Mac malware jumps more than 60% in three months, massive uptick in adware
The threat of malware has increased for Mac users in a short space of time, a report from Malwarebytes claims, with detected threats up by more than 60% from the fourth quarter of 2018 to the first quarter of 2019, and adware becoming more prevalent with an increase of over 200% for the same period.
The Cybercrime Tactics and Techniques report, a quarterly release from Malwarebytes, advises the number of overall threats against consumers are on the decline, with fewer instances of malware-based cryptomining and ransomware significantly reducing over the last quarter, and with an overall decline in the volume of malware detections in general. While consumers are seeing fewer threats, there has been an increase in attacks against infrastructure and business users, with bigger targets offering potentially larger rewards.
Though the volume of Mac-specific malware grew 62% from Q4 2018 into Q1 2019, adware's 201% growth was the biggest contributor to the overall increase in threats on macOS. The highest-ranked Mac malware was PCVARK, shifting the former top three of MacKeeper, MacBooster, and MplayerX down to second, third, and seventh place on the list, respectively. One adware family named NewTab jumped in usage, rising from 60th place to fourth overall.
Mac was also subjected to new types of attack methods in the quarter, including the use of open source code to create backdoors, cryptomining malware, and even the existence of Windows executables being discovered on the macOS desktop. For cryptocurrencies, while mining is down on Mac, theft from Bitcoin and Etherium wallets on the platform totaled an estimated $2.3 million, following criminals using a vulnerability in the wallets to create a trojan-laden version.
According to Malwarebytes, nefarious actors increasingly turn to open-source Python code to deliver their malware and adware packages. Starting with a backdoor called "Bella" in 2017, the use of open source code has increased and in 2018 included software like EvilOSX, EggShell, EmPyre and a Python reverse shell for Metasploit, the company said.
In addition to backdoors, malware and adware creators are showing an interest in Python-based program MITMProxy, which can be used in a man-in-the-middle attack to ferret out encrypted SSL and other data from monitored network traffic. The open-source XMRig cryptocurrency miner was also spotted in cryptomining malware over the trailing quarter.
The Malwarebytes report is based on data drawn from its business and consumer software products between Jan. 1 through March 31, 2019.
Looking ahead, Malwarebytes predicts SMBs to see a flood of new attacks, while the Asia-Pacific region will be forced to deal with a serious threat based on WannaCry or Backdoor.Vools. The development of ransomeware is expected to pick up this year, but attacks will likely be restricted to businesses as hackers save their most potent wares for high-yield targets.
The Cybercrime Tactics and Techniques report, a quarterly release from Malwarebytes, advises the number of overall threats against consumers are on the decline, with fewer instances of malware-based cryptomining and ransomware significantly reducing over the last quarter, and with an overall decline in the volume of malware detections in general. While consumers are seeing fewer threats, there has been an increase in attacks against infrastructure and business users, with bigger targets offering potentially larger rewards.
Though the volume of Mac-specific malware grew 62% from Q4 2018 into Q1 2019, adware's 201% growth was the biggest contributor to the overall increase in threats on macOS. The highest-ranked Mac malware was PCVARK, shifting the former top three of MacKeeper, MacBooster, and MplayerX down to second, third, and seventh place on the list, respectively. One adware family named NewTab jumped in usage, rising from 60th place to fourth overall.
Mac was also subjected to new types of attack methods in the quarter, including the use of open source code to create backdoors, cryptomining malware, and even the existence of Windows executables being discovered on the macOS desktop. For cryptocurrencies, while mining is down on Mac, theft from Bitcoin and Etherium wallets on the platform totaled an estimated $2.3 million, following criminals using a vulnerability in the wallets to create a trojan-laden version.
According to Malwarebytes, nefarious actors increasingly turn to open-source Python code to deliver their malware and adware packages. Starting with a backdoor called "Bella" in 2017, the use of open source code has increased and in 2018 included software like EvilOSX, EggShell, EmPyre and a Python reverse shell for Metasploit, the company said.
In addition to backdoors, malware and adware creators are showing an interest in Python-based program MITMProxy, which can be used in a man-in-the-middle attack to ferret out encrypted SSL and other data from monitored network traffic. The open-source XMRig cryptocurrency miner was also spotted in cryptomining malware over the trailing quarter.
The Malwarebytes report is based on data drawn from its business and consumer software products between Jan. 1 through March 31, 2019.
Looking ahead, Malwarebytes predicts SMBs to see a flood of new attacks, while the Asia-Pacific region will be forced to deal with a serious threat based on WannaCry or Backdoor.Vools. The development of ransomeware is expected to pick up this year, but attacks will likely be restricted to businesses as hackers save their most potent wares for high-yield targets.
Comments
Unfortunately, while I'm sure the description of methods described in the article is useful to code warriors, I have no idea what any of it means. What is adware and how do I protect myself from it? How do I avoid opening the back doors described in the article?
To answer Lorin Schultz above, just don’t install suspect apps, apps that the process of installation looks suspicious. And don’t install Safari extension that you’re not sure of. If possible get the apps from Mac App Store as much as possible.
Have a nice day
IMO, the user should decide what he or she wants to install and not only what Apple decides is apt for installation.
The Mac offers this possibility and while I'm sure Apple wants that platform to move to an iOS style application setup, I think it is wrong (even on iOS).
At this point, we should all be running some form of security SW, and I myself use Intego's firewall and AV products and Cylance's predictive AI service.
1) Please please please disable Safari’s “open safe files after downloading” option. That option appears to be On in every update of Safari or macOS. Check that after every update and disable it. You cannot prevent the download of the malware payload on your Mac via an ad, that happens in a blink. The ad system is so primitive that it does not discriminate between “display” and “download”. But you can prevent the launch of that payload by disabling that Safari option. Most common form of the malware payload was the Installer package format “.pkg”, but I recently saw a disk image “.dmg” format as well !
2) Stay clear of those web sites with questionable / pirated content. Since the main venue for Mac malware is the web, that should not require further explanation. Stay clear of Usenet and torrent sites as well.
Lesson learnt I guess.
https://go.malwarebytes.com/q1-2019-ctnt-report-lp.html
Simply fill out the request.
Yeah, ‘cause that’s how many more people started using Macs.