A macro view of MAC Malware
MalwareBytes have published a report detailing malware targeting Apple Macs. Tackling the fallacy that Mac users aren’t targeted by malware authors, there are several examples of Mac malware that have appeared in 2018. The headline reported a 270% increase in MAC malware between 2016 and 2017 and has a clear business impact, particularly at companies employing a bring-your-own-device policy. According to MalwareBytes, most Mac users fail to have adequate protection against malware, adware or PUPs, which could leave businesses open to increased, unaccounted risk.
The threat vector often gets overlooked, but as MalwareBytes’ report makes clear, the trend of Mac-targeted malware is increasing. Already in 2018 several malware variants, using a wide range of techniques, have been witnessed. Several threat actors are also apparent, seeming not just trialing their hand in a traditionally under-targeted object.
From Man-in-the-middle attacks, such as the capable OSX.MaMi malware used to phish credentials, to the crude OSX.Coldroot backdoor, that could only affect older versions of macOS, the threat is varied and wide. Additionally, even despite the standard security features, most can be bypassed by the newer malware highlighted by MalwareBytes. In their report, it is clear that not only is the threat viable, but is becoming more substantial.
The actors behind the attacks are as varied as the techniques used. The CrossRAT malware was linked to the resourceful @DarkCaracal group who used the code in a targeted campaign. A group also compromised MacUpdates to carry out a supply chain attack, with the subsequently distributed Monero cryptominer dubbed OSX.CreativeUpdate. A stark difference to the OSX.Coldroot, which was likely either written by amateurs or as a deployment of a proof of concept. CrossRAT and CreativeUpdate demonstrates that there are technical actors already designing specific threats.
The risk to businesses depends on the count and frequency of use of Macs on the corporate estate. As made clear in MalwareBytes’ report, the lack of malware protection when comparing Mac and Windows users is concerning, with businesses potentially open to risks which they have little to no oversight of.