December 6, 2018

Uptick in macOS Malware: Debunking the myth that macOS is impervious to malware

The ubiquity of the Windows platform in both enterprise and personal computing is indisputable. However, with tech industry growth, the trend towards BYOT and the proliferation of OSes in the workplace comes the rise of the Mac.

It is estimated that Macs now account for approximately 1 in every 10 PCs in personal use. Exponential growth in macOS engagement means hackers are increasing their efforts in building malicious inroads into Apple’s flagship operating system. We are beginning to see the same range of Mac malware more commonly found within Windows environments, and their sophistication rattles many a Mac devotee.

Security through minority

Apple has always lauded the exclusivity of its OS, suggesting that it’s the central pillar of its security stronghold. Apple’s macOS, Garden of Eden, is a veritable blackbox, closed off to the external research communities that might otherwise uncover threats to it. Apple is loathe to commit to debug bounty programs that would require lifting the veil on the minutiae of their closed OS. Up until now, Apple’s minority share of the PC market may have shielded it from the full gaze of the cyber criminal; however, this trend appears to be shifting.

Viruses target specific platforms. Their objective is to spread from one machine to another as quickly as possible. Traditionally, hackers directed the vast majority of their efforts at the Windows operating system, as the most popular OS and therefore the most likely vector for virus transmission.

With the upsurge in Apple product popularity, particularly in industry, macOS is now a more accessible and more appealing avenue for attackers.  

Leveraging knowledge gained from Windows—with malware battles won and lost—hackers are actively targeting macOS users with Trojans, adware, potentially unwanted programs (PUPs), and even cryptomining malware and ransomware. With Malwarebytes warning that attacks on the macOS are up 270%, increased adoption of Mac is proving a blessing and a curse for Apple.

Spotting macOS malware in the wild

With the threat landscape shifting under Apple’s feet, it is imperative that Mac users familiarize themselves with the dangers awaiting them. In 2018 alone a veritable buffet of bugs made their way onto macOS.

Windows doesn't have the monopoly on scams; the Apple wants to make changes scam asked users to input their Mac credentials via a harmless-looking pop-up, which opened the door to some nasty malware.

Scareware messages, such as those from the Advanced Mac Cleaner PUP, attempt to frighten users into installing unnecessary and often malicious programs. Due to a freeware installation with this virus, users may not even be aware that their security is compromised. This PUP comes with an Apple-provided developer certificate, which means that macOS will install the associated programs without triggering threat warnings.

Browser hijackers pose another threat to macOS. Hoax search engines fool users into visiting sponsored content and apply unwanted changes to their browser settings to get them there.

Trojan viruses, long the purview of Windows OS, have found their way to Mac platforms. For example, OSX.Calisto harvests information from infected Macs, takes screenshots, and steals passwords and files.

A complex adware program, formerly the blight of the Windows OS, OSX.Pirrit, has a macOS-specific version. More complicated than the previous version, it floods the victim’s browser with ads, and more worryingly, can obtain root access to their operating system. Owing to an artifact mistake however, the perpetrators of this attack were outed as the Israeli advertising company TargetingEdge. It’s sad, but too many others continue their reign of disruption unchecked.

The good fight

By understanding how macOS malware operates and selecting the right malware detection system, businesses can help shore up their defenses.

Sandboxes and dynamic analysis are often the most effective means of detecting and defeating macOS. Sandbox solutions traditionally use virtual machines (VMs) to sniff out malicious content; however, advanced malware can detect VM technology used in conventional sandboxes and use this weakness to avoid detection. Businesses must be careful to select detection tools that provide adequate visibility into macOS while employing deep-content inspection that leaves no artifacts for malware to uncover.

Ignorance is opportunity when it comes to cybersecurity

It’s always best to get out in front of threats by taking our old favorite simple precautions: Avoid links unless you know the sender; use strong passwords with 2-factor authentication; be mindful of the risks of public WiFi; and use Apple’s new privacy protection tools. Yada, yada — you know the drill! Still, it’s worth bearing these reliable defenses in mind.

macOs malware is evolving rapidly, faster than it did on the Windows platform. Contrary to widespread belief, Macs are not now, nor were they ever, immune to viruses. As more and more users engage with macOS, it’s becoming ever more important to discredit the myth of the impervious Mac.

Good news

Apple is cognizant of the advancing threat environment and is taking serious countermeasures. They announced plans to provide cybersecurity insurance opportunities in conjunction with companies such as Cisco, AON, and Allianz. Just this year they rolled out the T2 Security Chip in all Macbooks and iMacs, along with FileVault 2, which provides XTS-AES 128 encryption for all data on your Mac drive.

macOS Mojave released in June 2018 further emphasizes Apple's commitment to cyber safety, bolstering privacy features with an a myriad of measures, such as Intelligent Tracking Prevention System and the requirement to get the user’s approval before accessing the microphone or camera, as well as your messages and mail database, to name a few.

We know now that macOS isn't the fortress we once believed. The truth is that both PCs and Macs are susceptible to attack. So, while there are fewer malicious programs targeting macOS, users must still be prepared for what could come their way, just as PC users have done for many years. It's reassuring to know that Apple is beefing up defenses, but the best defense is a good offense — simply being prepared.