makey

Q: A Recent Mac Virus Warning!

I received a warning from my anti-virus (Sophos) that there is a 'backdoor' virus where video cams can be attacked without the owner knowing.  The internal Mac microphone and video camera are mentioned.

 

Has anyone heard about it and, if true, what should I do about it?

Posted on Oct 11, 2016 7:52 AM

Close

Q: A Recent Mac Virus Warning!

  • All replies
  • Helpful answers

Previous Page 2
  • by WZZZ,

    WZZZ WZZZ Oct 14, 2016 8:44 AM in response to JimmyCMPIT
    Level 6 (13,112 points)
    Mac OS X
    Oct 14, 2016 8:44 AM in response to JimmyCMPIT

    Also, in no way did I ever state there are no malware or adware attacks that affect mac, there are, but the numbers are clearly no where near the variants for windows and while a mac virus could appear in the wild at any time, none have been discovered by any securities lab and no Mac AV has ever faced a real one yet.

    Sure no viruses in the wild for OS X. These various programs unfortunately misleadingly named "Anti-Virus," when they should refer to malware in general. That said, very few OS X trojans right now in the wild. No A-V or anti-malware will completely protect. especially with new, uncataloged threats. Worst problem with any of them, whether or not they disrupt the system or screw things up from a proxy, or work well, like Sophos Home or Home edition, is that they may lead some users to become complacent or promiscuous in their browsing and download habits. Best protection is being careful about what is allowed into ones computer. For me, Sophos is just another tool, sometimes of value, sometimes of only marginal value.

     

    There is Malwarebytes Anti-Malware for Mac, which will almost always remove any adware or known malware once it's installed, but Sophos, at least for adware and PUPs (potentially unwanted programs) will flag the installer before it can do anything, provided, as I already said, it's known to Sophos.

    BTW I was recently asked by the corporation I coordinate with to investigate an issue that caused a department of Mac users running OS 10.9.5 in an active directory environment to perpetually disconnect from their network.

    The problem was traced back local installs of Sophos AV in all events.

    Apples/Oranges. Different Sophos I presume, totally different environment. Have never seen any disconnects from my LAN with Sophos running.

  • by WZZZ,

    WZZZ WZZZ Oct 14, 2016 9:05 AM in response to makey
    Level 6 (13,112 points)
    Mac OS X
    Oct 14, 2016 9:05 AM in response to makey

    From my 10.8.5, this is what you should be seeing. Not sure why you aren't. Try restarting. If that doesn't help, then restart and hold Shift down at the chime to bring you to a safe boot. Leave it like that a minute or two, then restart normally.

     

    Next thing to try: in your user (home folder) Library>Preferences, find com.apple.systempreferences.plist and move it to the Trash (right click>Move to Trash.) DON'T empty. You may now need to restore some of your settings. If that doesn't show it, then go to the Trash, and right-click Put Back (File>Put Back), which will bring the trashed one back to its original location, and replace the newer one.

     

    Screen Shot 2016-10-14 at 11.24.11 AM.png

  • by thomas_r.,

    thomas_r. thomas_r. Oct 14, 2016 11:01 AM in response to makey
    Level 7 (30,944 points)
    Mac OS X
    Oct 14, 2016 11:01 AM in response to makey

    Was this a newsletter from Sophos, or an alert popping up in the Sophos app on your system?

     

    If the former, they're probably referring to a theoretical new attack documented by Patrick Wardle, where malware could legitimately access the webcam while another app is also doing so. There's no actual malware doing this right now, so it's still just theoretical.

     

    If that concerns you, Patrick has a tool to help warn you about access to the webcam and microphone:

     

    https://objective-see.com/products/oversight.html

     

    I'm running that here myself.

     

    If the latter... well, I'd have some questions about that.

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Oct 14, 2016 12:31 PM in response to makey
    Level 6 (8,462 points)
    Mac OS X
    Oct 14, 2016 12:31 PM in response to makey

    what model mac?

  • by Ken Kline,

    Ken Kline Ken Kline Oct 14, 2016 4:47 PM in response to JimmyCMPIT
    Level 1 (12 points)
    Mac OS X
    Oct 14, 2016 4:47 PM in response to JimmyCMPIT

    As not much of a techie, I am just going by my own experience. I just like to know that I have a quality Malware protection software on my iMac, to each their own on whose software to run. So far, my iMac running Mountain Lion is working without issues. So I shall continue to use Sophos + AntiMalware Bytes, I won't leave my iMac without protection.

