It was only a matter of time….
Mac users tend to think that they’re safe from malware. At one point, that was nearly the truth. However it wasn’t because of the reason most users would have suspected. You see, it really has nothing to do with the security. Apple’s PC solution just held too small a share of the market for it to be a large target. When you look at actual vulnerabilities, you may be shocked to learn that Mac OS X is actually in the second place of the all-time top 50 products, only recently knocked out of the first place by the open source Linux Kernel. In a world of ever increasing cyber threats, Apple’s Mac has come under fire.
Here are just three recent malware threats which Mac users should be aware of.
Called an “unsophisticated strain of malware”, MacDownloader is being used primarily by an Iranian espionage group. This malware comes to the user disguised as Flash Player or Bitdefender apps, although we all know malware can be disguised as a any legitimate app. Once installed, MacDownloader proceeds to collect information including any login and password information. Most virus scanning software does not recognize this malware.
‘U.S. Allies and Rivals Digest Trump’s Victory – Carnegie Endowment for International Peace.’
The above is title for a Word document which can be sent to anyone. If a user reads the file, they are presented with the typical “disable macros” warning. If they do this, the malware payload is delivered, and simply awaits command from the attacker’s command and control server. Fortunately, or unfortunately, depending upon your point of view, by the time this malware was discovered, the C&C server was already inactive, so it is not know what the actual malware was targeting. This was the first malware found to have used macros based malware against the MacOS, however, this is by no means a sophisticated attack, and we can easily assume there are or will be more attacks of this nature.
This malware is not new, it has been used against both Windows and Linux PC’s however it has now been found to target Apple’s product as well. This is a modular backdoor malware which has been linked to Russian hackers know as APT28. This malware can be used with various modules for various attacks such as stealing system information, obtaining screen grabs, web browser snooping, stealing login and password information, and stealing entire iPhone backups.
We are now seeing a prime example of why securing a product is important. While Apple’s Mac may have had a good run being free of cyber attacks, because there were bigger targets, you can’t simply depend on attackers leaving you alone. You must ensure that when attackers take notice, you are prepared for it. It looks like attackers have taken notice of vulnerabilities within the Mac OS, and Apple has some catching up to do.