Apple devices are often preferred for their tighter security than devices from its biggest competitors, Samsung and Windows. However, recently discovered malicious tools show why it’s unwise to rely solely on a vendor’s reputation when it comes to your digital security.
According to Patrick Waddle, a Mac-oriented security researcher, eight new malware threats were discovered affecting Mac devices last year alone. Over the previous 6 years, Patrick has been cataloging malware samples affecting macOS systems and their infection vectors, persistence mechanisms, features & goals.
His findings may indicate a rising interest in developing new malware or rewriting Windows malware to infect Mac systems, particularly with Mac adoption surging alongside remote work adoption.
LIFARS Remote Worker Cyber Resilience Service – Gap Analysis testing as well as remediation guidance for your remote work cyber infrastructure. Protecting remote workers from cyber attacks
Along with samples of the actual malware and in-depth explainers, it’s an excellent resource for cybersecurity experts or even just the Mac-using public to understand the cybersecurity threats and risks they are exposed to.
Here is a basic timeline of his findings for the year 2021:
- ElectroRAT (January): A cross-platform RAT (remote access trojan) aimed at cryptocurrency users to steal information or siphon crypto from their wallets. It was one of several new threats affecting the cybersecurity industry in 2021.
- SilverSparrow (February): A unique payload-less malware compiled to execute natively on Apple Silicon (M1/arm64) chips has infected roughly 30,000 known devices.
- XcodeSpy (March): Named after Apple’s integrated development environment (IDE) for macOS, this malware spreads via malicious Xcode projects, installing a custom EggShell backdoor.
- ElectrumStealer (March): Another malware targeting crypto users through a backdoored Electrum wallet. Apple inadvertently notarized it.
- WildPressure (June): Aimed mostly at Middle-Eastern victims, specifically within the oil and gas industry. This malware contained a Python backdoor with C++ variants also identified.
- XLoader (July): XLoader is a cross-platform keylogger originating on Windows but adapted for Macs. It has been found for sale on online forums.
- ZuRu (September): Spread by masquerading as a legitimate app, iTerm2, OSX.ZuRu is a Trojan dropper installing a Cobalt Strike beacon.
- MacMa (November): A Targeted Backdoor malware, macOS.Macma is suspected of originating from a nation-state actor and is deployed via 0-day/n-day exploits. Specifically, it targeted Hong Kong websites supporting pro-democracy activism. Various other malware with similar goals has been detected in the wake of the anti-China protest actions of recent years.
Cybercriminals and hackers are opportunists. As remote/hybrid work has soared in the wake of the COVID-19 pandemic, so has the adoption of Mac systems, partly because of their reputation for being more secure than Windows systems. Apple’s sales have risen sharply to top $90bn (£65bn) in just the first three months of 2021.
It’s not unreasonable to expect cybercriminals to try and capitalize on this trend by developing more malware aimed at Apple systems. Whereas AdWare has been a known problem on Mac devices, this uptick in malware is particularly concerning.
So, while macOS systems may still be safer in many ways than their Windows counterparts, businesses and consumers shouldn’t let this lead them into a false sense of complacency. Not taking extra precautions to secure their Mac devices can leave them even more vulnerable than a security-minded user of another system.