Malware

Following its 2023 State of Malware report back in February, Malwarebytes is out with its yearly State of Ransomware study. As attacks continue to grow, the US saw 7 times more ransomware incidents than the second most attacked country. Here are the details of what the report found.

Back in March, we saw a piece of malware surface for macOS called MacStealer that’s able to compromise iCloud Keychain passwords, credit card information, files, and more. Now a new malware called Atomic macOS Stealer is being sold as a service to malicious parties that may be more threatening.

So far this year we’ve seen a few reports about malware that’s affecting Macs. Now Elastic Security Labs has released its spring 2023 Global Threat Report. It offers a big-picture look at the state of malware including how often it’s impacting Mac vs Windows and Linux, the most common malware overall, the most common malware on Mac, and more.

Security researchers have identified a new piece of Mac malware, which they’ve dubbed MacStealer. The malware extracts your iCloud passwords, a wide variety of files, and credit card details stored in browsers.

The good news, however, is that you’d have to be very naive to fall victim to it …

Update: Apple has now commented on the findings – see the end of the piece.

Cybersecurity company Jamf Threat Labs has found Mac cryptomining malware in pirate copies of Final Cut Pro. The firm says that the cryptojacking malware was particularly well hidden, and not detected by most Mac security apps.

Jamf also warned that the power of Apple Silicon Macs is going to make them increasingly popular targets for cryptojacking – where malware uses your machine’s considerable processing power to mine cryptocurrencies for the benefit of attackers …

Malwarebytes has released its latest report digging into the state of malware in 2023. The findings include recent key security developments, 5 cyber threat archetypes to watch out for this year, what type of malware was found most on Macs, and more.

A nasty piece of Mac malware is being actively used in the wild to capture personal data from Macs. Security researchers say that CloudMensis spyware can allow an attacker to download files, capture keystrokes, take screengrabs, and more.

Cybersecurity firm ESET says that the spyware has been in active use since February, and appears to be targeting specific individuals …

Security researchers have released details of DazzleSpy – Mac malware that enabled key-logging, screen captures, microphone access, and more.

DazzleSpy was used to target Hong Kong democracy activists, initially through a fake pro-democracy website, and later through a real one, in a so-called watering hole attack …

Apple paid a bug bounty of $100K after a cyber security student who successfully hijacked the iPhone camera back in 2019 did the same with the Mac camera.

Ryan Pickren used an imaginative approach that allowed him to run arbitrary code on a target Mac, and received what he believes to be the largest bug bounty Apple has ever paid …

We may still be waiting for some developers to update their apps to run natively on M1 Macs, but the developer of SysJoker Mac malware is already on the case.

Security researcher Patrick Wardle points to what he says is the first Mac malware of 2022, and it runs on both Intel and M1 Macs. SysJoker can be controlled remotely by an attacker, allowing it to be used in many different ways …

Android and iPhone spyware sold by NSO Group enables state terror attacks in multiple countries, according to a new database released by Amnesty International and partner organizations.

NSO uses zero-day exploits to develop spyware for both iPhones and Android smartphones, allowing users to read text messages and emails, monitor contacts and calls, track locations, collect passwords, and even switch on the smartphone’s microphone to record meetings …

A study looking at new malware found in the wild during 2020 says that threats developed for macOS saw a huge jump – almost 1,100% compared to 2019. But taken into context, that total was less than 1% of the new malware that was discovered for Windows in the same period.

The first Apple Silicon Macs have been out for just a few months and a good portion of popular apps have been updated with native support for the M1 MacBook Air, Pro, and Mac mini. Not far behind, what looks like the first malware that’s been optimized for Apple Silicon has been found in the wild.

The notorious GravityRAT spyware, which initially targeted Windows PCs, now also enable attacks against Macs and Android devices.

Remote Access Trojans (RATs) are so-called because they masquerade as legitimate apps (the Trojan part) and then permit the compromised machine to be accessed remotely …

Security researcher and former NSA hacker Patrick Wardle has demonstrated a way to modify state-created Mac malware to run his own code instead of the payloads from the government servers.

The sophistication of the malware makes re-purposing it attractive to other attackers, including other governments …

Expand
Expanding
Close

Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.

For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]

In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.

That’s getting a lot of headlines today, but there are three key things that need to be understood…

Expand
Expanding
Close

Apple has confirmed that 17 malware iPhone apps were removed from the App Store after successfully hiding from the company’s app review process.

The apps were all from a single developer but covered a wide range of areas, including a restaurant finder, internet radio, BMI calculator, video compressor, and GPS speedometer …

Expand
Expanding
Close

No fewer than six examples of Mac malware were discovered last month, including one which exploits a vulnerability in macOS Gatekeeper. The latest example – dubbed OSX/CrescentCore – takes steps to hide from security researchers.

Security company Intego says it has found CrescentCore on multiple websites, posing as, you guessed it, a Flash Player updater …

Expand
Expanding
Close

A macOS Gatekeeper vulnerability discovered by a security researcher last month has now been exploited in what appears to be a test by an adware company.

Gatekeeper is designed to ensure that Mac apps are legitimate by checking that the code has been signed by Apple. Any app failing that check shouldn’t be allowed to install without the user acknowledging the risk and granting explicit permission to proceed …

Expand
Expanding
Close

Microsoft is renaming its Windows Defender antivirus software to Microsoft Defender Advanced Threat Protection (ATP), and bringing it to macOS for the first time.

While Macs are significantly less vulnerable to malware than Windows machines, they are not immune. Examples include fake Flash Player installers and cryptocurrency-stealing browser exploits and apps …

Expand
Expanding
Close