Apple started making computers in 1976, long before they became common in most households in the developed world.
For decades, Mac users believed their computers were immune to viruses. It’s a claim that Apple expressed loudly until they doubled down on announcing in 2012 that “we don’t get PC viruses.”
The statement might have been true until Apple decided to taunt hackers worldwide with their claim. While it’s true that Macs don’t get most PC viruses, it inspired those bad actors to create an entirely new digital species of viruses and malware targeted directly at macOS.
Today, Mac users are just as vulnerable to virus and malware attacks as Windows users. Let’s take a peek at the most common malware attacks on Macs.
Security Through Minority
Until Apple kicked the hornet’s nest by claiming their devices were virus-proof, Mac users enjoyed security through minority. Hackers didn’t bother targeting Mac computers because they made up such a small portion of the digital population. Even in 2018, Mac users represented less than 9% of the market.
Attacks on Macs weren’t scalable the way they were on Windows computers. They still aren’t as popular as attacks on computers running Windows, but Mac doesn’t have the benefit of obscurity being its sole protection anymore.
1. Operation ElectroRAT
The lack of scalability in Mac malware attacks might have been a challenge for hackers in the past, but a new trend is appearing in the form of cross-platform malware.
Operation ElectroRAT is a remote-access trojan virus app targeting Windows cryptocurrency users since early 2020. The goal was to get users to install the infected app under the guise of a tool for trading and managing their crypto wallets. Using the GO programming language, ElectroRAT can target macOS, Windows, and even Linux computers.
2. OSAMiner
Sometimes the most accessible place for a malware attack to hide is in plain sight, especially on macOS.
OSAMiner is a malware program that’s been around for about five years. It targets Mac users in Asia by installing a hidden cryptocurrency miner and hiding its operations behind run-only AppleScripts. The virus avoids detection by amending its file names with “.com.apple.” It’s a clever tactic and one that can be easy to overlook for the average Mac user.
3. UpdateAgent/Silver Toucan/WizardUpdate
Apple uses Gatekeeper and its Notarization check to help protect Mac users from installing malicious software on their machines. Companies hoping to publish software that runs on macOS must get their software notarized. But what happens when hackers do the same thing?
This adload dropper – a combination of adware and bundleware loaders – managed to get all its packages notarized, allowing the malware to bypass Apple’s safety protocols altogether. Unfortunately, the trick to avoiding the notarization is deceptively simple and anyone can find step-by-step instructions on Twitter and other social media websites.
4. XcodeSpy
Apple’s Xcode is a valuable tool for anyone trying to develop an app for iPhones or other Apple devices. Unfortunately, it’s also provided a way in for hackers attempting to steal information from Mac users.
XcodeSpy is a trojanized version of the Xcode tool. Once introduced into a Mac system, it allows hackers to record data from the user’s mic, webcam, and keyboard. Like some other malware attacks, XcodeSpy tries to disguise itself as a system process to avoid detection.
5. Silver Sparrow
Silver Sparrow is malware that users may still encounter during their internet explorations, but Red Canary discovered it before it could do much damage.
The reason it’s included is its unique infection method. Silver Sparrow would likely have been a delivery mechanism for pay-per-install adware. The malware launches bash commands via JavaScript during the installation process, tricking the computer into installing the adware alongside the legitimate installations.
6. XLoader
XLoader is a malware-as-a-service program first spotted by CheckPoint in July 2021. Once installed, it acts as a keylogger and info stealer, exploiting Java installs on Macs to steal login information and other private data.
These installs are not as typical as they used to be, save for a few legacy programs or people who use their Macs to play Minecraft. The malware uses hidden artifacts to evade the computer’s antivirus program and works by dropping a Mach-O executable in the computer’s Home folder.
7. WildPressure
Kaspersky spotted WildPressure in July 2021. This malware is another cross-platform trojan similar to ElectroRAT, but instead of relying on GOlang, WildPressure uses a Python file as a launching platform. Similar to OSAMiner, it uses .com.apple tags to hide from antivirus programs.
Unlike the other malware applications listed here, WildPressure appears to be an APT – advanced persistent threat – targeted at entities in the Middle East. The ATP tag is primarily used to identify state-sponsored or state-run cyber-espionage operations. The goal of an APT is for the program to make its way into the target system and stay there for as long as possible without being detected.
8. OSX.Zuru
It seems that not even sponsored links are safe for protecting a macOS system from malware. In September 2021, a user noticed that sponsored links in the Baidu search engine were infected with malware.
Users found themselves contending with a trojanized version of the iTerm2 program, with the same code later found in trojanized versions of Microsoft’s Remote Desktop program and some others.
Many of the malware features are common, but it is the first instance of using sponsored web searches as a tool for delivering malware.
Staying Safe in 2022
Contrary to the formerly popular belief, Macs are not virus-proof. As cross-platform malware becomes more common, users will need to take additional precautions to protect themselves from hackers and other bad actors looking to steal their information, money, or processing power.
Be cautious when browsing the internet and always use common sense when clicking untrusted links or unsolicited email attachments.
Don’t just rely on Apple’s Gateway or Notarization to ensure that a program is safe to install. They aren’t always 100% accurate, especially as hackers discover new ways to use the system to their advantage and new vulnerabilities to exploit.
Install antivirus and anti-malware programs and keep them up to date. There are tools available for both Mac and Windows users to protect their equipment and information.