It hid in computers for a few days before locking them down and demanding payment, and despite Apple and Transmission Project — the BitTorrent client that was used to spread it — taking every effort to contain and render it useless, reports still suggest the ransomware named KeRanger is out there.
It's safe to assume the Mac isn't the impenetrable fortress it was considered. In fact, the very first instance of malware plaguing an Apple computer predates the iconic Macintosh computer: It infected the Apple II in 1982. It was called Elk Cloner, and fortunately, it was mostly harmless and would only display a poem after every 50th reboot. It was created by 15-year-old high school student Rich Skrenta, who went on to create the search engine blekko.
The 1980s also saw the rise of nVIR (1987), which Symantec considers one of the most prolific Mac viruses. Spreading via floppy disks, the malware, once its source code was made available, began wreaking havoc, prompting the rise of the first antivirus for Macs.
In 1990, Garfield — not to be confused with the lasagna-eating Monday-hating cat — began infecting computers in universities in and around upstate New York. Better known as MDEF, it didn't do much damage, but was capable of spreading fast and also caused a few crashes along the way.
With the 1980s winding down and the 1990s rolling in, HyperCard viruses began crawling out of the woodwork. While HyperCard allowed users to create cards and link them through buttons, it was also easy for programmers to get them to do their bidding. While the first HyperCard virus simply proclaimed its love for presidential candidate Michael Dukakis, others like TwoTunes would get Macs to play German folk songs or ask what users were doing and tell them not to panic in large friendly letters.
Discovered in 1995, Concept spread across Macs (and PCs) thanks to Microsoft, who according to an article by Graham Cluely for Naked Security by Sophos, accidentally shipped infected CD-ROMs. While once again Concept wasn't designed to cause harm, being a Macro virus it set the precedent for many others.
It was in 1998 that the first Mac worm was discovered: It had managed to travel halfway across the world. Sightings of Autostart-9805 were first reported in Hong Kong and set the desktop publishing sector on fire. It would replicate itself, travelling from one drive to another, easily spreading via removable storage. The same year also saw SevenDust or 666, which admittedly was much worse — it would simply delete all the files in a hard drive and leave behind a single folder titled "666".
As the 21st century dawned, Apple ditched their old OS for their UNIX-based operating system. While this meant all the malware, viruses and worms written so far became obsolete, it still didn't stop programmers from writing new ones, and it wasn't until 2006 that the first worm for the OSX was discovered. It had a bunch of ridiculous names, but Leap.A (or Oompa-Loompa or OSX/Oomp-A) showed how vulnerable Macs still were. Having infected a computer, the worm would sift through the user's iChat buddy list and send itself as an innocuous zip file. Inside would be a JPEG file, and clicking on it would help spread Leap.A.
All this while, Macs were considered safer largely due to the fact that only a fraction of computer users were using them. But, as Apple began to trend, the number of attacks on Macs rose. Scareware like MacSweeper (2008) and Immunizator (2008) led users to believe their systems were infected and would insist that installing their proprietary software was the only solution. A Trojan called RSPlug (2007) got Mac users to download a codec to watch videos and changed DNS settings and redirected users to phishing websites. AppleScript.THT (2008) disabled security software, stole passwords and even used the built-in webcam to click pictures of the user.
The Pinhead Trojan of 2010 disguised itself as iPhoto and gave hackers remote access to Macs. OSX/iWorkS-A (2009) and Wirelurker (2014) spread via pirated copies of iWorks and Mac apps, respectively. While iWorkS-A botnetted the infected computer, Wirelurker would spread to the user's iPhone via USB and download and install third-party applications with the intention of stealing information.
In 2015, computer security researcher Pedro Vilaça discovered a major security flaw in Macs, which he explained in detail in his blog. Every computer has a Basic Input/Output System (BIOS), which is programmed to run the keyboard, the display and the hard drive. While the BIOS — the first software that runs when a computer is started — is something that needs to be guarded like Fort Knox, waking a computer from sleep for some reason allowed direct access to the BIOS. While this was patched in the OS X 10.10.2 update, it still shows it's pretty easy to compromise a Mac.
This brings us to 2016; the year is still young and maybe saying no to the antivirus the guy at the Apple store recommends doesn't seem like a good idea.