat and Def Con. Now, let's have a look at the simple steps on Word document recovery. You only need to launch the Word file recovery software and do a few clicks. Step 1: Select a location storing the Word file. To recover the not opening document caused by accidental deletion, you need to select the drive where the data files are lost. Then, click the 'Start.

Something to note before we continue: a virus is a type of malware, capable of copying itself and spreading across a system. Malware is a blanket term for a wide range of malicious software including adware, spyware, ransomware, and Trojans. So all viruses are malware, but not all malware are viruses if that makes sense?

Okay, let’s dig in.

How a Mac virus infects your system

New Mac Virus

How does a Mac virus find its way onto your system in the first place? Typically with a helping hand from you.

Apple viruses rely on you downloading a program, clicking a link, or installing an app or plugin.

The most common ways for malware to infiltrate your computer is through third-party browser plugins like Adobe Reader, Java, and Flash, or by using a Trojan horse or phishing scam — an app or email that appears to be from a legitimate source, but is in fact fraudulent. The moment you click on a link and enter details or download the seemingly genuine app, you give the green light for a virus to infect your system.

Let

The best way to avoid a virus on Mac is to be vigilant. Double check every app that you want to download and every email that you receive before following through on an action. If something seems off, there’s every chance that it is.

However, as you’ll see from some of the viruses, in certain cases even vigilance can’t protect you.

An X-ray of a Mac virus: Here is what it looks like

Below is an executable command of an adware code. As you can see it aims to 'download offers' that users see on their computers

Known Mac viruses

1. Microsoft Word macro viruses

What’s that, a Microsoft program bringing its virus-riddled programs over to Mac? Unfortunately, yes.

Macros are commonly used by Word users to automate repetitive tasks and they're a prime target for Malware peddlers. Macro support on Mac was removed by Apple with the release of Office for Mac back in 2008, but was reintroduced in 2011 meaning files opened with macros enabled could run a Python code to log keystrokes and take screenshots of personal data.

In 2017, Malwarebytes discovered malware in a Word document about Donald Trump to the worry of Mac users. However, the chances of being infected rely on you opened that specific file, which is slim.

A warning message that Apple displays anytime a file contains macros should be enough to keep you safe from Word macro viruses.

2. Safari-get

Safari-get is a denial-of-service (DoS) attack that began targeting Mac in 2016. The malware is hidden behind a link in a seemingly genuine tech support email — you click on the link, the malware makes itself at home on your computer.

What happens then depends on whether you’re running macOS 10 or 11. The first variant takes control of the mail application to force create multiple draft emails. The second force opens iTunes multiple times. The end goal for both is the same: overload system memory to bring your Mac to its knees so that you call up a fake Apple tech support number and hand over your credit card details to a bogus team on the other end of the line.

MacOS High Sierra versions 10.12.2 and above include a patch for this vulnerability, so updating your machine should keep you safe.

3. OSX/Pirrit

OSX/Pirrit is a virus that is able to gain root privileges to take it upon itself to create a new account and download software that you neither want nor need. The virus was found by Cybereason to be hidden in cracked versions of Adobe Photoshop and Microsoft Office that are popular on torrent sites.

Mac Os Virus Software

A stark reminder, if ever you needed one, to never download pirated software!

Known Mac malware

1. OSX/MaMi

OSX/MaMi holds the distinction of being the first macOS malware of 2018. It targets Mac users with social engineering methods such as malicious emails and website pop-ups. Once it’s made its way onto a system, the malware changes DNS server settings so that attackers can route traffic through malicious servers and intercept any sensitive data. MaMi is also capable of taking screenshots, downloading and uploading files, executing commands, and generating mouse events.

The Hacker News provides instructions on how to identify the virus on your system:

“To check if your Mac computer is infected with MaMi malware, go to the Terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.”

2. OSX/Dok

This piece of Malware is a worrying one in that it is signed with an Apple-authenticated developer certificate, thus allowing it to bypass Mac’s Gatekeeper security feature and XProtect. Like OSX/MaMi, OSX/Dok intercepts all traffic (including traffic on SSL-TLS encrypted websites) moving between your computer and the internet to steal private information.

Since it arrived on the scene in April 2017, Apple has revoked the developer certificate and updated XProtect, however, it remains one to look out for.

3. Fruitfly

Fruitfly malware has stolen millions of user images, personal data, tax records and “potentially embarrassing communications over a 13 year period by capturing screenshots and webcam images. Researchers are unsure how the near-undetectable “creepware” finds its way on to Mac systems and while Apple has been working to patch the issue, it’s unknown if newer versions still exist in the wild.

