The threat of malware has increased for Mac users in a short space of time, a report from Malwarebytes claims, with detected threats up by more than 60% from the fourth quarter of 2018 to the first quarter of 2019, and adware becoming more prevalent with an increase of over 200% for the same period.
The Cybercrime Tactics and Techniques report, a quarterly release from Malwarebytes, advises the number of overall threats against consumers are on the decline, with fewer instances of malware-based cryptomining and ransomware significantly reducing over the last quarter, and with an overall decline in the volume of malware detections in general. While consumers are seeing fewer threats, there has been an increase in attacks against infrastructure and business users, with bigger targets offering potentially larger rewards.
Though the volume of Mac-specific malware grew 62% from Q4 2018 into Q1 2019, adware's 201% growth was the biggest contributor to the overall increase in threats on macOS. The highest-ranked Mac malware was PCVARK, shifting the former top three of MacKeeper, MacBooster, and MplayerX down to second, third, and seventh place on the list, respectively. One adware family named NewTab jumped in usage, rising from 60th place to fourth overall.
Mac was also subjected to new types of attack methods in the quarter, including the use of open source code to create backdoors, cryptomining malware, and even the existence of Windows executables being discovered on the macOS desktop. For cryptocurrencies, while mining is down on Mac, theft from Bitcoin and Etherium wallets on the platform totaled an estimated $2.3 million, following criminals using a vulnerability in the wallets to create a trojan-laden version.
According to Malwarebytes, nefarious actors increasingly turn to open-source Python code to deliver their malware and adware packages. Starting with a backdoor called "Bella" in 2017, the use of open source code has increased and in 2018 included software like EvilOSX, EggShell, EmPyre and a Python reverse shell for Metasploit, the company said.
In addition to backdoors, malware and adware creators are showing an interest in Python-based program MITMProxy, which can be used in a man-in-the-middle attack to ferret out encrypted SSL and other data from monitored network traffic. The open-source XMRig cryptocurrency miner was also spotted in cryptomining malware over the trailing quarter.
The Malwarebytes report is based on data drawn from its business and consumer software products between Jan. 1 through March 31, 2019.
Looking ahead, Malwarebytes predicts SMBs to see a flood of new attacks, while the Asia-Pacific region will be forced to deal with a serious threat based on WannaCry or Backdoor.Vools. The development of ransomeware is expected to pick up this year, but attacks will likely be restricted to businesses as hackers save their most potent wares for high-yield targets.
26 Comments
Thank you for the warning.
Unfortunately, while I'm sure the description of methods described in the article is useful to code warriors, I have no idea what any of it means. What is adware and how do I protect myself from it? How do I avoid opening the back doors described in the article?
Coincidentally I just deleted 25 or so adware from my MBA by the help of malwarebytes.com. It has never run cooler or quieter than now. :)
To answer Lorin Schultz above, just don’t install suspect apps, apps that the process of installation looks suspicious. And don’t install Safari extension that you’re not sure of. If possible get the apps from Mac App Store as much as possible.
On a further note as an Apple Engineer please please please if it says flash needs installing then DONT click on the link just go to www.adobe.com and download from their but chances are you don't need to install flash .
Have a nice day
Better yet, just remove Flash from your Mac and never install it again!
Is the existence of IOS app store the only reason why IOS seems so much safer than MacOS? If all apps are downloaded from Macs app store, would we be as well protected as when using ipads? Apparently Safari for Mac is more exposed than safari for IOS?