User profile for user: tutlek
tutlek Author
User level: Level 1
18 points

How did an infected PDF make it onto my hard drives?

I am one of the "loosers" who strictly uses antivirus software on all of my Macs. I am doing this for over a decade now.


I use Intego Internet Security.


I just opened my Mac running Ventura and when opening mail, Intego detected an infected pdf file that originated in a message in the junk mail folder, I never opened the folder or message to download anything, but Intego located and quarantined the pdf file in a location called:


Macintosh HD>private>var>folders>fy>(than a complicated and very long file name)>T>com.apple.mail>Temporaryitems>etc


I then opened another Mac running Ventura with the same Intego Internet Security and there Intego located during an automated weekly full system scan done this afternoon the infected PDF file with me never even opening the Mail app or looking into the junk folder and not opening any messages there. The infected PDF was located in:


Home>library>Mail>V10>etc


that apparently originated in the same junk mail folder message as the the infected PDF on the first Mac.


My question:


with all the supposed "safety" of Macs, how is it possible that an infected PDF file from a message in the junk mail folder in Mail that I never opened makes it on my hard drives into the above locations.


I removed the junk mail without opening the message. Scanned the hard drives with Intego for viruses and everything seems clean, no viruses are detected any more.


But I am troubled. How did the infected PDF make it onto my hard drives?


What did I do wrong and how can I protect my Macs in the future?


Thanks for any guidance.


[Re-Titled by Moderator]

Posted on Dec 12, 2022 3:11 PM

Reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
56,326 points

Posted on Dec 13, 2022 5:45 AM

tutlek wrote:

Please see discussion below and comment by user Doug Miller re Pegasus on iPhones.
https://talk.tidbits.com/t/mac-and-the-state-of-malware/20569/6

Thanks for posting that link! It's quite informative and funny.


I'm afraid you are suffering from something much worse than malware. You are a misinformation victim. Most of the contributions in that thread are from, or about, certain social media influencers who use technology paranoia to get followers. There's even an actual antivirus vendor thrown in there for good measure. It's an echo-chamber. What do you think these people would tell you? Their social and financial lives depend on you being afraid.


I really enjoyed one recommendation to install an antivirus product from the Mac App Store. Just so you know, the technical limitations that Apple imposes on all apps in the Mac App Store make antivirus products impossible.


It's just like in the movies. You chose the blue pill. 😄

Apple mail downloads attachements automatically and I found guidance how to turn this off in Preferences for Mail. I hope I am safer now when I make an actual choice when and how to open an attachement, rather than for this to occur automatically. I remain kind of surprised that this download option did not come turned off by default.

Because there would be a never-ending stream of people asking where their attachments are. It's bad enough having to deal with the people who come here demanding that their single-page image attachments show up as icons instead of images.


For the record, that setting is in Apple Mail > Settings > Accounts > Account Information > Download Attachments = None


I actually did look for such a setting, but I didn't see it. Been using macOS for 23 years and never noticed that.


I'm afraid that by accepting misinformation as truthful, you are actually more at risk. Your Mac was in its most secure configuration the day you opened the box. Anything you add, and setting you change, is going to reduce your security, not enhance it. Not all software is equal. Antivirus software developers are noteworthy in their ignorance of Apple programming techniques. Supposedly they protect you from "zero-day" threats, yet it can be months or years before they notice changes to the operating system that Apple published with all the power of its formidable marketing engine. The same is true for self-made "internet security researchers". They want you to trust them, not Apple. It's a full-court press to make people lose confidence in Apple security. You know all those "exploits" that you keep hearing about on the internet? Did you know that Apple's largest competitors have entire divisions dedicated to hacking Apple products? It's all in the name of "user safety", of course. 😄


But in fact, it is only Apple that has a true interest in your safety and security. Apple knows which threats are real and which are purely theoretical. Apple too, has ulterior motives. Apple would rather have customers that trust Apple and rely on its own security protections. Such customers are much easier to support. Customer who hack up their systems and install all kinds of 3rd party security modifications are going to have a poor experience and be a lot of trouble to support. It would be better for Apple if these people moved to other platforms where they could be more effectively exploited. Your only option is to decide what customer you want to be.

