Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

8/24/2017
01:41 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Mac's Biggest Threats Lurk in the Apple App Store

Mac malware is on the rise, especially adware and potentially unwanted programs in the App Store.

Apple Mac devices, while largely considered safer than their Windows and Android counterparts, are vulnerable to a growing number of malicious applications.

More Mac malware was seen in Q2 than the entirety of 2016, report researchers at Malwarebytes, which today published a report on Mac and Android threats. Mac malware families hit an all-time high in 2017, with more appearing this year than any previous year.

"Mac users typically think they're safe, that Macs don't get viruses, and they're being proven increasingly wrong," says Thomas Reed, director of Mac and mobile for Malwarebytes. "The number is much smaller than on Windows, but this is a very concerning trend we're seeing on the Mac," he adds.

Christiaan Beek, lead scientist and principal engineer for McAfee, agrees Mac malware has increased overall but that trends tend to shift as Apple catches and addresses threats.

"With Mac malware, it goes up and down," Beek says. "Apple's really good at catching malicious apps in their stores … if it's discovered, it's quickly discovered and quickly solved."

Beware of the App Store

Threats like ransomware are still rare on Macs, researchers report. The most significant problems are adware and potentially unwanted programs (PUPs), which began to ramp up in 2013 and have been multiplying since. Despite vetting processes and safety settings, the App Store is not immune to malicious applications.

"If you go into the Mac App Store and search for adware and antivirus, most stuff you find will be junk software that doesn't do what it claims to do," says Reed. "The primary goal is to get the user to purchase an app or service they really don't need and doesn't fulfill the promises it makes."

He cites the example of Proton, a remote access Trojan (RAT) targeting macOS in 2016. Proton is a backdoor developed to exfiltrate password data from sources including macOS keychain, 1Password vaults, and browser auto-fill data. Users were hit with the RAT when they downloaded open-source video conversion tool HandBrake.

The emergence of Proton, which affected consumers and experts alike, was a wake-up call for Mac users to be careful about what they download.

PUPs are difficult to handle because "it's like malware with lawyers," says Reed. There are companies behind the malicious apps on the App Store, he explains, and detecting PUPs can lead to complicated legal matters with businesses developing the software.

"Apple has its own built-in antimalware features, but they don't seem to want to poke at PUPs and adware until they really cross the line," he adds. For example, Apple blocked a form of Genio adware when it used a system vuln to download browser extensions on victims' computers.

Who are the Mac attackers?

While the amount of Mac malware is "a drop in the bucket" compared with Windows threats, as Reed says, it's worth taking a closer look at who might be targeting Mac devices and why.

"Honestly, it takes time to write a nice piece of malware for Mac," says Beek, adding that most cybercriminals prioritize mass distribution and quick, fast cash. "Mac is still not their interest," he adds. Mac exploits are also expensive, selling for up to $40K on the Dark Web.

Threat actors who target Macs likely aren't looking for money, he continues, but user data or access. "Mostly what we'd see is a backdoor on the Mac that would try to snoop on you by activating a microphone or keylog strokes, or try to activate a camera."

State-sponsored attackers and governments are looking into Mac exploits and backdoors, says Beek. These actors can afford to develop Mac malware or purchase it online, and they are typically those looking for backdoors to gain access to victims' machines.

Macs are getting more affordable but still pricey, and people who use Macs in the enterprise are more likely to be nation-state targets. Executives, researchers, developers, and system administrators have high levels of access and appeal to actors seeking corporate data.

Beek anticipates we'll see a slight increase in Mac malware in 2018 as Apple continues to improve its security and attackers explore ways to work around it. Reed also expects an increase, particularly with respect to the amount of PUPs populating the App Store.

"Attackers are starting to realize Macs are not invulnerable - they are attackable," says Reed. "So they're trying new things."

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.
CVE-2020-7222
PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...