Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

8/24/2017
01:41 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Mac's Biggest Threats Lurk in the Apple App Store

Mac malware is on the rise, especially adware and potentially unwanted programs in the App Store.

Apple Mac devices, while largely considered safer than their Windows and Android counterparts, are vulnerable to a growing number of malicious applications.

More Mac malware was seen in Q2 than the entirety of 2016, report researchers at Malwarebytes, which today published a report on Mac and Android threats. Mac malware families hit an all-time high in 2017, with more appearing this year than any previous year.

"Mac users typically think they're safe, that Macs don't get viruses, and they're being proven increasingly wrong," says Thomas Reed, director of Mac and mobile for Malwarebytes. "The number is much smaller than on Windows, but this is a very concerning trend we're seeing on the Mac," he adds.

Christiaan Beek, lead scientist and principal engineer for McAfee, agrees Mac malware has increased overall but that trends tend to shift as Apple catches and addresses threats.

"With Mac malware, it goes up and down," Beek says. "Apple's really good at catching malicious apps in their stores … if it's discovered, it's quickly discovered and quickly solved."

Beware of the App Store

Threats like ransomware are still rare on Macs, researchers report. The most significant problems are adware and potentially unwanted programs (PUPs), which began to ramp up in 2013 and have been multiplying since. Despite vetting processes and safety settings, the App Store is not immune to malicious applications.

"If you go into the Mac App Store and search for adware and antivirus, most stuff you find will be junk software that doesn't do what it claims to do," says Reed. "The primary goal is to get the user to purchase an app or service they really don't need and doesn't fulfill the promises it makes."

He cites the example of Proton, a remote access Trojan (RAT) targeting macOS in 2016. Proton is a backdoor developed to exfiltrate password data from sources including macOS keychain, 1Password vaults, and browser auto-fill data. Users were hit with the RAT when they downloaded open-source video conversion tool HandBrake.

The emergence of Proton, which affected consumers and experts alike, was a wake-up call for Mac users to be careful about what they download.

PUPs are difficult to handle because "it's like malware with lawyers," says Reed. There are companies behind the malicious apps on the App Store, he explains, and detecting PUPs can lead to complicated legal matters with businesses developing the software.

"Apple has its own built-in antimalware features, but they don't seem to want to poke at PUPs and adware until they really cross the line," he adds. For example, Apple blocked a form of Genio adware when it used a system vuln to download browser extensions on victims' computers.

Who are the Mac attackers?

While the amount of Mac malware is "a drop in the bucket" compared with Windows threats, as Reed says, it's worth taking a closer look at who might be targeting Mac devices and why.

"Honestly, it takes time to write a nice piece of malware for Mac," says Beek, adding that most cybercriminals prioritize mass distribution and quick, fast cash. "Mac is still not their interest," he adds. Mac exploits are also expensive, selling for up to $40K on the Dark Web.

Threat actors who target Macs likely aren't looking for money, he continues, but user data or access. "Mostly what we'd see is a backdoor on the Mac that would try to snoop on you by activating a microphone or keylog strokes, or try to activate a camera."

State-sponsored attackers and governments are looking into Mac exploits and backdoors, says Beek. These actors can afford to develop Mac malware or purchase it online, and they are typically those looking for backdoors to gain access to victims' machines.

Macs are getting more affordable but still pricey, and people who use Macs in the enterprise are more likely to be nation-state targets. Executives, researchers, developers, and system administrators have high levels of access and appeal to actors seeking corporate data.

Beek anticipates we'll see a slight increase in Mac malware in 2018 as Apple continues to improve its security and attackers explore ways to work around it. Reed also expects an increase, particularly with respect to the amount of PUPs populating the App Store.

"Attackers are starting to realize Macs are not invulnerable - they are attackable," says Reed. "So they're trying new things."

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7751
PUBLISHED: 2020-10-26
This affects all versions of package pathval.
CVE-2020-27678
PUBLISHED: 2020-10-26
An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.
CVE-2020-27388
PUBLISHED: 2020-10-23
Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.