Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

12/30/2019
07:00 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Mac Malware Breaks Into Top 5 Threats of 2019 – Malwarebytes Labs

Of the top 25 detections across all platforms, six were Mac threats, the researchers discovered.

Malwarebytes Labs has been checking its year-end lists to see what's been naughty and nice and there were a few surprises in it. They foundwhat they called a “startling upward trend” in the detection of Mac threats.

For the first time ever, Mac malware broke into the top five most-detected threats in the world.

What ML did is to look at the top detections across all platforms: Windows PCs, Macs and Android. They found that, "Of the top 25 detections, six of them were Mac threats. Overall, Mac threats accounted for more than 16 percent of total detections."

This may not sound impressive. Indeed, it may seem to be in line with the lower number of Macs that are in use. However, ML says that its Mac user base is about one twelfth the size of their Windows user base; which means that the 16% figure becomes fairly significant when compared to the overall sample's size.

They go on to say that the most interesting statistic that emerged from their data was how many Mac detections they saw per machine in 2019. On Windows, they saw 4.2 detections per device over the year. The Mac users, on the other hand, saw a yearly rate of 9.8 detections per device -- more than double the amount of detections when compared to Windows users.

Refreshingly, ML considered whether or not there was an inherent bias in these numbers. They wondered if the Macs that were represented by the data could have been machines that already had some kind of suspected infection, which is why Malwarebytes was installed in the first place. They realize that Mac users tend not to think that antivirus software of any kind is needed for their machines.

This leads the researchers to believe that "the overall threat detection rate for all Macs (and not just those with Malwarebytes installed) is likely not as high as this data sample."

But the detection ranked as the second-highest of 2019 is a Mac adware family known as NewTab. ML found it at around 4% of the overall detections across all platforms. NewTab is adware that uses browser extensions as a tool to modify the content of web pages. NewTab has been found to pose as an app, such as a flight tracker, maps/navigation, email access or tax form.

At 3% of the total detections there is fifth-placed PUP.PCVARK. These are a variety of potentially unwanted programs (PUPs), most of them clones of Advanced MacKeeper.

Standard "full-scope" malware does exist for the Mac but it tends to be more targeted or otherwise limited in effect. This year, both the Mokes and Wirenet malware targeted Mac users through a Firefox vulnerability. But it was only users at certain cryptocurrency companies that were targeted.

The upshot of this research is that Mac users should not be lulled into a false sense of invincibility against malware.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20828
PUBLISHED: 2021-09-17
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20790
PUBLISHED: 2021-09-17
Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.
CVE-2021-20791
PUBLISHED: 2021-09-17
Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via unspecified vectors.
CVE-2021-20825
PUBLISHED: 2021-09-17
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 series) Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2020-21602
PUBLISHED: 2021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.