A second Russian security firm has confirmed that 600,000 Apple Macs have been infected with Java-exploiting malware, an indication that cyber-criminals are turning their attention toward stealing personal data from Mac users.
Kaspersky Lab said Monday that its analysis of a massive botnet distributing the Flashback malware found that more than 98 percent of the infected systems were running a version of Mac OS X, which is only available on Apple-made computers. Kaspersky found more than 600,000 computers had been compromised.
The company confirmed what another Russian-based security vendor called Dr. Web reported last week. Dr. Web found roughly the same number of infected Macs in the Flashback botnet that was growing mostly in the United States and Canada.
Security experts have warned for some time that Macs are not any more secure than Windows PCs. While many Mac users believe they are safer against malware, the reality is cyber-criminals have chosen in the past to go after the far larger number of Windows PCs.
However, Apple market share gains over the last few years have changed the dynamics. Kaspersky estimates there are more than 100 million Mac OS X users globally. "We expect future threats to arise," Costin Raiu, director of global research and analysis for the company, said in a statement.
Experts have criticized Apple for doing its customers a disservice by not being more open about Mac vulnerabilities and for being slow in distributing patches, particularly for Java. Oracle, which owns Java, released a fix for the Flashback-exploited vulnerability almost two months before Apple.
A Mac without the latest Java update can be compromised while visiting a malicious Web site or one that contains a poison link secretly installed by a criminal. Clicking on a malicious link can run code through Apple Safari and Mozilla Firefox browsers without the user knowing. Flashback is designed to steal passwords to online banking and other Web sites, experts say.
From 60 percent to 80 percent of computers are running older versions of Java, according to security vendor Rapid7. That's because users are notoriously slow in updating the platform for running applications.