The Amount of Malware on Mac Attacks is Getting Worse Every Year

Posts by: Carl Jack

Malware on Macs and virus threats have increased dramatically over recent years and that's not something we can ignore anymore. A Mac computer costs in access of $1000 and they can be seriously damaged by malicious cyber criminals. Don't throw your cash in the trash, learn about the new emerging risks to your Mac and how you can protect yourself today.

malware on mac four mac warnings

As a Mac user, you probably already know that your hardware and software are said to be the best in the market. You can run multiple apps simultaneously and still enjoy a smooth and flawless experience, backup your files easily, and have many more advantages over your PC-using friends. That being said, there is one area in which Mac computers do not have an advantage anymore, and we're talking about security. Macs have always enjoyed a reputation as being malware-free, but that's no longer the case. Malware targeting Mac has grown by hundreds of percent over the past 5 years. Today, Mac users are unable to rest on their laurels anymore and need to take some serious steps to secure their computers.

Below you'd find everything you need to know on the growing threats of malware and viruses on Mac products. Some malware caused Mac users to spend thousands of dollars while others were serious threats to national security, but don't worry, help is on its way.

Dark History of Mac's Malware

Historically, Mac enthusiasts had always thought their devices were immune to any type of cyber attack or malware that Windows users suffer from. Apple itself even reassured its customers with a series of commercials that were aired in 2006, which stated that Macs "don't get viruses."

The first ever large-scale computer virus outbreak targeted an Apple computer and was created by a 15-year-old high school student. The second serious virus for Mac computers appeared in 1987 and remained a problem until 1991! If you consider that these emerged prior to any PC malware, you could say that when it comes to Mac security, Apple didn't have such a dazzling beginning at all.

While in the 2000's Macs were more secure than Windows computers and had significantly less malware and virus risks, nowadays they are closing the gap quickly, and some professionals even claim that Macs are now more vulnerable to viruses and attacks than Windows PCs. Since 2015, malware threats targeting Mac computers have increased in more than 1000%, largely due to new internet-based malware and ransomware.

The first ever large-scale computer virus outbreak targeted an Apple computer and was created by a 15-year-old high school student.

Check out the chart below to view the huge rise in Mac malware throughout recent years. You can see that the total macOS malware in the first two quarters of 2018 have already surpassed the total number of Mac malware in 2016.

Did you know that a simple-looking Apple tech support email turned out to be a phishing scam that blackmailed thousands of dollars from innocent Mac users? Read on to see the full story and how it ended.

Worst Mac Malware of All Times & How to Fight Them

As mentioned before, Mac malware was rarer than that in Windows, however; when it hit Mac computers, it hit hard. Here are some examples of the worst malware that targeted Macs in the last years.

  • - OSX/MaMi – emerged on January 2018 and infected several thousand of Mac computers. It was designed to allow an individual to view Mac's internet traffic, as well as to perform a variety of malicious actions on the victim's computer, such as taking screenshots, execute commands, and download and upload files.
    To this point, most of the malware scanners can't detect OSX/MaMi, but a firewall, which is included in many decent Antivirus, can block the malicious traffic.

  • - OSX/Dok – a macOS trojan horse that appeared in April 2017 and was detected by CheckPoint Software Technologies' security analysts. This malware appeared to be able to bypass Apple's protections and could hijack all traffic entering and leaving a Mac without the user even noticing it. It was targeting OSX users via an email phishing campaign, so the best way to avoid being infected by it is not respond to emails that ask you for your password/username or to install something.

  • - MacDownloader – this malware is thought to be created by Iranian hackers and was targeting the U.S. defense industry. It was hiding in a fake update to Adobe Flash and once it was clicked, you'd get an alert claiming that there's an adware on your Mac. Then, you would be asked to remove the adware, and when you enter your Mac password, the MacDownloader would attempt to access your personal information and sent it to a remote server.
    You could tell that Adobe Flash update was fake if you'd enter Adobe's website and see that there isn't any update available.

  • - KeRanger – appeared on March 2016 and considered the first ever ransomware that hit Mac users. The KeRanger malicious file snuck his way onto one of the Transmission (BitTorrent client) 2.90 updates that were available on March 4th-5th, 2016. If you were unlucky and ran this update, you would also evoke the KeRanger ransomware. Once activated, KeRanger would begin encrypting certain files and documents on your Mac. After the encryption process is done, KeRanger ransomware demands that the victim pay one bitcoin (approx. $6400) to a specific remote address. If you don't pay, you will never get access to the files and documents encrypted by the ransomware ever again.
    Since then, antivirus signatures were updated, and Transmission Project has removed the malicious installers from their site, so this ransomware can't find its way to your Mac anymore.

