The makers of MacKeeper – a much-maligned software utility many consider to be little more than scareware that targets Mac users – have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er… Users. Perhaps more interestingly, the guy who found and reported the breach doesn’t even own a Mac, and discovered the data trove merely by browsing Shodan – a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.
The most surprising news here is that apparently at least 13 million Mac users have this piece of scamware installed. You know, it’s almost as if Mac users are not the special flower children some people would like us to believe, and are just as susceptible to social engineering and lapses in judgment as anyone else.
Who knew, right?
The tag is “a hef=…” (missing an ‘r’)
Article at http://krebsonsecurity.com/2015/12/13-million-mackeeper-users-expos…
You promise nude pics of (insert famous female celebrity here), and dumbasses everywhere will click on/open just about anything, clicking ‘Yes/OK’ on all security prompts. Thus, it doesn’t really matter what OS they’re on if it isn’t locked down.
In other words, you can’t save people from themselves.
It’s all those switchers that get suckered into using MacKeeper. They seem to think if they needed a “fix-all” utility on their Windows box they must need one on their Mac too. Trouble is MacKeeper is the first one they see and fall for the marketing buzz. I’ve warned ever single switcher I know to stay away from MacKeeper. Do they listen? No.
Unfortunately it’s not just the switchers. My old man has been a Mac user for a little over 20 years (Apple II/IIgs guy before that), and last time he asked me to look at his laptop cos it’d had a few problems, I was shocked and disappointed to discover MacKeeper installed.
(Mainly shocked because he must have been on seedy porn site or something at some point to have seen a link to it).
The switchers? You mean all Mac users?
Well most of them anyways. There are very, very few Mac users that did not come from windows.
I guess there might be some younger kids that came of age with osx that I might not be thinking of. Oh crap, I’m old. IF you start using a mac at age 10 in 2004 when osx was finally ready, you’d be 21 now.
Hmm… so its old people like me… I understand your comment now.
Edited 2015-12-16 14:42 UTC
LOL. The fix-all utility of Mac users is ‘repair permissions’ in the Disk Utility, and the first tip to anyone asking for help with any OS X problem. AFAIK, it never works.
“it’s almost as if Mac users are not the special flower children some people would like us to believe”
Thom, are you 12 years old? I appreciate that OSAlert isn’t really a news site, and you’re not a professional writer, but statements like that are the worst kind of weak & lazy writing.
Perhaps Thom wanted to be sarcastic????
Sadly, some of the other comments are correct. Converts think that they need the same sort of utility as they had on Windows and this POS comes up in the search engines so they install it.
I’ve had to remove it from (i think) six iMacs/Macbooks in the last year.
I consider this thing to be the OSX equivalent of Norton (shudder)
Not all of us Flower Children/Hippies are susceptible to this rubbish. Yes I’m old enough to have been in London in the late 1960’s and saw Hendrix at the IOW.
Peace Bro!
You should try Norton again. It’s fast and very capable. It’s not the 90s anymore.
Why should anyone reward Norton for their previous behaviour? No second chances.
Vanders,
I’m no fan of their previous behavior either, at one point they intentionally made their bundled software practically impossible to uninstall without downloading a tool to do so.
However, the current behavior of some of their competitors (avast, avg) is so annoying that it might be worth another look. I just can’t recommend software that installs popup ads on user desktops. AV is supposed to defend against this stuff, not replace it.
With that logic you shouldn’t be using OSX, because during the time that Norton was horrible…so was OSX.
OSX improved, Norton apparently improved…but why would you use any program like that when the OS already has anti-malware built-in?
…it’s impossible. People using an Unix-based / Open-Source / Amiga / FreeDOS / whatever non-Windows OS must be safe by definition. Just stay away from Windows, and you’re done.
/s
(now waiting for That Other Troll from That Other Thread to come here and shell out his nonsense)
FreeDOS is actually pretty safe because of the tiny attack surface. It doesn’t even have a TCP stack unless you explicitly load one. Write a DOS program with no security holes and you’re safe as long as it’s running and nobody else has physical access to your machine.