View in context

Similar questions

20 replies
User profile for user: tutlek
tutlek Author
User level: Level 1
18 points

Dec 13, 2022 6:36 AM in response to tutlek

Being just a simple user I understand very little of what is said here.

https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/


However, automatic downloads of potentially infected files via Mail.app seem to be a problem to me and a potential entry point for malware, IMHO. Especially the download of attachements in a message recognized by the app as junk seems especially troublesome in a system supposedly so safe as the newest macOS. I am now thankful for being aware of this potential problem on my Macs.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,318 points

Dec 13, 2022 8:15 AM in response to tutlek

As long as people choose to live in fear, there will be those intent on exploiting them. As I wrote that's your choice. In fact you're probably quite content with that relationship. Many people are. They "feel" safe, while the specter of fear is constantly dogging them.


I am no expert, as you have likely noticed, but I just do not believe that there is no way to infect an Apple product in this or a similar manner.


Believe as you will. There is no way to infect an Apple product in this or a similar manner. Perhaps you will change those beliefs if you paid to hear what you have already been told from real Mac experts who are only interested in informing non-experts, and are not seeking to exploit their naiveté for personal or financial gain.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,326 points

Dec 15, 2022 5:14 AM in response to tutlek

tutlek wrote:

iPhones and iPads are considered safe for use and even banking because Apple maintains the strictest possible control over their contents.

You are greatly over-estimating the control that Apple has over the App Store. Most of the restrictions are technical and are imposed by the iOS operating system itself. Apple only screens apps for basic functionality, obvious illegal activity, and obvious attempts to cheat Apple itself. It’s all about the money, you know.

This makes third party antivirus programs unnecessary and all here posted comments to my original question apply when it comes to iOS and devices running it.

Every single antivirus vendor, without exception, would disagree with you.

however, macOS is different, isn’t it? Apple does not have such tight control over what ends up on Macs

The Mac App Store is functionally equivalent to the App Store for iPhones and iPads.

and their security is more like a jailbroken iPhone or iPad, is it not?

Jailbreaking is for software piracy. Anyone who tells you otherwise is trying to fool you. And it is exactly this kind of activity by end users on the Mac that drives them to install malware.

I have kids in my household and they do all kinds of things on our Macs. Things I tell them never to do, but they do it anyway, because some friend told them it is “cool” and fun.

Maybe you shouldn’t give your children administrative control over your Macs and/or financial control over your online accounts.

in that circumstance Macs become like jailbroken iPhones, I think, and I need additional protection.

Yes. This is true. But there is an important clarification here. In this situation, the computer needs protection from its users, not from malware. The malware is harmless. It is the user that is malicious. Apple trusts users and gives them the capability to override security protections, on iOS to some extent and much more so on the Mac. Certain users simply aren’t trustworthy. But the vast majority of users are trustworthy and present no threat to themselves or others.

or you feel that macOS has reached the stage where it is as safe as iOS and cannot be “broken” by inexperienced users who do silly things with their devices?

Just so you know, news reports say that governments are soon going to force Apple to remove all of its App Store security protections. I guess politicians have made a lot of investments in the “security industry”. Good luck with that phone. One school of thought says that people who are gullible enough to install 3rd party security products probably need them.

Reply
User profile for user: tutlek
tutlek Author
User level: Level 1
18 points

Dec 14, 2022 11:00 PM in response to John Galt

John, permit me to ask you a question that may sound silly to an expert.


iPhones and iPads are considered safe for use and even banking because Apple maintains the strictest possible control over their contents. This makes third party antivirus programs unnecessary and all here posted comments to my original question apply when it comes to iOS and devices running it.


however, macOS is different, isn’t it? Apple does not have such tight control over what ends up on Macs and their security is more like a jailbroken iPhone or iPad, is it not?


for a user like yourself, knowing what you know, no antivirus will be needed. No one will convince you to download and grant permission to some rouge program from a suspicious source, you do not go to suspicious web sites to download “free” movies that come with malware.


see, I have kids in my household and they do all kinds of things on our Macs. Things I tell them never to do, but they do it anyway, because some friend told them it is “cool” and fun.


in that circumstance Macs become like jailbroken iPhones, I think, and I need additional protection.


or you feel that macOS has reached the stage where it is as safe as iOS and cannot be “broken” by inexperienced users who do silly things with their devices?


your time and responses are deeply appreciated.


thank you.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How did an infected PDF make it onto my hard drives?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up