Apple Keeps Malware Info from Antivirus Firms: Researcher
Patrick Wardle, about whose discoveries we've written many times on Tom's Guide, last month analyzed a new strain of Mac malware called Windshift. He noticed that Apple had revoked the digital certificate that let the malware install on Macs. That's good.
But when Wardle checked VirusTotal, an online repository of known malware, only two of some 60-odd antivirus malware-detection engines could spot Windshift. None of the malware engines spotted three other Windshift variants. To Wardle, this could only mean one thing: Apple found malware without telling antivirus companies about it. That's bad, because anyone who was already infected might never have found out. In the antivirus world, you're supposed to share such information ASAP to maintain herd immunity.
"Does this mean Apple isn't sharing valuable malware/threat-intel with AV-community, preventing the creation of widespread AV signatures that can protect end-users?!" Wardle asked in his blog posting. "Yes." Windshift seems to target specific individuals in the Middle East as part of a state-sponsored espionage campaign. It was first disclosed by DarkMatter researcher Taha Karim at the Hack in the Box GSEC conference in Singapore last August.