Most Apple Mac owners believe their computers are immune to viruses and malware. Even Apple has run advertising campaigns promising that its computers “don’t get viruses”. Those who have owned a Mac for years, decades even, are particularly prone to believing that it indeed the case – after all, nothing has happened to them yet! Regrettably, Macs do get viruses and the threat is getting even larger.
For a long time, the argument was that cybercriminals didn’t bother to develop Mac viruses as there were not enough users to justify the effort. Instead, they turned their attention to PCs running Windows.
Over time though Apple’s market share has risen and it is increasingly common to see Macs in the workplace (especially in creative industries). Plus, there is a widespread assumption that Mac users are a smart target as they are likely to be better off and have higher incomes. So, while Mac computers themselves remain a harder to infect target (as installing most software requires a password), there is often a greater payoff.
Research shows that the Apple platform is getter more attacks and malware. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016!
Finding Apple’s Weak Spots
It is now obvious that malware creators are no longer steering clear and are actively looking for ways to exploit Macs.
A common approach is to use Trojans (named after a famous historical story where a wooden horse was used as a gift but actually hid an army), Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and this then opens the gate to the cybercriminal.
In 2011, a Trojan called “Mac Defender” took advantage of Mac users desire to protect their computers. The fake program appeared to be anti-virus software but once the users installed it, they would get an onslaught of pop-up ads encouraging them to buy more fake software.
Trojans get through the gates because you let your guard down. The may pretend to be:
- a note from a long-lost friend.
- a picture of that famous celebrity.
- a free game or application.
- a free or cheap item or gift voucher that is available.
- an email from a friend or colleague but the spelling, grammar and / or content of the email doesn’t look to match the person they are pretending to be.
All it takes to stop this type of attack is to be suspicion of everything you might install or download.
A business needs to educate its employees and staff about the importance of:
- clicking on emails and attachments with care.
- validating the source of any files they plan to open.
- checking a website’s URL (being especially wary of those with less common endings such as .cc or .co).
- questioning any promises of cheap items that are 90% off.
A new threat comes from within the Mac App Store. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Thomas Reed (a Mac security researcher) found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.
Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe and you also should look at installing an antivirus or security program on your Mac.
If you are a business located in or around Adelaide, South Australia and want to find out what you can do to protect your Macs, contact us on 08 8326 4364 or firstname.lastname@example.org!