Apple macOS malware soared 270% in 2017

Four new malware threats have been uncovered in the first two months of 2018

Mac malware increased by 270% in 2017, compared to 2016, a report by MalwareBytes has revealed, with four new major Mac vulnerabilities uncovered in the first two months of 2018.

Many of these security threats have been uncovered by Mac users rather than security researchers themselves. For example, the company revealed that the OSX.MaMi virus - the first of the year - was found by a Mac user on the company's forums who reported their DNS settings had been changed without their knowledge and the victim was blocked from changing them back.

Advertisement - Article continues below

The security firm explained that its own investigation it had concluded the OSX.MaMi malware was changing the settings to direct traffic intended for legitimate sites, such as online banking, Amazon, and iCloud, towards phishing sites and added a trusted root certificate in the keychain to run man in the middle attacks.

Following the discovery of the Dark Caracal malware, security firm Lookout found that it was able to offer remote backdoor access to Macs. The Java-based malware, which is suspected to have been state-sponsored, used a cross-platform RAT (remote access tool) which allowed hackers to use a backdoor to gain access to the infected machines.

"Although Macs no longer come with Java preinstalled, and haven't for years, it's important to keep in mind that nation-state malware is often crafted and used with some knowledge of the target(s) in mind," said Thomas Reed, Director of Mac & Mobile at MalwareBytes, in a blog post. "The targets intended to be infected with this malware may have had reason to install Java, or it may have been installed via physical (or some other) access by a hacker targeting specific individuals."

The third malware to debut this year - OSX.CreativeUpdate - was released via hacked website MacUpdate, which distributes software such as Firefox. The links to apps were replaced with malicious links, although the downloads bundled malware with the actual apps. Users installed the software thinking all was well, when in fact, malware was being downloaded on their machine in the background.

Advertisement - Article continues below
Advertisement - Article continues below

"These kinds of supply chain attacks are particularly dangerous, even capable of infecting savvy members of the development and security community, as was documented by Panic," said Reed.

The most recent discovery - OSX.Coldroot - is a generic backdoor attack that doesn't work on devices running the most recent El Capitan installation, however, older systems are still vulnerable. 

"Apple's macOS includes some good security features that are helpful, but they are easily bypassed by new malware, and they don't address the adware and PUP problem at all. macOS cannot be considered bulletproof," Reed finished.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020