Attacks/Breaches
4/7/2017
07:20 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Apple Mac OS Malware Spiked in Q4

Malware samples sharply increased for Mac OS devices in Q4 2016 as threat actors expand their targets outside Windows PCs, new McAfee report says.

Mac OS malware increased by 247% in the fourth quarter of 2016, according to a new report by McAfee Labs.

The dramatic increase in Apple Mac OS malware samples went from 50,000 in Q3 2016 to about 320,000 in Q4.  

McAfee Labs VP Vincent Weafer says the increase can be partially attributed to hackers setting their sights beyond Windows targets. More people are using multi-platform environments in their homes and businesses, he explains, and attackers are taking advantage.

"The more that happens, the more hackers will ensure their attacks work on various systems," he says. "It's a natural extension of how they look at the market and their victims."

Cybercriminals are expanding their campaigns onto other platforms, going from Windows to Mac OS, iOS, and Android. While PCs remain the target of choice for large attack campaigns, the report shows that they are using the same types of attacks on a smaller scale for different platforms.

(Image: McAfee Labs)

(Image: McAfee Labs)

"No platform is immune to attackers," Weafer  says. "Attackers are taking the time to make their threats multi-platform."

The biggest driver behind the 247% growth in Mac OS malware was OSX/Bundlore, Weafer says. Bundlore is an installer that combines legitimate apps with offers for third-party apps users may not want. These third-party apps are usually installed by default but may present an "opt-out" option following installation.

Much of the Mac OS malware variants follow patterns similar to malware on PCs. Attackers are going after credentials, banking information, and access into organizations. They're using misleading applications, remote access programs, info stealers, and ransomware, which saw a large expansion onto Mac platforms last year as well, he says.

Weafer notes the dramatic growth is related to the relatively small number of Mac devices. There are hundreds of thousands of new instances of Mac OS malware, but there are tens of millions on the PC side.

"In general, you see more spikes when you have lower numbers," he notes. The Q4 spike in Mac OS malware peaked at about 320,000, which equates to about 1.3% of the Windows volume.

The higher numbers from Q4 will likely go down, Weafer continues. This dramatic spike is short-term but malware is increasing overall, year-over-year, with more attacks on Macs, PCs, Android, and iOS.

Malware will continue to increase as the IoT grows and more devices, including cameras and drones, enter the mix. "We're living in a multi-platform, cloud environment and we need to think about the security of all these systems," he emphasizes.

The Mac OS malware spike doesn't mean Mac-heavy businesses should be rethinking their strategies, Weafer continues. Basic security principles are still key and standard precautions should be in place: implementing security software, paying attention to app updates, knowing where data is located, and protecting it with strong and unique passwords.

McAfee's report also includes insight on Mirai, the botnet that exploited poorly secured IoT devices in October 2016 to launch the largest-ever DDoS attack. In the six months since then, Mirai has infected about 2.5 million IoT devices, McAfee discovered. About five IP addresses are added to Mirai botnets every minute.

Researchers also discussed drivers behind the rise in intelligence-sharing. In general, businesses have been working individually as attackers use open collaboration sharing. Now they are trying to talk and share intelligence as they solve problems.

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.