MacOS has the reputation of being a relatively attack-proof operating system. Not only among Apple users, MacOS has always been far less susceptible to malware and cyberattacks than the market leader Windows. The fact is, however, that even Mac users are not immune to compromises or dangerous infections, as there is more and more malware that specifically targets MacOS.
According to the expert team of SentinelOne, cyber criminals started to focus now more on Apple's Mac platform, as the following ten malware attacks on MacOS demonstrate:
1. OSX.DOK is malware that installs a hidden version of the Tor browser and other hacking tools which are designed to steal user data and track traffic while doing the best it can to go undetected. It is usually spread via a phishing campaign and can read all Internet traffic, including encrypted one. The malware writes several Apple domain names to the local hosts file so that connections to them are automatically redirected to 127.0.0.0.1. Once the malware begins to capture the user's traffic, it connects to a server on the dark net and begins exfiltration.
2. CookieMiner is a fatal malware as it can be used as a cryptominer and backdoor at the same time. When the device is infected, CookieMiner installs its own Monero crypto miner and an Empyre back door. Security researchers warn that the malware can steal sufficient credentials to prevent multifactor authentication and give hackers access to users' crypto wallets.
3. Lazarus is by no means new malware but a persistent threat that allows attackers to gain full control over a device, using a back door connected to a command and control server to take over the device.
4. OSX.Pirrit is an adware and browser hijacker that redirects users to risky websites and is also likely to be able to spy on users.
5. OSX.Siggen is malware delivered through a fake WhatsApp message pretending to offer WhatsApp for phones and computers. On a Mac, this then leads to unwanted download of the malware that allows the hackers to take control of the device via a hidden backdoor.
6. OSX.Loudminer is a 2.5 GB malware that is usually spread by downloading "cracked" audio software and aims to take over a user's computer to create cryptocurrencies. The hackers specifically focus on virtual studio software and other processor-intensive applications to mask their cryptomining activities.
7. KeyStealDaemon is malware that benefits from a security loophole that can access sensitive passwords. It is patched by now, but users who do not have updated their MacOS, or those who are still using MacOS 10.11 El Capitan or earlier versions, are at risk.
8. OSX / Linker is delivered through fake Adobe Flash Player installers and allows an attacker to run a remote program on the victim's machine if a malicious disk image gets installed.
9. OSX-Mokes and OSX.Netwire / Wirenet are malware variants that imitate legitimate applications and use names such as 'Dropbox', 'Chrome' and 'Firefox' to avoid detection. Particularly at risk are MacOS users running unpatched versions of Firefox or those infected with Mokes.B or Netwire.A. Attackers can use a backdoor to take screenshots, record keystrokes, or exfiltrate user data.
10. OSX / CrescentCore tries to monetize downloads and browser searches on an infected computer through scareware, bloatware, and search hijack software. The large number of potentially unwanted programs (PUPs) and adware installations not only affects the performance of the computer but can even lead to complete failure. Users are also annoyed by unwanted browser pages, countless pop-ups and fake virus warnings.
MacOS users who continue to think that their operating system (OS) is relatively safe from cyber-attacks, and neglect security updates or additional security measures, expose themselves to high dangers. Since the protection provided by the OS itself is relatively weak, companies that use Apple PCs should make sure that they are using endpoint security solutions that cover MacOS devices as well, since attackers always have a preference for the weakest link in the chain. (Source: SentinelOne)