4. X-agent

X-agent is classic malware capable of stealing your passwords and iPhone backups and taking screenshots of sensitive data. It has mainly targeted members of the Ukrainian military, which is very bad, of course, but if you're not a member of Ukrainian military you’re unlikely to be affected.

5. MacDownloader

While its name suggests it could be a useful app, MacDownloader is a very nasty piece of malware programmed to attack the US defense industry. It’s hidden inside a fake Adobe Flash update and shows a pop-up claiming your system is infected with adware. By clicking on the alert and entering your admin password, MacDownloader lifts sensitive data, including passwords and credit card details, and sends it to a remote server.

MacDownloader is designed to attack a particular audience, but it’s worth checking for updates on Adobe’s official website before installing any new version of Flash.

6. KeRanger

KeRanger is macOS’s first introduction to ransomware — malware that encrypts system files and demands a ransom to decrypt them. It was bundled in with the torrent client Transmission version 2.90 and installed at the same time, using a valid Mac app certificate to sneak through Apple security. Once document and data files are encrypted, KeRanger demands payment in bitcoin for the malware to be removed.

Transmission has released an update to remove the malware and Apple has removed KeRanger’s GateKeeper signature to protect users. If you’re using Transmission 2.90, head over to the Transmission website to download the latest update.

Known Mac security flaws

1. Goto fail bug

The Goto fail bug was a bit of an embarrassing one for Apple in that the security flaw was as a result of its own doing. A bug in Apple’s SSL (Secure Sockets Layer) encryption meant that a Goto command was left unclosed in the code, thus preventing SSL from doing its job to protect users of secure websites. The flaw put communications sent over unsecured Wi-Fi (the hotspots you use at the mall and in coffee shops) at risk, allowing hackers to intercept passwords, credit card details, and other sensitive information.

Apple has since patched the issue on macOS, but it certainly makes you think twice about how you browse the web on your MacBook in a public place.

2. Meltdown and Spectre

In January 2018, it was announced that there was a flaw in Intel chips used in Macs, giving rise to the dastardly duo of Meltdown and Spectre.

From Apple:

The Meltdown and Spectre issues take advantage of a modern CPU performance feature called speculative execution. Speculative execution improves speed by operating on multiple instructions at once—possibly in a different order than when they entered the CPU. To increase performance, the CPU predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.

The Meltdown and Spectre exploitation techniques abuse speculative execution to access privileged memory—including that of the kernel—from a less-privileged user process such as a malicious app running on a device.

Meltdown and Spectre affects all Mac systems, but Apple insists there are no known exploits currently impacting customers. macOS 10.13.2 and above includes a patch to protect against both flaws.

3. High Sierra “root” bug

As far as security flaws go, High Sierra’s “root” bug is a pretty big one. The flaw, which was discovered by software developer Lemi Orhan Ergin, allowed anyone to gain root access to a system by leaving the password field blank and trying multiple times in a row. So, anyone with physical access to your system, or access via remote desktop or screen-sharing, could type in “root” and hit enter a few times to gain full control of your Mac. Scary thought, huh?

Apple has recently released an official fix for the flaw, but it’s worth taking care about who shares access privileges on your Mac.

How to recognize a virus on Mac

So how do you spot a virus on your MacBook Pro or iMac? In the case of ransomware like KeRanger or a DoS attack like Safari-get, the issue is in your face. With other malware, however, the infection is less obvious.

A few of the tell-tale signs include:

  • Unexpected system reboots
  • Apps closing and restarting for no reason
  • Browsers automatically installing suspicious updates
  • Web pages obscured with ads
  • Drop in system performance

How to avoid a virus on Mac

We briefly covered this at the top of the article, but there are measures you can take to help safeguard your system:

  • Always check the source of an email by looking at the address of the sender
  • Avoid pirated software
  • Avoid software and media downloads from torrent clients
  • Avoid apps or pop-ups that ask you to “fix” an infected Mac
  • Never download codecs or plug-ins from unknown websites
  • How to remove a virus on Mac

If you suspect a Mac virus has infected your system, it’s important to address the problem immediately. There are two ways that you can do this: manually or with CleanMyMac X.

How to remove a virus on Mac manually

To remove a virus manually, the first thing to do is find out what’s causing the problem.

The chances are it could be a downloaded file, so go to your Downloads folder and search for .DMG files. If the file is unfamiliar, delete it and empty the Trash.

