Apple

MacOS – malware, security flaws, and viruses

In spite of Apple’s prolonged efforts into making the Mac impossible to crack, there are still plenty of malware out there that can really mess things up. The good thing is these viruses aren’t just roaming on the internet like that.

Moreover, it seems like the majority of malware is directed towards Windows machines. For example, the WannaCry/WannaCrypt ransomware that crippled NHS in 2017 was ineffective against Macs.

While the popular multinational company has developed multiple layers of security for this platform, the Mac is still far away from being completely impregnable to attacks.

Next, we’re going to see the specific malware and viruses that are commonly directed against the macOS.

CookieMiner

This cryptocurrency virus was uncovered at the end of January 2019. From what the researchers were able to figure out, this malware stole the credentials of many users who used crypto-wallets on Chrome.

Moreover, it was able to piece together various information to get to the username and password. Authentication cookies, iTunes backups, text messages, they all contained breadcrumbs that could lead to a user’s crypto-credentials, and CookieMiner saw through it all.

Unit 42, the team of researchers who found it warned Mac users to clear their browser caches after logging in to their financial accounts. And since this virus operates solely on Google Chrome, they recommend Mac users to change their browser.

Mac Auto Fixer

While not exactly malware per se, the Mac Auto Fixer caused plenty of trouble to Mac users by installing bundles of software if it somehow got into your system. It was a Potentially Unwanted Program, to be more specific.

It was discovered in August 2018.

Mshelper

Another invasive virus targeted at Mac users was Mshelper, a crypto miner by itself that hogged a lot of resources once it got into your system. Mac users noticed that their fans were spinning much faster and their devices were hotter than usual, a sign the virus consumed a lot of resources.

X-agent

This one is quite a piece of work, originally created by APT28, a cybercrime group that targeted the Ukrainian military. However, it quickly spread to the rest of the Mac users who had their passwords stolen. 

Moreover, the virus would also take random screenshots at very specific times with the login information, and it would take over iPhone backups stored on your Mac.

MacDownloader

This one comes in the package of a fake Adobe Flash update. Once you run the installer, an alert will pop up telling you there is adware on your Mac.

Once you try to “remove” the adware and enter your credentials, the MacDownloader will start sending your Keychain to an anonymous server.

Your Keychain is made up of usernames, passwords, PINs, credit card numbers, and all other login information you might have stored on your Mac.

This took the world by surprise in 2017, but there is no more danger now since the remote server that the malware connected to is now shut down.

If you don’t want to get infected with similar malware, just check beforehand if your Adobe apps need any updates by visiting the official Adobe Site.

Apple took its own measures to put a stop to this flood of Adobe-targeted viruses by stopping Flash from being run by default.

OSX/Pirrit

This is yet another virus that installs loads of other software on your Mac if it manages to get root privileges. Which it does eventually. In 2016 when it was discovered, it was hidden in cracked versions of Microsoft Office or Adobe Photoshop.

Crossrider, aka OSX/Shlayer

Another virus that’s glued on the back of an Adobe Flash Player installed, the Crossrider, or OSX/Shlayer malware will install a copy of Advanced Mac Cleaner on your device which says you have problems with your system. In Siri’s voice, moreover.

Removing Advanced Mac Cleaner and its components solves nothing since Safari’s homepage will be stuck on a Crossrider-related domain, which you can’t change no matter what.

Malwarebytes found out that this was caused by a configuration profile installed by the virus in your system.

Most security agencies and malware experts say that 99% of Adobe Flash Player-related notifications are scams. Whenever you see one in your browser, close the webpage, cut your internet cord, close your Mac, pour gasoline on it, light a match and burn it.

All jokes aside, just make sure to check the official Adobe site if you think your system needs some updates. Otherwise, don’t install it from a third-party source.

OSX/MaMi

OSX/MaMi made its appearance in 2018 when a Malwarebytes forum user reported it.

What it does is reroute your traffic through some malicious servers that will automatically comb your system and search for any sensitive information.

The first step is the creation of a new root certificate that will help with the interception of encrypted communications. Once this process is finished, hackers can perform man-in-the-middle attacks whenever they wish.

Fortunately, we have the addresses of those malicious servers, so you can avoid this malware. They are:

  • 82.163.143.135
  • 82.163.142.137

Remember that antiviruses aren’t able to pick up the OSX/MaMi yet, but a good firewall might be good enough.

Fruitfly

This malware has quite a history behind it. When it was uncovered in 2017, the report said that Fruitfly had been conducting surveillance on specific networks for two years.

The virus will take screenshots, collect webcam images, and search your Mac for any information about devices connected to the same network. 

However, since Apple has fully released its Gatekeeper, the XProtect file, 99% of all malware will be found out almost immediately. This is because any Apple device contains a firewall which is embedded with all the malware definitions that are currently known.

Any time you download a new app, the firewall inspects it and compares the data with its database, including those definitions. 

Still, who knows how many malware viruses weren’t discovered yet? Macs are still in danger, that much is clear.

Leave a Comment

Your email address will not be published. Required fields are marked *