  • by makey,

    makey makey Oct 15, 2016 8:12 AM in response to JimmyCMPIT
    Level 1 (9 points)
    Desktops
    Oct 15, 2016 8:12 AM in response to JimmyCMPIT

    It's a 27" desktop iMac running on OSX 10.8.5 (Mountain Lion) purchased in March 2013.

  • by makey,

    makey makey Oct 15, 2016 8:20 AM in response to thomas_r.
    Level 1 (9 points)
    Desktops
    Oct 15, 2016 8:20 AM in response to thomas_r.

    Thank you for your input.  Unfortunately the 'oversight' requires OSX 10.10 or higher (I'm on 10.8.5) so I can't run it.

  • by makey,

    makey makey Oct 15, 2016 8:23 AM in response to thomas_r.
    Level 1 (9 points)
    Desktops
    Oct 15, 2016 8:23 AM in response to thomas_r.

    It was one of their regular newsletter emails.

  • by thomas_r.,

    thomas_r. thomas_r. Oct 16, 2016 5:03 AM in response to makey
    Level 7 (30,944 points)
    Mac OS X
    Oct 16, 2016 5:03 AM in response to makey

    makey wrote:

     

    It was one of their regular newsletter emails.

     

    In that case, you don't need to be too concerned at the moment. Although it could happen in the future, there's currently no malware taking advantage of this technique to access your Mac's camera.

     

    I would note, though, that Mac OS X 10.9 and earlier all have known vulnerabilities that haven't been patched, as those systems are no longer supported by Apple. Although, again, there's no known malware at this time using those vulnerabilities to get installed on older systems, it could happen. I don't really recommend using a system older than 10.10.5.

     

    Thus, use of 10.8 is far more grounds for worry than a theoretical attack that would rely on getting malware onto your computer in the first place.

  • by makey,

    makey makey Oct 16, 2016 8:31 AM in response to thomas_r.
    Level 1 (9 points)
    Desktops
    Oct 16, 2016 8:31 AM in response to thomas_r.

    Thank you for your advice.  My concern about updating is because I use iMovie HD 6.0.4 and this is what I love working with (I do not like the later versions of iMovie). Also I use other older versions of software programs which I'm concerned will not be compatible with the latest OSX.

  • by makey,

    makey makey Oct 16, 2016 10:57 AM in response to WZZZ
    Level 1 (9 points)
    Desktops
    Oct 16, 2016 10:57 AM in response to WZZZ

    I've done everything you suggest, all procedures, but I just can't get the Line in option.  Out of interest, what is the Line in port? - where does it get the audio from?

  • by WZZZ,

    WZZZ WZZZ Oct 16, 2016 12:57 PM in response to makey
    Level 6 (13,112 points)
    Mac OS X
    Oct 16, 2016 12:57 PM in response to makey

    Go to  in the menubar>About this Mac>More Info>System Report>Hardware>Audio

     

    What do you see for Built-in Input?

     

    Screen Shot 2016-10-16 at 3.52.19 PM.png

  • by makey,

    makey makey Oct 17, 2016 6:32 AM in response to WZZZ
    Level 1 (9 points)
    Desktops
    Oct 17, 2016 6:32 AM in response to WZZZ

    This is what I've got:-

    Audio Input RED.jpg

  • by WZZZ,

    WZZZ WZZZ Oct 17, 2016 6:44 AM in response to makey
    Level 6 (13,112 points)
    Mac OS X
    Oct 17, 2016 6:44 AM in response to makey

    You should do a search for "27" 2013 iMac no line in," (here's one for example, http://sound.stackexchange.com/questions/22358/line-in-recording-w-2012-imac-pos sible) but from what I'm seeing, and I'm not 100% sure of this, it looks like there is no digital audio in for that model. People seem to be using various USB devices for that.

  • by makey,

    makey makey Oct 18, 2016 4:16 AM in response to WZZZ
    Level 1 (9 points)
    Desktops
    Oct 18, 2016 4:16 AM in response to WZZZ

    Looking at your link it does seem that my model iMac doesn't have a 'line-in' facility.  I then remembered that I had a USB microphone which I've tried out and it does the job perfectly (even better than the internal mic) so I'll just use that.

    Audio my answer.jpg

    Thank you for all your help.

Previous Page 2