If an app is the issue, go to your Applications, drag the icon of the culprit to the Trash bin and empty the Trash immediately.

Both of these methods offer a quick fix, but neither is the most comprehensive of solutions. The way in which viruses work means that the infection could have spread to system folders. If the problem persists, opt for the more robust CleanMyMac 3.

How to remove malware on Mac with CleanMyMac X

CleanMyMac X is designed to detect and remove malware threats from your Mac, including adware, spyware, ransomware, worms, and more.

If malware is lurking within your Mac, it won’t be after CleanMyMac is done with it.

  1. Download CleanMyMac X (free download) and launch the app.
  2. Click on the Malware Removal tab.
  3. Click Scan.
  4. Click Remove.

This app is actually notarized by Apple so you are safe using it. Speaking of malware, it has a real-time monitor that keeps an eye on your Launch Agents. If an unknown app tries to add itself into your system folders, you'll get an instant notification from CleanMyMac X.

Keep your Mac virus-free

For the most part, using a Mac is a pleasant, malware-free experience, but no computer is ever 100% virus-free. Keeping abreast of known Mac viruses so that you know what to look for and airing on the side of caution when downloading software will help keep your system running smoothly. And if a rogue app does make its way on your system, keep CleanMyMac X close to hand to remove it immediately and completely.

Yes, there were viruses for the Classic Mac operating system. Not a lot, mind you, especially in comparison to the vastly more popular Microsoft Windows platform, but they did exist.

This page lists Macintosh viruses by their date of origin.

1987

Let's End The Virus Mac Os Catalina

  • nVIR A, B (AIDS, F**k, Hpat, Jude, kOOL, MEV#, nCam, nFlu, prod), Dec. 1987: Infects System 4.1 and higher as well as any open applications. It is not designed to cause damage, just to be a nuisance. It is spread by movng an infected program to another Mac by disk or network. After infection, nVIR does a countdown upon reboot. After 1000 restarts, it will beep during 1 of 8 System launches, and infected programs will boot 1 of 4 times they are run. If MacInTalk is installed, the infected computer may occasionally say “Don’t Panic”. Wikipedia states: “The source code to the original nVIR has been made widely available, and so numerous variants have arisen. Each variant causes somewhat different symptoms, such as: application crashes, printing errors on laser printers, slow system response time, or unpredictable system crashes.” Extant versions don’t cause intentional damage. Payload is either beeping or (nVIR A) saying “Don’t panic” if MacInTalk is installed, a reference to Douglas Adams’Hitchhiker’s Guide to the Galaxy.

Variants

  • CLAP, designed to avoid detection by Disinfectant (Disinfectant 3.6 recognizes it)
  • nCAM
  • nVIR C, July 1991
  • nVIR-f
  • prod
  • zero

Further Reading

  • nVIR (computer virus), Wikipedia
  • MacOS/nVIR, McAfee
  • A Vaccine for the ‘nVIR’ Virus, MacTech

