Mac malware jumps more than 60% in three months, massive uptick in adware

Posted:
in General Discussion edited April 25
The threat of malware has increased for Mac users in a short space of time, a report from Malwarebytes claims, with detected threats up by more than 60% from the fourth quarter of 2018 to the first quarter of 2019, and adware becoming more prevalent with an increase of over 200% for the same period.

Hack


The Cybercrime Tactics and Techniques report, a quarterly release from Malwarebytes, advises the number of overall threats against consumers are on the decline, with fewer instances of malware-based cryptomining and ransomware significantly reducing over the last quarter, and with an overall decline in the volume of malware detections in general. While consumers are seeing fewer threats, there has been an increase in attacks against infrastructure and business users, with bigger targets offering potentially larger rewards.

Though the volume of Mac-specific malware grew 62% from Q4 2018 into Q1 2019, adware's 201% growth was the biggest contributor to the overall increase in threats on macOS. The highest-ranked Mac malware was PCVARK, shifting the former top three of MacKeeper, MacBooster, and MplayerX down to second, third, and seventh place on the list, respectively. One adware family named NewTab jumped in usage, rising from 60th place to fourth overall.

Mac was also subjected to new types of attack methods in the quarter, including the use of open source code to create backdoors, cryptomining malware, and even the existence of Windows executables being discovered on the macOS desktop. For cryptocurrencies, while mining is down on Mac, theft from Bitcoin and Etherium wallets on the platform totaled an estimated $2.3 million, following criminals using a vulnerability in the wallets to create a trojan-laden version.

According to Malwarebytes, nefarious actors increasingly turn to open-source Python code to deliver their malware and adware packages. Starting with a backdoor called "Bella" in 2017, the use of open source code has increased and in 2018 included software like EvilOSX, EggShell, EmPyre and a Python reverse shell for Metasploit, the company said.

In addition to backdoors, malware and adware creators are showing an interest in Python-based program MITMProxy, which can be used in a man-in-the-middle attack to ferret out encrypted SSL and other data from monitored network traffic. The open-source XMRig cryptocurrency miner was also spotted in cryptomining malware over the trailing quarter.

The Malwarebytes report is based on data drawn from its business and consumer software products between Jan. 1 through March 31, 2019.

Looking ahead, Malwarebytes predicts SMBs to see a flood of new attacks, while the Asia-Pacific region will be forced to deal with a serious threat based on WannaCry or Backdoor.Vools. The development of ransomeware is expected to pick up this year, but attacks will likely be restricted to businesses as hackers save their most potent wares for high-yield targets.
«1

Comments

  • Reply 1 of 26
    Thank you for the warning.

    Unfortunately, while I'm sure the description of methods described in the article is useful to code warriors, I have no idea what any of it means. What is adware and how do I protect myself from it? How do I avoid opening the back doors described in the article?
    minicoffeewatto_cobra
  • Reply 2 of 26
    matrix077matrix077 Posts: 728member
    Coincidentally I just deleted 25 or so adware from my MBA by the help of malwarebytes.com. It has never run cooler or quieter than now. :)

    To answer Lorin Schultz above, just don’t install suspect apps, apps that the process of installation looks suspicious. And don’t install Safari extension that you’re not sure of. If possible get the apps from Mac App Store as much as possible. 
    edited April 25 davgregracerhomie3minicoffeewatto_cobra
  • Reply 3 of 26
    On a further note as an Apple Engineer  please please please if it says flash needs installing then DONT click on the link just go to www.adobe.com and download from their  but chances are you don't need to install flash .

    Have a nice day 
    ivanhdavgregmacplusplusbluefire1cornchipmagman1979brianmtyler82minicoffeefastasleep
  • Reply 4 of 26
    djkfisherdjkfisher Posts: 115member
    Better yet, just remove Flash from your Mac and never install it again!
    widowsoft said:
    On a further note as an Apple Engineer  please please please if it says flash needs installing then DONT click on the link just go to www.adobe.com and download from their  but chances are you don't need to install flash .

    Have a nice day 
    zeus423mac_dogLordeHawkcornchipmagman1979tyler82docno42watto_cobra
  • Reply 5 of 26
    AbsintheursAbsintheurs Posts: 1unconfirmed, member
    Is the existence of IOS app store the only reason why IOS seems so much safer than MacOS? If all apps are downloaded from Macs app store, would we be as well protected as when using ipads? Apparently Safari for Mac is more exposed than safari for IOS?
    watto_cobra
  • Reply 6 of 26
    avon b7avon b7 Posts: 4,060member
    Is the existence of IOS app store the only reason why IOS seems so much safer than MacOS? If all apps are downloaded from Macs app store, would we be as well protected as when using ipads? Apparently Safari for Mac is more exposed than safari for IOS?
    The app stores are filters. They help to control what reaches you and how it performs. It comes with a price that isn't only economical.

    IMO, the user should decide what he or she wants to install and not only what Apple decides is apt for installation.

    The Mac offers this possibility and while I'm sure Apple wants that platform to move to an iOS style application setup, I think it is wrong (even on iOS).
  • Reply 7 of 26
    matrix077 said:
    Coincidentally I just deleted 25 or so adware from my MBA by the help of malwarebytes.com. It has never run cooler or quieter than now. :)

    To answer Lorin Schultz above, just don’t install suspect apps, apps that the process of installation looks suspicious. And don’t install Safari extension that you’re not sure of. If possible get the apps from Mac App Store as much as possible. 
    How on earth did you manage to get 25 or so malware on your Mac? – Or was it just something Malwarebytes reported, so it could sell you the Premium version? 
    tokyojimuSpamSandwichcornchip
  • Reply 8 of 26
    davgregdavgreg Posts: 422member
    Think before you click should always be the first order of business- just like you would not open your front door and let just anyone into your home.

