Remote Access Torjan (RAT) - fearmongering or actual threat?

[Bubwell]

Hello! Hopefully someone can shed some light.

I'd like to ask if those Remote Access Trojans that articles write about are actual threat or just panic mongering.
http://www.pcmag.com/article2/0,2817,2456683,00.asp
https://www.intego.com/mac-security-blog/adwind-rat-malware-everything-you-need-to-know/
https://www.intego.com/mac-security-blog/new-mac-spyware-discovered-osxdockster-a/

And this garbage that contains some other trash
https://www.intego.com/mac-security...re-and-vulnerabilities-what-you-need-to-know/

Is paranoid user like me who is interested only in basic apps and ones I want from outside App Shop are VLC, GIMP and LibreOffice, don't go to porn and so on, no torrents, would it mean I can breath easy?

 

[Floris]

The latter, while a threat - they still need to be installed, executed, ask for the root pass, etc. The architecture of macOS is different at the kernel level and file system level, than say Windows.

Don't call yourself paranoid. cause you're being smart, preventative and cautious. There's a difference.

Human behavior is usually the problem. And I do not mean that people are stupid. Well, they are as well. But for example. It's harder for people of age to distinguish between one email over the other, a popup or a real thing.

Use unique, strong, and long passwords for every account you have. Store this data securely with a respectable app that doesn't share your private keys with others, or on their own service (like 1Password), and backup the best you can.

If your behavior of not clicking on "just click it, you know you want to, i am not a scam" emails is a habit, and not installing "but it says it speeds up my internet!" apps and fall for things that are too good to be true. Together with using the mac app store, licensed software, etc.

Then you're not protected, but you damn sure are a lot better protected than those who do not.

 

[KALLT]

The risk is certainly present, but there is no need for panic. Thomas Reed, a respected security blogger around here, wrote a blog post about Adwind this summer, which you might want to check out. Dockster is also not new. If you are interested about this, you should pay attention to his blog to stay in the loop. The go-to program for some peace of mind is Malwarebytes Anti-Malware (also made by Reed), which you can use regularly to check your system.

Avoid plugins such as Java and Adobe Flash if you can, acquire software from trusted sources (avoid sites like MacUpdate, Softonic), do some basic research if you are interested in a program, keep your system up to date (make sure that security updates are installed automatically), make sure that Gatekeeper is enabled, don’t open links in emails or open attachments from unknown sources, use an adblocker with a malware blocklist and have a healthy portion of skepticism, especially when programs ask for credentials. There are some other things you can do to increase the security of your system, such as using a standard account for your day-to-day usage.

 

[Floris]

Don't forget that Apple also has GateKeeper which it can silently upgrade.

 

[Bubwell]

If your behavior of not clicking on "just click it, you know you want to, i am not a scam" emails is a habit, and not installing "but it says it speeds up my internet!" apps and fall for things that are too good to be true. Together with using the mac app store, licensed software, etc.

Then you're not protected, but you damn sure are a lot better protected than those who do not.

Thank you for your reply!
You mean that I'm not protected, but it is best that can be hoped?

The risk is certainly present, but there is no need for panic. Thomas Reed, a respected security blogger around here, wrote a blog post about Adwind this summer, which you might want to check out. Dockster is also not new. If you are interested about this, you should pay attention to his blog to stay in the loop. The go-to program for some peace of mind is Malwarebytes Anti-Malware (also made by Reed), which you can use regularly to check your system.

Avoid plugins such as Java and Adobe Flash if you can, acquire software from trusted sources (avoid sites like MacUpdate, Softonic), do some basic research if you are interested in a program, keep your system up to date (make sure that security updates are installed automatically), make sure that Gatekeeper is enabled, don’t open links in emails or open attachments from unknown sources, use an adblocker with a malware blocklist and have a healthy portion of skepticism, especially when programs ask for credentials. There are some other things you can do to increase the security of your system, such as using a standard account for your day-to-day usage.

Thank you very much!
Standard account for every day usage would mean that if something gets in, it is unable to get to the main system that is behind admin account?

 

[KALLT]

Standard account for every day usage would mean that if something gets in, it is unable to get to the main system that is behind admin account?

It is basically another layer of defence. Standard accounts cannot use programs like sudo, cannot change many system and device configurations and cannot install programs into /Applications. When you use a standard account for your regular use, then you can limit the admin account to system configuration and application installation. Many programs can actually be installed in your home directory, you just have to create a directory ‘Applications’ there yourself. Whenever you do need more access, OS X will ask you for your admin account name and its password, making you more aware of the privilege separation. It is almost never required to log into the account.

I must stress though that programs can still compromise your data. Any program you run yourself can do this (unless sandboxed, like Mac App Store applications), so having a standard account will not protect you against such threats.

 

[EwuDahela]

The latter, while a threat - they still need to be installed, executed, ask for the root pass, etc. The architecture of macOS is different at the kernel level and file system level, than say Windows.

Don't call yourself paranoid. cause you're being smart, preventative and cautious. There's a difference.

Human behavior is usually the problem. And I do not mean that people are stupid. Well, they are as well. But for example. It's harder for people of age to distinguish between one email over the other, a popup or a real thing.

Use unique, strong, and long passwords for every account you have. Store this data securely with a respectable app that doesn't share your private keys with others, or on their own service (like 1Password), and backup the best you can.

If your behavior of not clicking on "just click it, you know you want to, i am not a scam" emails is a habit, and not installing "but it says it speeds up my internet!" apps and fall for things that are too good to be true. Together with using the mac app store, licensed software, etc.

Then you're not protected, but you damn sure are a lot better protected than those who do not.

Sorry for troubling, but I can't seem to find answer that if there is some sort of RAT in Mac, will Malwarebytes detect it?

 

[Floris]

I don't have the answer to that. I don't use that software.

 

[thomasareed]

Sorry for troubling, but I can't seem to find answer that if there is some sort of RAT in Mac, will Malwarebytes detect it?

Yes, Malwarebytes Anti-Malware for Mac should be able to detect infection by all known RATs and remove the malware.