1988

  • MacMag (Aldus, Brandow, Drew, Peace), Feb. 1988: First distributed as a HyperCard stack on Compuserve and GEnie, this virus only infected System files and could spread from one bootable disk to another until 1988.03.02. It posted the message “RICHARD BRANDOW, publisher of MacMag, and its entire staff would like to take this opportunity to convey their UNIVERSAL MESSAGE OF PEACE to all Macintosh users around the world.” and then deleted itself on 1988.03.03
    • MacMag virus, Computer Knowledge
  • Scores (Eric, Vult, NASA, San Jose Flu) spring 1988: Infects System 6 and 7; damages System 6.0.4 and later. Creates an invisible file names Scores that runs at startup. It attaches itself to the Scrapbook File and Note Pad File, creating them if they don’t exist. aimed to attack two applications that were never generally released. It also infects the System file and every application run on an infected Mac. It can cause accidental damage – system crashes and problems printing or with MacDraw and Excel. Infects applications, Finder, DA Handler.
    • Scores Virus, MacTech, 1988.06
    • Scores (computer virus), Wikipedia
  • SevenDust (SevenD, MDEF 9806, MDEF 666, MDEF E, Graphics Accelerator), June 1998: A family of viruses which spread both through ‘MDEF’ resources and a System extension created by that resource. Some of these viruses cause no other damage, but MDEF 9806-B may erase all non-application files on the current volume on the sixth day of the month. The SARC encyclopedia calls MDEF 9806-C, “polymorphic and encrypted, no payload,” and MDEF 9806-D, “encrypting, polymorphic, symbiotic,” and says the symbiotic part, “alters a ‘WIND’ resource from the host application.” SevenDust E, not to be confused with the legitimate ATI driver “Graphics Accelerator”, began as a Trojan released to Info-Mac and deleted in September 1998. Takes two forms, ‘INIT’ resource ID ’33’ in an extension named “001Graphics Accelerator” and an ‘MDEF’ resource ID ‘1’ to ‘255’. Between 6:00 a.m. and 7:00 a.m. on the sixth and twelfth day of any month, the virus will try to delete all non-application files on the startup disk. John Dalgliesh describes “Graphics Accelerator” on his Web page for AntiGax, a free anti-SevenDust E utility; any errors here in translation are not his. SevenDust F uses a trojan “ExtensionConflict”, common extensions names, and creator ‘ACCE’.[SL]
    • MacOS/SevenDust, McAfee
    • ‘Graphics Accelerator’/’SevenDust’/’666’ Reader Report, MacInTouch
    • MacOS.Sevendust, Symantec
  • Init 29 (Init 29 A, B), June 1988: Spreads rapidly. Infects system files, applications (even those that are not running), and document files (document files can’t infect other files, though). May display a message if a locked floppy is accessed on an infected system ‘The disk “xxxxx” needs minor repairs. Do you want to repair it?’. No intentional damage, but can cause several problems – Multiple infections, memory errors, system crashes, printing problems, MultiFinder problems, startup document incompatibilities.
    • Mac/INIT-29, Sophos
  • Code 9811, Aug. 1998: Infects open applications. Temporarily makes them invisible while creating an infected replacement program, then renames original apps with strange names like DPEVLZREEYO and BMQTKECNLI. It also attempts to find and delete antivirus software. The most obvious symptom of the virus is a screen that looks like trails left by 3 little yellow dots crawling around the screen – and red trails when they are in three rectangles that eventually become a red pi. Finally, the virus pops up amessage that reads “π You have been hacked by the Praetorians π”, a reference to the 1995 Sandra Bullock movie, The Net.
    • The Code 9811 Virus, silent.se
    • CODE9811, John William Dalgliesh

1989

  • Anti (Anti-A, Anti-Ange, Anti-B, Anti Variant), Feb. 1989: Only infects 400K and 800K floppies. Can cause damage under System 6.0.x when MultiFinder is not being used. Can only infect a single file with MultiFinder or System 7.x. Can be spread through email attachments. Can damage applications so that they can’t be repaired.
    • MacOS/ANTI, McAfee
  • WDEF (WDEF A, WDEF B), Dec. 1989: Infects the Desktop file used by the Finder. Does not infect anything else. Not intended to cause harm. Spread through sharing disks, as every Mac disk includes a Desktop file. It is not necessary to run a program to spread this virus; simply mounting the disk is enough for it to infect the Desktop file of every disk mounted on the Mac. WDEF will cause the Mac IIci and Mac Portable to crash and can cause severe degradation of AppleTalk networks as it attempts to infect their Desktop files. Many reports of system crashes when saving if MultiFinder is active. Can damage disks and will make Macs with 8 MB of RAM crash.
    • Information about the WDEF virus, CIAC

1990

  • Zuc (A, B, C), Mar. 1990: Infects applications, doesn’t show itself for two weeks. The cursor moves diagonally and uncontrollably across the screen when the mouse button is held down when an infected application is run. No other intentional damage is done.
    • Mac/ZUC-A, Sophos
  • MDEF (MDEF A/Garfield, MDEF B/Top Cat, C, D), May 1990: This virus infects the MDEF resource of the System file and applications. It can crash the Mac 128K and 512K, although these models cannot spread it. It can also remove system menus. It is spread through system files and applications. Version D does not infect the System file and can damage program files beyond repair.
  • The MDEF or Garfield Virus on Macintosh Computers, CIAC
  • MDEF (computer virus), Wikipedia
  • CDEF, August 1990: Similar to WDEF. Infects desktop files. Only functions under System 6.0.x. No intentional damage, but causes system crashes, printing problems, and other unexpected behavior. Both MDEF and CDEF were authored by an unidentifed 16-year-old from Ithaca, New York.
    • MacOS/CDEF, McAfee

1991

  • none!

