Apple Adds iWorm to Xprotect Malware Definition List for OS X

Apple pushed an update to its Xprotect malware list for the Mac that includes the Mac.BackDoor.iWorm malware over the weekend. Xprotect watches for telltale signatures from known malware threats and attempts to stop them from invading your computer.

Apple pushes Xprotect update to Macs for iWorm malware threatApple pushes Xprotect update to Macs for iWorm malware threat

The iWorm threat installs through a Trojan horse masquerading as an installer for other apps. Mac owners that have fallen victim to iWorm picked up the malware through installers for pirated apps such as Adobe Photoshop.

Once installed, iWorm looks to Reddit for posts that include server addresses it can link to for instructions on what nasty activities it should undertake. Reddit has shut down the forum iWorm checked, but that doesn't mean hackers won't be able to find an alternate method for delivering server locations.

It looks like Apple's updated definitions list can identify two iWorm variants.

Xprotect definitions are updated automatically, and your Mac checks daily to see if updates are available. Should Apple find more variants, those will show up in Xprotect's list automatically as long as you have an active Internet connection.