sb-eu logo
Story image

10 times malware proved that MacOS isn't bulletproof

08 Jul 2019

In the first six months of 2019 there have been at least ten types of malware specifically targeting macOS, indicating that Mac users need to come to terms with the fact that their devices are not immune from attack.

According to security firm SentinelOne’s Phil Stokes, cybercriminals are targeting Apple’s Mac platform more often – and they’re exploiting it.

SentinelOne’s Phil Stokes explains ten malware outbreaks in 2019:

1.    OSX.DOK: This installs a hidden version of the Tor browser and other tools designed to steal user data, capture the traffic, and enable stealth communication. It is delivered via a phishing campaign and it’s able to read all internet traffic, even encrypted traffic.

2.    CookieMiner: This malware doubles as a cryptominer and backdoor. If it infects a user’s machine, it can steal cryptocurrency account details and possibly steal user’s funds.

3.    Lazarus malware: An oldie but a persistent threat, Lazarus malware enables attackers to take total control of a device. They use a backdoor linked to a command-and-control server to take over the device.

4.    OSX.Pirrit: This is an adware and browser hijacker that makes money off infected users’ internet searches. It redirects users to dodgy websites, and me be able to steal data and spy on users.

5.    OSX.Siggen: This is a malware delivered through a fake WhatsApp app. Attackers can take control of the device through a backdoor.

6.    OSX.Loudminer: This is generally delivered through downloads of ‘cracked’ audio software, including Ableton Live. It will then take over a user’s computer to conduct cryptomining activities.

7.    KeyStealDaemon: This malware leverages a now-patched zero-day that could still infect users who don’t keep their operating system up to date. The malware can steal passwords.

8.    OSX/Linker: This makes use of another zero-day, which Apple hasn’t yet patched. It is delivered through fake Adobe Flash Player installers.  Attackers can truck users into mounting a malicious disk image, which they can use to execute malicious codes.

9.    OSX-Mokes and OSX.Netwire/Wirenet:  These mimic legitimate names such as ‘Dropbox’, ‘Chrome’ and ‘Firefox’ to avoid detection. Attackers can create a backdoor that can take screenshots, record keystrokes, and steal user data.

10.    OSX/CrescentCore: This is a dropper that tries to monetise downloads and browser searches on an infected machine through the likes of scareware, bloatware, and search hijack software. “The problem with these PUPs and adware installers is that they eventually grind the user’s machine to a halt with all the unnecessary tasks they run, as well as harm productivity as users are distracted by unwanted browser pages, popups and fake virus alerts.

Mac users should not believe the myth that Mac is bulletproof against cyber attacks.

“As cybercriminals are always looking for the weakest link, you should ensure all your macOS users, even if they are executives, developers or other power users, do not fall into that bucket,” Stokes concludes.

Story image
Cyber criminals turn to Gmail and AOL to advance attacks
“Securing oneself against this threat requires organisations to take protection matters into their own hands - this requires them to invest in sophisticated email security that leverages artificial intelligence to identify unusual senders and requests."More
Story image
Forescout and Arista Networks embark on new Zero Trust security partnership venture
Forescout and Arista Networks have come together to deliver Zero Trust security and greater device visibility and enforcement across heterogeneous networks.More
Story image
Just 6,000 accounts responsible for over 100,000 email attacks - report
Barracuda has today released a report detailing how 6,170 malicious accounts that use Gmail, AOL, and other email services were responsible for more than 100,000 business email compromise (BEC) attacks on nearly 6,600 organisations. More
Story image
OkCupid website and app found to have significant security flaws
The popular online dating service has been found to have several vulnerabilities which, if exploited, could put the private data of users in danger of being stolen.More
Story image
Machine identities increasingly exploited, new research finds
Venafi, the provider of machine identity management, finds that malware attacks using machine identities doubled from 2018 to 2019, including high-profile campaigns such as: TrickBot, Skidmap, Kerberods and CryptoSink.More
Story image
Beware of these six L7 DDoS attacks
As more services are migrating online, DDoS attacks are increasingly shifting away from the network layer, and into the application layer, writes Radware product marketing manager Eyal Arazi.More