1992

  • MBDF (MBDF A, MBDF B, Tetricycle), Feb. 1992: Infects system files and applications and discovered because Claris programs include integrity checking code and report when they’ve been modified. Discovered infecting three games on many popular Internet sites: 10 Tile Puzzle, Obnoxious Tetris, and Tetricycle (or tetris-rotating). Not malicious, but it can cause accidental damage to the System file if the computer is restarted while it is infecting the System file (as it takes a long time to do this and the Mac appears to hang up duirng the process, this isn’t uncommon). It can also cause problems when choosing commands from menus, particularly in System 7.0.1. A minor variant of MBDF B appeared in summer 1997.
    • MBDF Virus, Adam C. Engst, TidBITS
    • MacOS/MBDF, McAfee
  • Init 1984, March 1992: Malicious. Infects system extensions (INITs). Works under Systems 6 and 7. Triggers on Friday 13th. Damages files by renaming them, changing file TYPE and file CREATOR, creation and modification dates (to 1904.01.01), and by deleting up to 2% of them. Init-M is similar, but only infect System 7.x and may rename a file or folder as “Virus MindCrime”.
    • INIT 1984 (computer virus), Wikipedia
    • Mac/INIT-1984, Sophos
    • Mac/INIT-M, Sophos
  • T4 (A, B, C, D), June 1992: Infects applications, Finder, and tries to modify System so that startup code is altered. Under System 6 and 7.0, INITs and system extensions don’t load. Under 7.0.1, the Mac may be unbootable. Damage to infected files and altered System is not repairable by Disinfectant. The virus masquerades as Disinfectant, so as to spoof behaviour blockers such as Gatekeeper. Originally included in versions 2.0/2.1 of the public domain game GoMoku.
    • Mac/T4, Sophos
    • MacOS/T4, McAfee

1993

  • Init 17, April 1993: Infects System file and applications and may cause irreparable damage to program files. Displays the message “From the depths of Cyberspace” the first time you restart an infected machine after 1993.10.31 6:06:06 PM. Can make Mac Plus, SE, and Classic crash.
    • New INIT 17 Virus Busted, Mark H. Anbinder, Technical Support Coordinator, BAKA Computers

1994

  • Init-9403 (SysX), March 1994: Infects applications and Finder under System 6 and 7. Attempts to overwrite whole startup volume and disk information on all connected hard drives. Only spreads on Macs running the Italian version of the Mac OS.
    • New Macintosh Virus: INIT-9403, CIAC
    • Mac/INIT-9403, Sophos
  • Init 29-B, April 1994

1995

  • First Microsoft Word macro virus

1998

  • Autostart Worm (Autostart 9805, Hong Kong Virus), May 1998. Only infects PowerPC Macs and spreads itself to every writable partition mounted on the infected computer. This includes mounted drives on a computer network. The infection vector is the CD-ROM AutoPlay feature in the QuickTime control panel, so preventing infection is as easy as disabling CD-ROM AutoPlay in that control panel.
    • The AutoStart Worm, Macintouch Special Report
    • AutoStart 9805 Macintosh Worm Virus, CIAC
    • The Autostart Worm, Low End Mac
  • Code 1: file infector. Renames the hard drive to “Trent Saburo”. Accidental system crashes possible.
  • Code 252: infects application and system files. Triggers when run between June 6th and December 31st. Runs a gotcha message (“You have a virus. Ha Ha Ha Ha Ha Ha Ha Now erasing all disks… [etc.]”), then self-deletes. Despite the message, no intentional damage is done, though shutting down the Mac instead of clicking to continue could cause damage. Can crash System 7 or damage files, but doesn’t spread beyond the System file. Doesn’t spread under System 6 with MultiFinder beyond System and MultiFinder. Can cause various forms of accidental damage.
  • Code 32767: once a month tries to delete documents. This virus is not known to be in circulation.
  • Flag: unrelated to WDEF A and B, but was given the name WDEF-C in some anti-virus software. Not intentionally damaging but when spreading it overwrites any existing ‘WDEF’ resource of ID ‘0’, an action which might damage some files. This virus is not known to be in circulation.

