Thunderstrike 2 Is The First Ever Mac Security Worm

Author Photo
Aug 4, 2015

In an interesting yet scary development, a group of researchers were able to develop the first ever firmware worm that can infect Macs, bypassing Apple’s strict security measures altogether, while also wreaking havoc in the process.

The new worm, dubbed as Thunderstrike 2, named after the original Thunderstrike virus, is basically a firmware worm which can casually be delivered by an ill-intentioned individual using a phishing email, or can penetrate a Mac using a USB thumb drive or an Ethernet adapter. Once injected, the worm goes after the infected Mac’s option ROM – or the option ROM of peripherals – and lives there, so even if the computer is not on a network, it can be infected with ease.

But that’s not the worst part about the worm; things get serious when you realize that you can’t remove it at all, and the only way out of the havoc is by re-flashing the firmware chip from scratch, so basically for the average Joe, it’s a throw-your-Mac-away-right-now kind of situation. And since it’s a worm, therefore it can’t be detected by any sort of software either. Hence, once installed and thoroughly deployed on a Mac, it’s completely covert and works its black magic behind the scenes.

The original Thunderstrike worm was patched by Apple over six months back, and it’s highly likely that the company will take swift action to patch Thunderstrike 2 as well in a future update. And it’s also worth mentioning at this point that Thunderstrike 2 is a proof-of-concept, built to reveal that such a technique can be used out in the wild to phish out data which you believe is securely sitting behind Apple’s secure walled garden.

Apple takes huge pride in the fact that the Mac is highly invulnerable to viruses and malware, but with recent advancements in hacking and exploiting techniques, tables have turned drastically, putting Apple’s bold claims in terms of security behind the curtains. And this isn’t the first time either that such a horrifying hack has surfaced out in wild, with many techniques already lurking around, with some being used by governments the world over to access sensitive data without the user’s knowledge.

There are many useful measures which users can take to prevent themselves from being targeted by such evil entities. For starters, never ever accept a USB drive or any external peripheral that comes from a rather shady source. Double checking its source is a good practice, and verifying its contents beforehand before you make the leap of plugging it in to your Mac. Lastly, don’t leave your Mac unattended in a location which you know can prove to be otherwise harmful.