Apple macOS malware soared 270% in 2017

Four new malware threats have been uncovered in the first two months of 2018

Mac malware increased by 270% in 2017, compared to 2016, a report by MalwareBytes has revealed, with four new major Mac vulnerabilities uncovered in the first two months of 2018.

Many of these security threats have been uncovered by Mac users rather than security researchers themselves. For example, the company revealed that the OSX.MaMi virus - the first of the year - was found by a Mac user on the company's forums who reported their DNS settings had been changed without their knowledge and the victim was blocked from changing them back.

The security firm explained that its own investigation it had concluded the OSX.MaMi malware was changing the settings to direct traffic intended for legitimate sites, such as online banking, Amazon, and iCloud, towards phishing sites and added a trusted root certificate in the keychain to run man in the middle attacks.

Following the discovery of the Dark Caracal malware, security firm Lookout found that it was able to offer remote backdoor access to Macs. The Java-based malware, which is suspected to have been state-sponsored, used a cross-platform RAT (remote access tool) which allowed hackers to use a backdoor to gain access to the infected machines.

Advertisement - Article continues below

"Although Macs no longer come with Java preinstalled, and haven't for years, it's important to keep in mind that nation-state malware is often crafted and used with some knowledge of the target(s) in mind," said Thomas Reed, Director of Mac & Mobile at MalwareBytes, in a blog post. "The targets intended to be infected with this malware may have had reason to install Java, or it may have been installed via physical (or some other) access by a hacker targeting specific individuals."

The third malware to debut this year - OSX.CreativeUpdate - was released via hacked website MacUpdate, which distributes software such as Firefox. The links to apps were replaced with malicious links, although the downloads bundled malware with the actual apps. Users installed the software thinking all was well, when in fact, malware was being downloaded on their machine in the background.

"These kinds of supply chain attacks are particularly dangerous, even capable of infecting savvy members of the development and security community, as was documented by Panic," said Reed.

The most recent discovery - OSX.Coldroot - is a generic backdoor attack that doesn't work on devices running the most recent El Capitan installation, however, older systems are still vulnerable. 

"Apple's macOS includes some good security features that are helpful, but they are easily bypassed by new malware, and they don't address the adware and PUP problem at all. macOS cannot be considered bulletproof," Reed finished.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Five signs that it’s time to retire IT kit

29 Nov 2019

Why 5G could be a cyber security nightmare

6 Dec 2019