  • - Safari-get – a sophisticated attack that began targeting Macs in 2016. The malware was hidden behind a seemingly legit tech support email that if you click on it, the malware would enter your system. If you ran macOS 10 or 11, the malware could affect you in two ways: create multiple forced draft emails or open iTunes multiple times. The end goal was the same – overload your system memory and make you call the fake Apple tech support number that appears in the malicious email link. There, fraudulent "representatives" would trick you to hand over your credit card details.
    MacOS High Sierra versions 10.12.2 and above include a patch that fixes this vulnerability. If you run macOS 10 or 11, you should update your system as soon as possible.

Check out the chart below to see the most common attack vectors in 2017-2018.

malware on mac chart

According to McAfee Labs data, 2018

Apple's Malware Protections – Why It's Not Enough

Apple uses several security measures on its macOS, which comes with built-in (yet not sufficient) malware detectors. This security programs include:

  • - Gatekeeper: Appeared on 2012 and its purpose is to only allow the installation of apps from the Mac App Store and its identified developers who have a digital signature. There are two problems with Gatekeeper. First, only a small fee is required from developers who want to register and get a code signature for their app. So, money is not a problem for attackers who want to sneak their malicious app into the Mac App Store. Secondly, on October 2018, a security researcher presented a security concern related to Gatekeeper. Once an app or a program passed Gatekeeper's code signature check and was installed, macOS would never re-check it again. This security breach means that attackers who purchase an authentic certificate from Apple can trick Mac users into installing their malicious program and then infect other files on your system. For more insights regarding this security issue, read our full article here (link to the article).

  • - Xprotect: Added to macOS in 2009. Its goal is to prevent malware from being opened on your Mac, but only if it carries a known signature of malware. In the ever-changing world of malware, this app must be constantly updated to keep blocking malware properly, and the problem is that there were cases in which Xprotect lagged with the updates. Thus, if you only rely on this program, you could put yourself at risk.

  • - File Quarantine: Emerged on 2007, acts as an alert system on your Mac. When you download an application from the Internet, macOS places it in "quarantine" until you authorize it. This is intended to prevent you from accidentally running software that may be disguised as something else. But Quarantine can't protect your Mac from executable programs that download and launch by exploiting vulnerabilities in your browser.

KeRanger ransomware demands that the victim pay one bitcoin (approx. $6400) to a specific remote address. If you don't pay, you will never get access to the files and documents encrypted by the ransomware ever again.

In conclusion, the programs above may provide an initial layer of defense for your Mac, but they're not enough. To increase the level of protection, you need to utilize an elite Antivirus software in addition to these programs. We recently gathered the best Antivirus software for Macs and compared their features. Check out the Mac comparison page for more info!

How to Know If Your Mac Is Infected

There are few warning signs that could imply that your Mac is infected with malicious software. As Mac computers usually don't have sudden hardware or performance issues (something that Windows PC users can't say), it's not so hard to identify that there's something wrong with your Mac. Here are several warning signs that should get your attention:

  • - Your Mac suddenly starts running slowly or apps lag more than they usually do.

  • - You find apps or browser toolbars you've never installed

  • - Many webpages are loaded with ads and banners, especially sites that never had them before.

  • - You get constantly redirected to random spam advertising pages

You can make your Mac computer much more secured in less than 10 minutes. Read the steps below to learn how to do that quickly!

How to Secure Your Mac

You didn't pay for one of the best computers on the market for it to be destroyed by malicious attackers or viruses. CyberCraig is here to make sure it doesn't happen to you or at least to minimize the odds of getting infected by malware significantly.

Follow these steps to keep your Mac safe and secured:

  • - Turn on the firewall on your Mac as it's not enabled by default. This could be done through Security & Privacy settings on your Mac. Note that this firewall offers only limited protection from malware as it shields you from inbound traffic but not from outbound, such as apps and services that initiate connections.

  • - Set login passwords, especially of you work in an office or with other people. You also can set the password timing, ranging from immediate moment to several hours.

  • - Allow apps downloaded from App Store only. Access this option through the General tab in the Security & Privacy settings.

  • - Turn on FileVault, which enables you to encrypt all the files in your user account. To decrypt them, you'll need to enter your account password, or a recovery key provided by FileVault.

  • - Never click a link in an email from an unknown sender. Phishing attempts via emails have become very common in the last years and they can catch anyone if they're not careful enough.

  • - Keep your browser up to date as often these updates include security features designed to keep you safe from malware. Note that Safari updates are installed with macOS updates, while other browsers, such as Chrome and Firefox, will alert you when a newer version is available.

  • - Backup your Mac regularly as it allows you to restore your data from that backup in case that malware causes serious damage to your system.

  • - Scan for malware using a decent Antivirus software. We know there are some free options available but note that they are not efficient enough at best, and can even harm your Mac at worst, like the infamous MacKeeper, which many users reported being almost impossible to uninstall and affected their Mac's performance.

  • - Use a VPN service, which encrypts all your data and blocks anyone from snooping on you while you browse the web. There are many companies that offer VPN services via monthly subscription fees. Additionally, there are several Antivirus companies that include a built-in VPN on their premium products, so it's worth checking them especially of you're already planning to get an Antivirus software. We think it's a shame to pay twice for both of these services, when you can get two for one price.