5 BIG Mac threats you should be aware of

Authors: AiroAV - Security Labs

November 1st, 2018

While you mistakenly think that Mac systems are completely secure, today’s Mac threats have stepped up an extra gear. In the last couple of years alone, several new malware types appeared on the scene, specifically designed to attack Macs, leaving a large number of users vulnerable and (still) under-protected.

No matter how strong and tight your Mac security is, we are all still humans. What makes social engineering the number one, everlasting and fast-growing threat. So, if you want to keep opening your door to unwanted or unfamiliar guests, at least make yourself aware of the potential implications, and get yourself protected.

Here are Airo’s pieces of advice on how to help you become more aware of some common threats out there:

1. Social Engineering

Social Engineering refers to psychological manipulation of people into performing actions or divulging confidential information. 

Although there are (too) many forms and formats of social engineering that we would love to warn you about, and we will, this blog post will mention one of the most common forms: the famous tech support scams.

You may purchase a product or a software license. Upon purchase, or upon an ad you just saw, you may be asked to contact or be contacted for tech support purposes. Moments later you receive a call from someone, falsely claiming to be a certified Apple tech support agent. This person will attempt to assist you with a (non) existing Mac issue and will often time request to gain remote access to your Mac in order to better assist you with your (non) issue or request.

With remote access granted, this person can potentially copy all your files and data. While also getting paid for this (fake) “tech support,” by convincing you to spend hundreds of dollars for “fixing” software that you probably do not have, want or need.

If you’d like to add to this topic, we would love to have you as a contributor. Please send us your examples, stories and additions. We promise to give you credit (unless you want to stay anonymous).

2. Keyloggers

Keystroke logging often referred to as keylogging or keyboard capturing, is the action of recording the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program.

A heavily analyzed subject amongst Airo researchers. And, as it turned out, very common across Mac users recently. You may encounter multiple forms of application or software offers, recommending you to install a flash player, a media player (or any other product). This will then trigger you to install an (allegedly) essential program, in order to make you enter your Mac login credentials. Once you do type those, your keystrokes will be recorded by the attackers for their own future use. Now, knowing how to log into your system, they can use it to do as they wish for a variety of actions.

Feel like you can contribute? Were you a victim of a Keylogging malware? Share your story with us! We promise to listen and if we publish, we will credit you (unless you prefer us not to).

3. Ransomware

Ransomware is a type of malicious software that threatens to publish or otherwise misuse your data by perpetually blocking your access to your Mac, browser or files until a ransom is paid. Ransomware prevents you from accessing your system or personal files and demands ransom payment in order to regain access. These days, it is common by ransomware developers to demand payment to be sent via cryptocurrency or credit card.

After years of only attacking Windows systems, ransomware has set their sights on Mac (users) as well, massively hitting Mac OS in different shapes and forms. A recent publication describes ‘KeRanger’ for example, as Mac-designed ransomware, hiding inside the transmission open source of BitTorrent client.

Feel like you can contribute? Were you a victim of ransomware? Share your story/experience with us! We promise to listen and if we publish, we will credit you (unless you prefer us not to).

4. Adware, Malvertising and Fake Ads

Adware and Malvertising (“malicious advertising”) is the use of any online advertising format to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and web pages.

Just surfing the web and searching for some free movies or apps? Whoops! Suddenly your browser pops a new tab, advising you that “Adobe Flash Player” needs to be updated. Or just trying to enjoy Black-Friday’s sale and searching for some nice discount coupons? One wrong click and files get downloaded automatically without your interaction or consent. These are just two examples out of hundreds (if not thousands) of Airo Labs’ findings in (just) the past months.

Malvertising is everywhere: it pops (up), toasts and appears all around. We advise you not to click on shady ads and avoid the installation of software-bundle all at once.

Are you concerned about the non-kosher ads you recently encountered on the web? Share your story/experience with us! We promise to listen and if we publish, we will credit you (unless you prefer us not to).

5. Zero-day Exploit

Zero-day is a flaw in a software (or hardware) that is unknown to the party responsible for patching or otherwise fixing the flaw. Until the vulnerability is fixed, hackers can exploit it to adversely affect computer programs, data or a network.

Recently, a newly zero-day exploit discovered in Mac OS. The exploit could potentially be launched on any Safari website and allowed a remote attacker to execute malicious code on any targeted Mac computer, Just by convincing a victim to visit any website that could (unknowingly) facilitate the exploit.

(Techie alert): These Zero-day flaws included:

  • the ability of Safari web browser to automatically download and mount a disk image on a user’s system through a maliciously crafted web page;
  • the way Disk Images handle .bundle files, (i.e. applications packaged as directories)allowing an attacker to launch a malicious application from a mounted disk using a bootable volume utility called ‘Bless’ and its open-folder argument;
  • a bypass of macOS Gatekeeper anti-malware, allowing a maliciously crafted application to bypass code signing enforcement and execute a modified version of Terminal app leading to arbitrary commands execution.

In this blog post, we only scratched the surface of some potential Mac threats we see out there today. Over the past year alone, Airo Labs have registered a massive increase in Mac threats and vulnerabilities.

Stay tuned to this blog for updates on other common threats and scams designed specifically for Mac OS. And learn how to protect yourself and your Mac.

Subscribe to our blog

Get Airo

Try Airo AV and Airo Web Protection

Try Airo