HyperCard Infectors

  • Dukakis – infects the Home stack, then other stacks used subsequently. Displays the message “Dukakis for President”, then deletes itself, so not often seen.
  • HC 9507 – infects the Home stack, then other running stacks and randomly chosen stacks on the startup disk. On triggering, displays visual effects or hangs the system. Overwrites stack resources, so a repaired stack may not run properly.
  • HC 9603 – infects the Home stack, then other running stacks. No intended effects, but may damage the Home stack.
  • HC “Two Tunes” (referred to by some sources as “Three Tunes”) – infects stack scripts. Visual/Audio effects: ‘Hey, what are you doing?’ message; plays the tune “Muss I denn”; plays the tune “Behind the Blue Mountains”; displays HyperCard toolbox and pattern menus; displays ‘Don’t panic!’ fifteen minutes after activation. Even sources which describe this virus as “Three Tunes” seem to describe the symptoms consistently with the description here, but we will, for completeness, attempt to resolve any possible confusion when time allows. This virus has no known with the PC file infector sometimes known as Three Tunes.
  • MerryXmas – appends to stack script. On execution, attempts to infect the Home stack, which then infects other stacks on access. There are several strains, most of which cause system crashes and other anomalies. At least one strain replaces the Home stack script and deletes stacks run subsequently. Variants include Merry2Xmas, Lopez, and the rather destructive Crudshot. [Ken Dunham discovered the merryXmas virus. His program merryxmasWatcher 2.0 was very popular and still can eradicate the most common two strains, merryXmas and merry2Xmas. merryxmasWatcher 2.0 is outdated for the rest this family.]
  • Antibody is a recent virus-hunting virus which propagates between stacks checking for and removing MerryXmas, and inserting an inoculation script.
  • Independance (sic) Day – reported in July, 1997. It attempts to to be destructive, but fortunately is not well enough written to be more than a nuisance. More information at: <http://www.hyperactivesw.com/Virus1.html#IDay>
  • Blink – reported in August, 1998. Nondestructive but spreads; infected stacks blink once per second starting in January, 1999.

Trojans

  • ChinaTalk – system extension – supposed to be sound driver, but actually deletes folders.
  • CPro – supposed to be an update to Compact Pro, but attempts to format currently mounted disks.
  • + ExtensionConflict – supposed to identify Extensions conflicts, but installs one of the six SevenDust a.k.a. 666 viruses.
  • FontFinder – supposed to lists fonts used in a document, but actually deletes folders.
  • MacMag – HyperCard stack (New Apple Products) that was the origin of the MacMag virus. When run, infected the System file, which then infected System files on floppies. Set to trigger and self-destruct on March 2nd, 1988, so rarely found.
  • Mosaic – supposed to display graphics, but actually mangles directory structures.
  • NVP – modifies the System file so that no vowels can be typed. Originally found masquerading as ‘New Look’, which redesigns the display.
  • Steroid – Control Panel – claims to improve QuickDraw speed, but actually mangles the directory structure.
  • Tetracycle – implicated in the original spread of MBDF
  • Virus Info – purported to contain virus information but actually trashed disks. Not to be confused with Virus Reference.
  • Virus Reference 2.1.6 mentions an ‘Unnamed PostScript hack’ which disables PostScript printers and requires replacement of a chip on the printer logic board to repair. A Mac virus guru says:
  • “The PostScript ‘Trojan’ was basically a PostScript job that toggled the printer password to some random string a number of times. Some Apple laser printers have a firmware counter that allows the password to only be changed a set number of times (because of PRAM behavior or licensing – I don’t remember which), so eventually the password would get “stuck” at some random string that the user would not know. I have not heard any reports of anyone suffering from this in many years.”
  • AppleScript Trojans – A demonstration destructive compiled AppleScript was posted to the newsgroups alt.comp.virus, comp.sys.mac.misc, comp.sys.mac.system, it.comp.macintosh, microsoft.public.word.mac, nl.comp.sys.mac, no.mac, and symantec.support.mac.sam.general on 16-Aug-97, apparently in response to a call for help originally posted to alt.comp.virus on 14-Aug-97 and followup on 15-Aug-97. On 03-Sep-97, MacInTouch published Xavier Bury’s finding of a second AppleScript trojan horse, which, like the call for help followup, mentioned Hotline servers. It reportedly sends out private information while running in the background. A note to users from Hotline Communications CEO Adam Hinkley is posted at <http://www.macvirus.com/news/press/970903a.html>. AppleScripts should be downloaded only from known trusted sources. It is nigh impossible for an average person to know what any given compiled script will do.

Virus Resources

  • Viruses and the Mac FAQ, David Harley, 2000.01.07

This page only covers malware for the Classic Mac OS. For information on viruses for Mac OS X, see Mac OS X Viruses and Antiviruses.

Keywords: #classicmacviruses #classicmacmalware

Short link: http://goo.gl/sSB1Bf

searchlink: classicmacmalware

⇐ ⇐ Kaoamaru Kaiju Mac OS
⇒ ⇒ My Summer Love Mac OS