The number of malware attacks on Apple devices has grown steadily over the past few years, with 2017 registering the highest number ever of malware families designed specifically for Mac OS X. Macs are attractive to hackers who take advantage of the falsely promoted idea that Macs are not susceptible to malware.
Back in 2016, we detected the active development of ransomware for Macs. First there were proof-of-concept attempts such as Gopher and Mabouia, followed almost immediately by commercial ransomware ready for prime time. We’re not talking about innocent pranks or proof-of-concept experiments, here—but Trojans with serious destructive capabilities, adware, potential unwanted apps, and exploit kits targeting Macs and widely available third-party apps.
And don’t let the term “aggressive adware” trick you into downplaying the threat. Most of these grey-area software applications thoroughly profile user activity, log site visits, and sometimes give their creators the ability to install additional software as part of the “promotional offers.” When browsing the Internet, users must be careful downloading applications, because many are bundled with adware that, once installed, can hijack the browser, redirect the search, or install other backdoors into the device.
Innovation is key
There’s been significant innovation in modern Mac malware, and for cyber criminals this is essential to winning the cat-and-mouse game with Apple. For example, some Mac malware variants can easily bypass basic security solutions, making detection almost impossible. This is the case of the FruitFly surveillance malware that had allegedly operated undetected since 2014 and was only identified in January 2017. This sophisticated piece of malware allowed hackers to spy on hundreds of Macs and have full control over the affected devices, including webcams and connectivity to other devices in the network. Although Apple immediately patched the hole, a bunch of variants have emerged in the wild.
Not only FruitFly drew attention. A new Trojan dubbed Proton Remote Access Trojan emerged. The variant spread through a supply chain compromise when a download mirror of the HandBrake app was hijacked. This RAT specialized in stealing passwords stored in OSX KeyChain and the browser.
Predictions for 2018 are not any brighter. Malware and online threats for Macs are expected to evolve faster than ever, and new, novel malware distribution methods like social engineering-based campaigns, phishing emails, and possibly dangerous applications in the Apple store continue to emerge. Potential unwanted programs that are aggressively promoted via advertising campaigns on websites the world over, will extensively target Mac users.
Even the Apple Mac App store has a fair share of malicious applications that manage to fly under the radar, despite the strong scrutiny during approval.
Unfortunately, we’re very far away from finding a silver bullet for perfect Mac security. And Mac OS X defenses, although robust, are not enough to protect devices from the dominant malware families. This is why security experts recommend the installation of a security solution that is certified to detect the stealthiest of Mac malware.