Yet more Mac security FUD has been reported as fact, with a security researcher touting that a group of Russian hackers have been offering 43-cents per Mac as a reward to hackers subverting security on the platform.
It’s a FUD report, of course, as it fails to note that the general rate for Windows hacking is 50-55-cents, and fails to note that the website offering the bonus has since shut down, due to lack of interest.
As reported by Greg Keizer at Computerworld and repeated through numerous publications – including at least one which really should know better – it has been claimed that Russian hackers are targeting the Mac.
Naturally, all the usual suspects are involved in the info chain who bought us this ‘story’: Graham Cluley of Sophos quotes another researcher, Paul Ducklin, who himself points to a presentation given last week by Dmitry Samosseiko, himself a Russian-born researcher for – wait for it – Sophos.
CNN has the best rebuttal of the story. It takes a look at the six-page security research document and points out that the reference to Mac security occupies precisely one paragraph.
"Mac users are not immune to the scareware threat. In fact, there are ‘codec-partnerka’ dedicated to the sale and promotion of fake Mac software. One of the recent examples is Mac-codec.com. At the time of writing this article, the site is no longer available, but just a few months ago it was offering $0.43 for each install and offered various promo materials in the form of MacOS ‘video players’."
With security researchers seemingly determined to slam Mac security (potentially because they’d be out of a job if everyone switched to the platform) CNN notes that actual instances of Mac targeting groups are extremely rare. The report also points out that the site at the centre of the story has now shut down.
Once again these security warnings are pure FUD. Widely reported as fact. Doubt we’ll see a retraction by any of the publications who blindly carried the story.
Of course, we’re not saying Mac users can afford to be complacent. You can’t. It’s wise to be wary of downloaded files from sources you don’t recognise, it’s wise to be wary of opening links purporting to be from big names such as Amazon or PayPal, in case they are spoof phishing attacks.
Basically, common sense prevails, one must keep an eye on what is going on – but come on, it’s time to separate the FACT from the FUD.