Apple's computers have been able to avoid most serious hacking attacks, but that era may be over. As Steve Jobs and his colleagues prepared for this week's developers conference, the company was also taking steps to stop a malware "phishing" program.
The ploy, says technology columnist Rich Jaroslovsky of Bloomberg News, uses an infected website to install a piece of software on Apple computers. The software then pops up a new window, with an urgent message about a security vulnerability.
As Jaroslovsky tells NPR's Renee Montagne, the rogue window includes "a scary-sounding message that tells you that your computer is infected, and that you need software to eradicate the infection — and to please give your credit card number."
While most people would not be gullible enough to do that, enough users fall for the phishing ploy, often called "scareware," that it can pay off for the perpetrators.
Text in the pop-up window refers to a bogus security program, with names like MacDefender, MacProtector, or MacSecurity — all "deeply ironic" names, Jaroslovsky says, for malware meant to steal financial information.
The phishing attack can be seen as an acknowledgment of the growing popularity of Apple's devices, Jaroslovsky says. For years, most malware attacks focused on Windows computers, which have long dominated the market.
"In some ways, it's almost a rite of passage for the Mac" he says, "because it says that it's now mainstream enough so that the bad guys are targeting it."
And because Apple's various devices — from computers to iPhones to iPads — use elements of the same software, it's not yet certain how easily a malware infection might spread.
Apple CEO Steve Jobs is expected to unveil the company's latest operating systems — Lion for Mac computers, and iOS 5 for mobile devices — at the company's Worldwide Developers Conference in San Francisco Monday.
"The kernel of the Mac operating system, the sort of core of it, is also found in Apple mobile devices," Jaroslovsky says. "So, a successful attack on the Mac theoretically could become something that would also affect mobile devices."
Of course, Apple's notoriously tight control of its App Store, which acts as a gateway for software to reach its mobile devices, is one more layer of protection for its customers.
But Jaroslovsky says that the lesson to be learned from the recent malware episode is that "it should be a wakeup call to consumers, to be extra vigilant, not only with their Windows computers, which they already know have issues, but essentially with any device that they use that connects to the Internet."
Copyright 2020 NPR. To see more, visit https://www.npr.org.