MacOS Faces Threats From Rewritten Malware

macOS-Faces-Threats-From-Rewritten-Malware

For a while, one of the most significant benefits of macOS X over Windows OS has been the scarcity of malware targeting the former. That has enabled Mac devices to be a more appealing option for consumers since they do not need the installation of security software. Regrettably, this is no longer the case as macOS are at risk with threats from rewritten malware. Recent reports reveal numerous instances of Windows-focused malware modified to target macOS computers. That indicates that cybercriminals are increasingly targeting Apple devices.

Rise of Apple Sales Attract Cybercriminals

Apple sold about 20 million Macs and MacBooks in 2020. The increase of Mac users attracts hackers seeking new targets. While malware does not often migrate to macOS, research indicates that it is growing more common these days with threats from rewritten malware. One of these versions, XLoader, is a popular and low-cost malware designed to infect Windows computers. XLoader is a variant of FormBook, a widespread virus that has been around for five years and has impacted 4% of businesses globally.

FormBook resurfaced on underground forums in February 2020 as XLoader, with a new avatar. It has a few new features, notably the ability to infect macOS computers. Furthermore, it is generally transmitted via faked emails that mislead victims into downloading and opening a malicious file, often a Microsoft Office document. Attackers may use the virus to steal passwords, gather screenshots, record keystrokes, and execute malicious files. Its ability to mislead sandboxes and researchers by concealing its C2 servers is an exciting feature.

 

After an attack, the vulnerabilities that led to the exploitation can still remain. Our experts at Lifars use their forensic and cybersecurity experience to assist with the conversion process to prevent similar exploitations in the future.

 

Growing MacOS Threats

However, it is not the only malware that has been modified to target macOS devices. Kaspersky researchers monitoring Milum recently revealed their discovery of additional variants built-in in various programming languages. Milum is a dangerous Trojan employed by the WildPressure APT. According to studies, one new version could infect and run on both Windows and macOS. It sent information about the programming language on a target device to the attackers. One new version was able to infect and run on both Windows and macOS, proving that the latter is at risk from threats from rewritten malware.

Lesser-known dangers to business settings include malware and adware. The top malware families accounted for more than 99% of all malware detections on macOS. Families such as ThiefQuest, the unique malware researchers encountered in 2020, witnessed a significant increase. Researchers describe how ThiefQuest propagated via apparently genuine installers discovered on pirate sites; these installers delivered malware in addition to the anticipated program. Files on infected Macs would appear to be encrypted.

According to a study of 2020 malware activity, corporate environments that use Mac devices must be on the lookout as hackers continue to target the Apple operating system. Windows malware detections decreased by 24% among companies in 2020. Over the same time, Mac malware detection rose by 31% for enterprises but decreased by 40% among consumers.

Ways To Mitigate Attacks On Your macOS Device

Apple users are constantly advised to upgrade their os immediately, as they are at grave risk of hackers exploiting this rewritten malware since earlier this year. Outdated software can present vulnerabilities and loopholes where cybercriminals can find a way into your device. Updates may close these gaps and make it more difficult for any malware to infiltrate. Therefore, be sure to update both your operating system and your applications regularly.

Likewise, installing software from unknown sites is perilous since you never know what you’ll receive. It is safest to stick to official websites or the App Store. Also, backup your data to an external drive and unplug it from your Mac. If your Mac is infected with malware, it will be unable to encrypt those unconnected backups. After you’ve securely eliminated the threat from rewritten malware, perform a thorough check to ensure nothing suspicious is still lurking around. Then reconnect your backup disk to restore your data.

 

 

References:

1. https://www.darkreading.com/endpoint/cybercriminals-rewrite-malware-to-target-macos?fbclid=IwAR3HxBnL-Xns80WLrBoFDnG0Nud-s0BQ76eGCbngW4a7g6KI2osPDN0HJjE
2. https://www.wired.com/story/macos-malware-shlayer-gatekeeper-notarization/
3. https://www.bbc.com/news/technology-35070853