Apple Keeps Malware Info from Antivirus Firms: Researcher

Does Apple conceal crucial information regarding malware attacks from antivirus companies? According to a prominent security researcher, it may be.

Patrick Wardle, whose discoveries we have written extensively about in Tom’s Guide, analyzed a new strain of Mac malware called Windshift last month. Apple had revoked the digital certificate that allowed the malware to install on Macs. That is satisfactory.

However, when Wardle checked VirusTotal, an online database of known malware, only two of some sixty antivirus malware-detection engines were able to detect Windshift. None of the malware engines detected three additional variants of Windshift.

This could only mean one thing to Wardle: Apple discovered malware without informing antivirus companies. This is unfortunate because anyone who was already infected may never have known. In the world of antivirus software, such information should be shared immediately to maintain herd immunity.

“Does this imply that Apple is not sharing valuable malware/threat information with the AV community, thereby preventing the creation of widespread AV signatures that can protect end-users?” Wardle inquired in his blog entry. “Yes.”

As part of a state-sponsored espionage campaign, Windshift seems to target specific individuals in the Middle East. DarkMatter researcher Taha Karim first disclosed it at the Hack in the Box GSEC conference in Singapore last August.

The malware infects Macs via malicious websites in a multistage process, with the final step, as with most Mac malware, consisting of tricking the user into allowing the malware to install.

Windshift presents itself as various Microsoft Office for Mac documents, complete with pretty Office icons, to facilitate this deception. The version described by Karim and initially examined by Wardle pretends to be a PowerPoint presentation named Meeting

Wardle searched for the file on VirusTotal on December 20 and found a match among the millions of malicious software samples uploaded to the website. By examining the sample’s “hash,” or mathematical summary of its code, you can identify the malware.

Only the Kaspersky and ZoneAlarm engines detected the hash when Wardle ran it through VirusTotal’s collection of antivirus malware engines. The rest ignored it, meaning they were unaware of it.

He then searched for similar hashes and discovered three more that appeared as compressed Word files. No antivirus software detected them. (Many more antivirus engines now detect them as a result of Wardle’s blog entry.)

Apple had already revoked the digital signature necessary for the malware to install on Macs with default security settings on December 20. In other words, Apple appeared to have been aware of the malware before the antivirus companies but did not appear to inform them.

This may not seem significant to the average computer user, but it is. Software developers and antivirus companies must be on the same page to effectively protect users from malware. Standard operating procedure dictates that all parties share information as quickly as possible, and Wardle implied that Apple wasn’t playing fair.

The malware-detection issue “highlights that traditional antivirus software struggles with new/APT malware on macOS, as well as Apple’s arrogance,” Wardle told Dan Goodin of Ars Technica. “They have done this before:( It is disheartening, and someone needs to confront them about it.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of