Published on the 13/03/2018 | Written by Jonathan Cotton
Apple users aren’t looking so smug as almost undetectable malware threats to Macs go through the roof…
Though many believe Mac users don’t require antivirus software, that may be about to change as experts say malware exploits targeting Mac operating systems – and including currency miners, backdoor exploits and supply chain attacks – more than double from 2016 to 2017.
Anti-malware software company Malwarebytes says that in the year 2017 alone, Mac threats increased more than 270 percent. New threats identified in the first two months of 2018 indicate a similar pace of malware development.
One of these, the OSX/MaMi malware, was discovered targeting Macs in January.
In a blog post, ex-NSA hacker Patrick Wardle said that the malware isn’t detected by traditional antivirus software and that currently the infection vector is unclear.
“OSX/MaMi isn’t particular advanced, writes Wardle, “but does alter infected systems in rather nasty and persistent ways. By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle’ing traffic (perhaps to steal credentials, or inject ads).”
And those two actions are highly dangerous, says Thomas Reed, director of Mac and mobile at Malwarebytes.
“By redirecting the computer’s DNS lookups to a malicious server, the hackers behind this malware could direct traffic to legitimate sites, such as bank sites, Amazon, and Apple’s iCloud/Apple ID services, to malicious phishing sites,” says Reed.
“The addition of a new certificate could be used to perform a ‘man-in-the-middle’ attack, making these phishing sites appear to be legitimate.”
Another piece of malicious malware – OSX.CreativeUpdate – was discovered to be infecting systems through a ‘supply chain’ attack. The MacUpdate website was hacked, and the download links for some popular Mac apps – including Firefox – were replaced with malicious links. The malware, once installed, used the computer’s CPU to mine a cryptocurrency called Monero (a currency similar to Bitcoin).
“These kinds of supply chain attacks are particularly dangerous, even capable of infecting savvy members of the development and security community,” says Reed.
“These kinds of supply chain attacks are particularly dangerous.”
“Users who downloaded the affected apps from MacUpdate ended up with lookalike malicious apps. These apps would install malware on the system, then open the original app, which was bundled inside the malicious app, to make it appear normal. This helped cover up the fact that something shady was going on.”
While it’s true that Mac systems are, generally speaking, safer than other systems, the apparent adage that ‘Macs don’t get viruses’ isn’t true and never has been. The rise of these threats is another timely reminder that ‘more secure’ certainly does not equal ‘invulnerable’.
“Apple’s macOS includes some good security features that are helpful, but they are easily bypassed by new malware, and they don’t address the adware and PUP problem at all,” Malwarebytes warns.