Cybercriminals don’t usually target operating systems (OS) other than Windows, so it’s interesting when they do. While Mac OS is far less likely to be attacked or infected by malware than Windows, it is not entirely immune from it.
Security firms Fortinet and AlienVault recently identified two Malware-as-a-Service (MaaS) programs targeting the Mac OS X operating system – “MacSpy” and “MacRansom.” Both became available on the Dark Web June 9th.
What You Need to Know About the New Malware for Mac
While Malicious Software (Malware) is software with the goal of stealing or scamming data from the user, Malware-as-a-Service (MaaS) uses someone else’s malware to launch an attack.
Both MacSpy and MacRansom appear to have been created by the same developer. To get access to either program, the scammer must email the developer directly and request a copy.
The Malware creator(s) claim that they created these programs because of the popularity of Apple products and that there is a lack of “sophisticated malware for Mac users.”
Once executed on a target’s computer, MacSpy and MacRansom check to see which operating system is being run. If it’s a non-Mac environment, it terminates. If it is a Mac environment, the malware initiates as follows:
- The “free version” of MaaS captures a screenshot every 30 seconds, logs every keystroke, acquires photos synced from iPhone to Mac, obtains browser history, among other things. The “paid version” does even more. Basically, it gives the attacker access to the entire computer and any accounts stored on it. Get details here.
- One of the first ransomware-as-a-service (RaaS) programs for the OS X platform, this nasty piece of work holds your Mac hostage. It first creates a launch point in the computer’s Library, then runs at every startup until the encryption is triggered at a specified time. Once executed, you’ll have to pay to get your files back. However, Fortinet is not convinced the encrypted files can actually be decrypted, again, save by brute force. Get details here.
How to Protect Yourself
Although there is no fool-proof method of eliminating malware, you can minimize the impact and prevent significant data loss by doing the following:
- Back up your computer regularly to an external drive.
- Remove all external drives that are connected to your computer so that they do not become infected.
- DO NOT click, open, or download unknown files from suspicious or untrusted sources.
- Limit physical access to your computer and require a password every time it starts or wakes up.
- Download apps and programs only from Apple’s own Mac App Store.
Since 2005, JPMerc has helped small to mid-sized businesses use technology more effectively — so it fuels their productivity and success, instead of getting in the way. Contact us to discuss your company’s IT needs.