For sure! But what kind of utility does it actually have in the modern world for the average user, apart from, say, letting you play old DOS games with high fidelity? I mean, instead of that minitower case on your desktop you could always have a stash of bricks: it’s the safest bet by a long measure…
Well let’s see, i’m going on the 28th year using a mac and I’ve gotten 0 viruses. My coworkers on macs have gotten 0 viruses. My family with macs have gotten 0 viruses.
How many times have I run a mac anti-virus scan in 28 years? 0.
Yes it makes me feel a wee bit superior to users who seemingly have to reformat their hard drive every 8 months and run scans every day and night.
MacKeeper is scammer and always has been. I only see it advertised at adult sites. If you think Mac users don’t ever fall for a scam you are wrong. If you think the MacOS helps them to get scammed you are also wrong.
Thom’s like Fox News and Apple is Obama.
Well, any chance to expose that smug, selfish liar for what he really is suits me just fine. It’s as if people don’t think he’s a politician like any other… but that’s another topic entirely.
ezraz,
How would any of them actually know? Do they just assume they are ok just because “it’s apple” (apple themselves have been guilty of promoting this fallacy). Many users will only find out they have malware because an AV product tells them. Sometimes there are obvious “tells”, ie when the malware actively interferes with the user in some way as to alert them of the existence of malware, but how can you confidently detect stealth malware on a Mac especially without tools? I’m asking this as a serious question.
Apple computers had viruses before Microsoft.
http://blogs.quickheal.com/wp/the-first-pc-virus-was-designed-for-a…
Obviously Mac computers aren’t as ubiquitous as Windows and that makes them a smaller target, so Mac users do have that statistical advantage going for them. But a careless Mac user who practices risky behavior can install trojans just like his Windows counterpart can.
http://www.networkworld.com/article/2267601/lan-wan/first-mac-os-x-…
Of course eliminating risky behavior significantly reduces your chances of getting malware. But this is true for any platform, not just Mac. And even without risky behaviors, all operating systems are caught with exploitable vulnerabilities from time to time…
http://www.computerworld.com/article/2531805/security0/researcher-c…
Understand that I’m not trying to pick on you, but it always seems to be Mac users that come out suggesting unfounded superiority. I feel it’s our responsibility as IT professionals to raise security awareness on all platforms rather than just brush it off because macs aren’t vulnerable. That’s a fallacy.
Edited 2015-12-16 15:48 UTC
i agree with the gist of your post but claiming maybe the users didn’t know they had a virus is really stretching it. We are talking about days, weeks, hundreds of hours of downtime for windows viruses over the years – complete projects lost, hard drives wiped, etc.. Compare that to macs where you have to really dig to find a single person who’s lost anything from an outside attack.
i understand the smaller market argument but that doesn’t explain how wide open windows was compared to classic MacOS (single user) and OS X (unix). Macs and iOS are very popular these days and you still don’t need virus checking or disabling all attachments. It’s more than market share, it’s an attention to basic security, ease of use and privacy that apple never gets any credit for.
Most of this is accomplished through API and company policy towards vendors/developers.
Edited 2015-12-16 18:15 UTC
ezraz,
Look it’s no secret that I’m no fan of windows either, but they have made good strides with security, which to be fair we should give MS credit for. IMHO you should be focusing your wrath at what they’ve done to invade user privacy.
Edited 2015-12-16 22:14 UTC
they don’t have 13 million users. please.
they don’t even have 1 million users.
they are a scam company that preys on switcher types that believe you need virus checking and extra protection on a mac. you don’t and only an idiot would give a company like mackeeper their data.
that’s 13 million cookies from p0rn, warez, and free game sites.
Edited 2015-12-16 18:12 UTC
This is the weird thing. Only one idiot would give MacKeeper their money, but it is those same idiots that might actually need the protection that MacKeeper promises (no idea if they deliver).
If somebody is stupid/gullible enough to download and install MacKeeper they are probably stupid/gullible enough to download other junk as well
Modern OS’es protect the OS pretty well by default, but they only provide a very moderate defense against programs that a user allows to run on their system. So while the OS itself is safe, your own data files are much less safe if you don’t make a backup.
Whenever I am asked to cleanup someones machine I am never worried about viruses or malware, I am worried about the users data
PS. Everyone is only talking about OSX and MacKeeper, nobody really seems to care about the actual hack and the 13 million compromised accounts…no mercy for those gullible MacKeeper users here!