Mac Malware Skyrockets in 2019

The Rapid Rise Of Mac-Based Malware

November 20th, 2019

The Rapid Rise Of Mac-Based Malware

In 2018 a total of 93,933 macOS Malware programs were detected by Av-Test, an independent IT-Security Institute. The detection showcased a rapid increase from the 28,925 detection’s the institute had discovered in 2017. 

In the first half of 2019, there were 6 million phishing attacks targeting Mac users. 1.6 million of those attacks were made while disguising the attack with counterfeit Apple branding.

macOS Featured 2 Of The Top 10 Malware Attacks In Q1 2019

WatchGuard Technologies announced in June 2019 that two of the 10 most popular attacks for Q1 were developed for macOS. One particular adware dropper was detected 300,000 times on Macs. A Trojan horse that collected private user data was the ninth most detected malware. 

Continued monitoring of Mac-based systems revealed how rapidly Mac attacks have propagated among its customers. In 2015, macOS was attacked 852,293 times, a number that climbed to 1.5 million in 2016. In 2017 there were 4 million macOS attacks, followed by an incredible 7.3 million attacks in 2018. That’s nearly a 900% increase in attacks in just over three years.

There were 16 million instances of attacks against Macs during April 2019 only. Shockingly those attacks were four times more than the previous monthly record which was reported in 2018. 

We have quickly learned that hyper-growth in the Mac-based sector has forced hackers to take notice. Malicious software, which includes adware, spyware, and various other attacks is on the rise.

One of the most serious potential threats comes in the form of ransomware.



Ransomware For Macs. A Costly Attack

A ransomware infection is a type of malware that is capable of taking your computer hostage. Ransomware encrypts data on your operating system and demands a ransom is paid in order to receive a decryption code. The encryption code frees your sensitive information from its digital jail cell once the ransom is met.

While ransomware for Macs is rare there have been two major releases recently that have caused trouble for Apple customers. 

The first major Mac-based ransomware was a program called “Patcher.” The ransomware posed as Adobe Premiere CC and Microsoft Office 2016 “cracks.” Distributed through BitTorrent, users who attempted to install those software options soon realized they had installed a Trojan horse. The Trojan horse encrypted files and demanded payment to free a user’s personal information.

One year later, KeRanger was detected . The program was transmitted with accidental help from Transmission, a popular BitTorrent app. According to the Palo Alto Research Center, Transmission’s own website was compromised and KeRanger replaced the legitimate applications official .dmg installation file. The scariest aspect of KeRanger is that it was signed with an authorized Apple security certificate. This security fault allowed the illegal program to bypass the macOS Gatekeeper security system.

While ransomware is still a lesser exploited problem for macOS users, phishing scams are costing users billions of dollars.

Phishing Scams And How To Avoid Them

An estimated 16 million phishing emails are expected to be attempted by the end of 2019. Phishing scams occur when a scammer targets a user’s inability to decipher between fake and legitimate communications.

As previously reported, nearly 1.6 million Apple-branded attacks against Mac users occurred in the first half of 2019. The typical attack involved sending an email to potential victims that claimed to have arrived directly from Apple. Users were asked to enter their username and password to correct issues with their billing data and other Apple-related information. Once data is entered into a fake website form, hackers are able to gain access to the user’s personal information.

Phishing attacks affect both individual users and businesses. Digital Information World noticed in March 2019 that mid-sized companies pay $1.6 million per year to combat phishing scams. It is estimated that phishing costs American businesses approximately $500 million per year.

According to Avanan, an enterprise AI cloud security firm, 1 in every 99 emails is a phishing attack.  Those attacks account for $1.3 billion in consumer losses per year.

Apple provides several simple tips for fighting against Malware.

Keep your Mac system and apps updated. You can check for software updates by clicking on the Apple icon at the top left corner of your Mac. Choose “About This Mac” and then click on “Software Update.” Immediately install all updates as they are made available. We also highly recommend clicking on the box next to “Automatically keep my Mac up to date.”

Only Install Apps From Official Sources. The Apple App Store or a company’s official websites are your best bet for avoiding malware. If you plan to download Adobe Premiere CC be sure to visit Adobe’s official website. As we’ve already discussed, there is still the possibility that a website may have been compromised. It’s less likely that the Apple App Store will be compromised to such a detrimental degree.

Back-Up Your Files Regularly. Apple recommends regularly backing up your files to a third-party source. These sources may include external hard drives or online storage solutions. If your computer comes under attack at least your files will remain available from other devices. If you choose to use an external drive, immediately disconnect after backing up your files to ensure the drive isn’t attacked.

Protect Your Browser

9to5Mac notes that a “vast majority of malware” is based on adware. “These fake apps do things like hijack browsers to display ads from hacker ad networks instead of the normal ads running on the sites visited. These can also change a browser’s homepage and the default search engine.”

At Airo we developed a free-to-install Chrome browser extension that monitors your browsing activity in real-time. Our software helps ensure that such adware attempts are thwarted along with various other malware attempts that target mac security standards.

Should You Be Worried?

The simple answer is that you should always be worried about your macOS security. Traditionally, Apple products have been attacked less frequently because of lower market share. However, that doesn’t mean they are not susceptible to attacks, especially as more consumers turn to Apple products as their go-to brand choice. As we saw with Patcher and KeRanger, everyone is at risk.

Thankfully, because macOS attacks are less frequent, the ability to monitor and fight off those attacks is also more simplistic. Our team at Airo has spent thousands of hours developing tools to protect your macOS installation and your Chrome browsing experience.

Make sure your macOS-based devices are monitored 24/7 because as we have learned, the next attack is most definitely just around the corner.


Subscribe to our blog

Get Airo

Try Airo AV and Airo Web Protection

Try Airo