Reports are circulating that the well-known hacker group Hackulous has developed a program they call “Kickback” which can defeat copy protection on Macintosh apps distributed through Apple’s new desktop Mac application store — which opened only yesterday — and which Apple hopes will be as successful as the iPhone/iPad app store.
Additionally, according to Information Week, low grade hackers and software pirates have already discovered that simply copying and pasting the receipt numbers from free applications into paid app will sometimes allow using the apps without paying at all.
And — in related news — AppleInsider reports that as many as 50,000 illegal iTunes accounts that use credit card information stolen from legitimate iTunes are being sold in China, for amounts ranging from pennies to as much as $30 that allow the purchasers to buy as much as $200 worth of product on iTunes using the other people’s credit cards that have been previously hacked or otherwise stolen from Apple. The only restriction on the miscreant buyers is that they complete all transactions within 24 hours — presumably to avoid detection.
It’s long been an item of faith among many Macintosh users and Apple fans that Macs were immune from malware and other exploits — but there’s been plenty of evidence to the contrary, particularly in recent years. The first computers to fall three years running in the white-hat, security expert-sponsored PWN2OWN contest have been Apple Macs and, with growing US marketshare, Macs have been increasingly targeted by the real bad guys.
As with Windows Vista and Windows 7 machines, which adopted similar admin-only installation protections similar to the Mac’s (and which some Windows users intentionally defeat for the sake of convenience, at their own risk), Macs are increasingly targeted by so-called ‘social exploits’ whereby an unsuspecting user is conned into downloading and installing software he thinks he wants but which then turns out to be malware that will likely attempt to steal and transmit sensitive personal data.
They often also attempt to co-opt the user’s computer into a so-called zombie botnet — a secret network of hacked computers that can be used to mount DDOS (Dedicated Denial of Service) attacks like those used by ‘activist’ hackers against PayPal, Bank of America, and others perceived to have been trying to silence or cripple WikiLeaks — or which may be used in brute force hacking attempts against remote systems, generating a barrage of entry attempts from seemingly unrelated computers around the globe until one finally gets ‘lucky.’