Jump Links

Main Navigation

Thunderstrike 2 malware seen attacking Macs

Back Posted on 05 Aug 2015

Thunderstrike 2, a Worm that infects Macs, has been seen in the wild.

Yesterday The Guardian reported Thunderstrike 2, a Worm that infects Macs, has been seen in the wild.

This is interesting because it hammers home the fact that despite common belief, Macs are not immune to viruses, worms or malware.

At the end of the day Macs are still computers running software. Hell even cars can be hacked.

Could I be infected

There are two potential attack vectors that could infect your Mac:

  1. The first scenario - unlikely:

    Either the manufacturer would have to install the bootkit or an attacker would have to take your Macbook apart and physically install it into the hardware him or herself.

  2. The second - more viable:

    Infection through the Thunderbolt connection. In fact, we have a term for this kind of attack: they're called evil maid attacks, or state-sponsored attacks where laptops are confiscated and examined in airports or border crossings. The same method could be applied any time you are away from your machine.

In short your Mac is only susceptible to Thunderstrike if someone takes it apart or sticks a Thunderbolt connection into it and installs malicious firmware on your Mac from a peripheral device.

The Kaspersky Thunderbolt 2 blog post is easy reading as it contains useful metaphors throughout, comparing Thunderstrike to Ebola (which is very unlikely to be contracted but terminal in many cases) and other strains of malware to the Common Cold (which easy to catch but generally easy to recover from).

Can Thunderstrike 2 be removed?

Not by software since it controls the signing keys and update routines. Reinstallation of OS X won't remove it. Replacing the hard drive won't remove it since there is nothing stored on the drive.

Source: Kaspersky https://blog.kaspersky.com/thunderstrike-mac-osx-bootkit/

Conclusion

This is not a Mac vs PC debate it is simply about knowing your tools, understanding the risks and using them appropriately - something that is particularly important for business users.  

What would you do if your computer failed?  Can you work effectively without it or be sure you can recover quickly?

Further Reading

Read the full Two Mac viruses strike at the heart of the platform's secure image article over on The Guardian.