    At this point, we should all be running some form of security SW, and I myself use Intego's firewall and AV products and Cylance's predictive AI service.
  • Reply 9 of 26
    FatmanFatman Posts: 306member
    Did Malwarebytes (a product I use for Windows and more recently Mac) change their definition of what adware is - which makes results look inflated?
    zeus423cornchipwatto_cobra
  • Reply 10 of 26
    macplusplusmacplusplus Posts: 1,888member
    Theoretically you can get malware from any website that displays ads. So running an ad blocker is of crucial importance not because ads are annoying, but because those ad networks are unable to cure and disinfect their network against malware. So those cocky websites that order you to turn off your ad blocker are actually asking you to disable your computer’s malware protection. 

    1) Please please please disable Safari’s “open safe files after downloading” option. That option appears to be On in every update of Safari or macOS. Check that after every update and disable it. You cannot prevent the download of the malware payload on your Mac via an ad, that happens in a blink. The ad system is so primitive that it does not discriminate between “display” and “download”. But you can prevent the launch of that payload by disabling that Safari option. Most common form of the malware payload was the Installer package format “.pkg”, but I recently saw a disk image “.dmg” format as well !

    2) Stay clear of those web sites with questionable / pirated content. Since the main venue for Mac malware is the web, that should not require further explanation. Stay clear of Usenet and torrent sites as well.
    edited April 25 cornchipdocno42bakedbananaswatto_cobra
  • Reply 11 of 26
    dewmedewme Posts: 2,123member
    The way the article is worded makes it sound like MacKeeper, MacBooster, and MplayerX are also malware. Is this true?
    cornchipwatto_cobra
  • Reply 12 of 26
    Fatman said:
    Did Malwarebytes (a product I use for Windows and more recently Mac) change their definition of what adware is - which makes results look inflated?
    Malwarebytes will report individual files associated with various malware as being "malware". So if it detects the MacKeeper app on the computer, it's launch daemon, and it's preference file Malwarebytes counts that as 3 pieces of malware.
    watto_cobra
  • Reply 13 of 26
    bluefire1bluefire1 Posts: 897member
    So what’s the best software out there for added protection: Bitdefender, Norton, other?
    watto_cobra
  • Reply 14 of 26
    dewme said:
    The way the article is worded makes it sound like MacKeeper, MacBooster, and MplayerX are also malware. Is this true?
    Yes, in a manner of speaking. MacKeeper, for one, use to send back loads of system information to a server WITHOUT user permission, warning or input. Whether the same is true now or is true of MacBooster or MplayerX I cannot say with certainty as I no longer use or have use for any of them.
    cornchipwatto_cobra
  • Reply 15 of 26
    lkrupplkrupp Posts: 7,162member
    I am a Malwarebytes Premium subscriber and it has never reported anything on my iMac. I take the usual precautions. I don’t let downloaded files launch automatically, I never click on ads claiming fantastic things, I pay no attention to warnings advising me to update Adobe Flash. I never respond to emails from companies, even ones I do business. Instead I go directly to that company’s website. Of course I also pay no attention to emails claiming my account needs verification, especially from “Apple”. I use 1Password. And so forth. It amazes me that people can be so trusting and gullible online.
    edited April 25 cornchipdocno42watto_cobrajony0
  • Reply 16 of 26
    matrix077matrix077 Posts: 728member
    ElCapitan said:
    matrix077 said:
    Coincidentally I just deleted 25 or so adware from my MBA by the help of malwarebytes.com. It has never run cooler or quieter than now. :)

    To answer Lorin Schultz above, just don’t install suspect apps, apps that the process of installation looks suspicious. And don’t install Safari extension that you’re not sure of. If possible get the apps from Mac App Store as much as possible. 
    How on earth did you manage to get 25 or so malware on your Mac? – Or was it just something Malwarebytes reported, so it could sell you the Premium version? 
    Nah.. I have a couple of DVD I’m desperate to copy to ISO but the method via Disk Utility couldn’t get past the copy protection so.. umm.. I searched internet to find the app that do, and foolishly believed I found it until I was installing it and found the method looked fishy. Still I went ahead because I was desperate. Needless to say, after that every time I used Safari there always an ad or two popped up and my MBA running loud and hot like it was a jet fighter. 
    Lesson learnt I guess. 
    edited April 25 ElCapitandocno42watto_cobra
  • Reply 17 of 26
    bitmodbitmod Posts: 267member
    So it went from 5 guys with malware to 16.
    docno42
  • Reply 18 of 26
    gatorguygatorguy Posts: 20,898member
    bitmod said:
    So it went from 5 guys with malware to 16.
    You can get a copy of the more detailed report here:
    https://go.malwarebytes.com/q1-2019-ctnt-report-lp.html

    Simply fill out the request.
  • Reply 19 of 26
    Johan42Johan42 Posts: 163member
    bluefire1 said:
    So what’s the best software out there for added protection: Bitdefender, Norton, other?
    Bitdefender.

    bitmod said:
    So it went from 5 guys with malware to 16.
    Yeah, ‘cause that’s how many more people started using Macs.
  • Reply 20 of 26
    ElCapitan said:
    How on earth did you manage to get 25 or so malware on your Mac? – Or was it just something Malwarebytes reported, so it could sell you the Premium version? 
    I use the free versions of Malwarebytes and Bitdefender to scan my systems every couple of weeks. Neither have ever reported any malware on my systems, but I've always tried to be prudent.
    watto_cobra
Sign In or Register to comment.