Over the years, Apple’s impeccable marketing strategies have led to some misguided beliefs concerning the security of Mac computers.
While the system is considerably secure, the recent discovery of two pieces of Mac malware on the dark web shows that cyber criminals are slowly but surely turning their attention to the largely untapped Mac user base.
Listed on the Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) portals, the two pieces of software have reportedly been on sale for close to a month now.
Security researchers have been credited with the discovery of the two pieces of malware named MacSpy and MacRansom—a discovery that has left Mac users on high alert.
MacSpy and MacRansom
Further analysis of the malware, performed by security firms AlienVault and Fortinet, has revealed that they are not only crudely made but also appear to be the handiwork of an “inexperienced coder.”
Nevertheless, they are far from downplaying the potential damage the programs can cause, especially MacRansom, a ransomware that could irreparably destroy all files within a Mac computer.
The MacSpy malware is capable of covertly taking and sending screenshots every 30 seconds, logging all keystrokes, activating the microphone to record sounds, accessing browser history, downloads, and even synced iCloud photos.
The spyware leaves no digital trace of the attacker, keeping them well away from discovery.
MacRansom, on the other hand, provides a backdoor for attackers looking to leverage Mac files for ransom.
The backdoor malware apparently requires a ransom of about $670 (0.025BTC) to unlock the encrypted user data.
However, analysis into MacRansom suggests that the ransomware may be incapable of decrypting the locked files even after the ransom has been paid.
While both pieces of malware look formidable on the spec sheets, the lack of digitally signed files is significant, especially since it makes it impossible for them to sneak past even the most basic Mac antivirus programs.
Discovery of Mac-Targeting Malware is Significant
If nothing else, MacSpy and MacRansom are evidence that cybercriminals are beginning to size up the largely untapped Mac platform.
Security researcher Patrick Wardle said that although the appearance of Mac malware was bound to happen at some point, the discovery of these two pieces of software is significant enough to be called a milestone.
He, however, went on to point out that the attempts to create Mac malware in this scenario were amateurish and can easily be trumped by free anti-malware and anti-ransomware tools.
Nevertheless, Wardle noticed that Mac malware is progressing all the same. This was apparent in the technology used by MacRansom to evade detection from security tools.
Even with Apple’s dedication towards ensuring the safety of its user base, he warned Mac users not to get too comfortable and assume that they are entirely protected from all kinds of attack vectors.
Mac Malware Unlikely to Spread
Anyone looking to get their hands on either of the two ransomware and spyware packages would have to establish direct contact with its author—a process that may significantly slow down the spread of both pieces of software.
Since the two are listed in “as-a-service” portals, security researchers estimate the time it would take for any potential buyers to secure the malware and the offered support to be a bit too much than most would sign up for.
Virus Bulletin editor Martijin Grooten shares the same skepticism when it comes to the spread of Mac malware.
He points out that even though there exists other common-purpose malware that may affect Macs, it’s highly unlikely that it can spread as fast as malware designed for Windows computers.