mac malware article

The Mac Myth

Apple’s Mac Operating Systems (OS) is impenetrable to malware. Myth. Recent malware analysis shows Macs are vulnerable to malware attack just like other operating systems. MalwareBytes reported a 400% increase in Mac OS malware from 2018 to 2019.  Amazingly, this number of malware samples for the Mac OS was double the number found for Windows OS!  Who knew?

Differences in Malware Impact and intent

The most prevalent malware on each operating system has its distinct differences. Windows OS malware is frequently aimed at capturing information or gaining control of the networks and systems; the most common Mac OS malware is intended to deliver unwanted advertisements to users or send them to a website they didn’t intend to visit. 

Macs Usage in Businesses

Macs are no longer relegated to the Print and advertising industries. Many mainstream businesses are adopting Macs because the perception is they are more reliable, more easily managed, and arguably faster than their Windows counterparts. As Macs become more popular for businesses hackers are turning their attention to finding the vulnerabilities in them, exploiting them, and causing damage to your business. Let’s look at the types of Mac malware next and then conclude with steps any Business should take to protect itself.

Malware That Infects Macs

Shlayer Trojan

This malware is the most prolific malware out there today.  It’s hit an estimated 10% of all Macs in 2019. Shlayer masquerades as an installation tool for a application update, often linking itself to Adobe Flash Player. Once installation begins, Shlayer disguises system security warnings to trick users into giving the application permission to proceed.

Adware.NewTab

NewTab is adware that loads as a browser extension that purports to be a tracker for flights or packages, but instead corrupts a user’s Web Browser settings. Browser plugins and other apps not downloaded from the Apple App Store prompt the user to confirm the installation; another reason to stay attentive while installing software onto devices.

PUP.PCVARK

PCVARK is a company that develops and publishes a number of different Potentially Unwanted Programs (PUPs). This malware infects Macs by users clicking on a link prompting a downloader that installs malware onto the devices. PCVARK will unload various tricks to convince users to open these links on the Internet; phishing attacks and social engineering.

PUP.MacKeeper

MacKeeper is legitimate software that many customers have willingly purchased as part of their Mac’s security scheme. MacKeeper malware prompts a “warning” window that pops up claiming the device is infected with malware and they must install MacKeeper. The trick is that the hackers will have users install a malware-infected MacKeeper onto the device, convinced that they are cleaning their device. 

OSX.Generic.Suspicious

OS X.Generic.Suspicious is a family of adware installers that uses a fake malware warning to convince the user that a piece of fake anti-malware software must be installed. Instead of protection, the victim installs adware. This is similar to the MacKeeper malware, although this is much harder for System Engineers to cleanse, as the malware scatters pieces of itself across the storage space; making it difficult to consolidate the malware and get rid of it.

OSX.Genieo

Genieo is a browser hijacker that substitutes the user’s homepage and search engine with its own; deploying unwanted advertisements and websites. This malware is difficult to get rid of due to “uninstaller packages” that claim to get rid of the malware, but actually install more malware.

FakeFileOpener

FakeFileOpener a piece of malware that springs into action when a user selects a specific application(s), often offering a MacOS cleaner or optimizer to help solve problems the system probably doesn’t have. FakeFileOpener’s goal is to install adware and redirect users to malicious sites and search engines. 

MAC Malware is a Problem. Now what?

Being aware of the potential threats that face online is extremely valuable. Know what to look for so you can avoid it. Working remotely opens up many potential threats to employees and employers. As mentioned in our Stay Secure While Working Remotely article, follow these best practices to stay secure on your personal and work devices:

Set a Policy

The first thing a company should do is govern employees. Establish a Written Information Security Policy (WISP). Next, established security guidelines for remote workers and remote access into company systems. Do your policies need amending in this Pandemic to allow for special circumstances? Though inconvenient, it’s important to show employees leadership by providing for secure computing capabilities even when remote. Establish guidelines addressing secure remote access to company information systems and the use of personal devices for company business.

Keep Devices Up To Date

The first thing that employees should be doing is securing their devices. Ensure these steps are part of your requirements:

Secure Remote Access with Two-Factor Authentication

CyberHoot has witnessed many breaches relating to remote access that wasn’t two-factor authenticated (2FA). Don’t enable any remote access to your company networks without 2FA enabled for everyone. Free solutions exist from Google and Microsoft, and even easier but paid 2FA exists from Duo.

Setup either a Virtual Private Network (VPN) to allow work-from-home employees into your company network (with access to file servers etc.), or else setup a Remote Desktop Protocol (RDP) access into their work machines. Both remote access solutions must have 2FA to authenticate your users.

Educate Employees

Training your employees on cybersecurity basics is the cheapest and easiest methods of threat reduction. Trained employees can spot and delete phishing attacks, pick better passwords, even start using Password Managers.

Be especially wary of the increasing number of Coronavirus-based phishing emails going around, preying on folks public health concerns. For more on this, please read FTC Warning of Potential Coronavirus Scams.

Sources

DarkReading

Stay Secure While Working Remotely

Used with permission from Article Aggregator