16 years ago, Mac OS X came to light for the first time. For $129, the then new operating system promised stable, open source and UNIX based experience. As the years passed and the novelty of the version along with them, its security has become one of its most often named features, convincing many Mac users their machine is almost invincible. This was a fantasy that was spread by mac evangelists and Apple Store staff alike – the myth that Apple Macs didn’t have to worry about viruses is simply not reality.
Times have changed and so has malware, which has gradually been adding OS-X to its targets. Looking at last year alone, ransomware, data stealers and backdoors have all penetrated the once thought to be impenetrable security and claimed thousands of victims, despite them running on what they thought was a ‘safe environment’.
In March of 2016, OSX/KeRanger malware appeard up on the radar after infiltrating a single version of legitimate BitTorrent client Transmission. Signed with a legitimate developer certificate, this fully functional crypto-ransomware targeted easy prey – victims who had no security solution in place. Despite being discovered in a matter of hours, KeRanger was able to infect thousands of Mac users. It can and does spread among those who have no anti-malware protection on their Macs.
In February 2017, another type of ransomware – OSX/Filecoder.E – was caught spreading via BitTorrent distribution sites, masqueraded as “Patcher”, an application used for pirating popular software. If a victim downloaded and launched the infected zip file, it took only one click to get the files on their machine encrypted.
OSX/Komplex belonged to a different malware group. It was one of the malicious tools used by a cybercriminal group called Sednit (aka Sofacy). With just three steps it was able to distract the victim and drop an executable in the system, which was guaranteed to be executed at every system start and would finally open a communication channel with the attackers, giving them full access to the compromised computer.
The various Mac OS-X malware cases we’ve seen over the last few years prove that no matter which operating system a user chooses, the concept of 100% security simply doesn’t exist – and that also Mac is of growing interest to malware writers.