#page

macOS MALWARE



KNOWN macOS MALWARE

The below list is not exhaustive and is meant to provide an overview of the most prevalent macOS malware impacting US victims. This page is updated regularly with new information.


WHAT IS macOS?

Mac OS is an operating system developed by Apple Inc. for its Macintosh family of personal computers from 1984 to 2001. It is based on technologies developed by NeXT - a company acquired by Apple - between 1985 and 1997. Each operating system version was named after big cats until version 10.9 - Mavericks, released in 2013. The first public beta version of Mac OS X - Kodiak, was released in September 2000, available for purchase at $29.95. In 2001, Apple released Mac OS X 10.0 - Cheetah, the first desktop version in March 2001. Apple later changed the operating system name from "Mac OS X" to simply "OS X" in 2012, and then to "macOS" in 2016.

The macOS global market share in January 2017 was 11.17 percent, compared to 3.68 percent in January 2009.

 

Image Source: StatCounter

 


ARE DEVICES RUNNING macOS IMMUNE TO MALWARE?

No. Though the majority of known malware targeting operating systems are made to exploit Microsoft Windows, devices running macOS are vulnerable as well. Furthermore, as macOS has become increasingly popular, more malware has been created to target macOS. More macOS malware was discovered in the second quarter of 2017 than in all of 2016.

The charts below illustrate the degree to which Mac-based malware has increased over the past two years alone:

Image Source: McAfee

Image Source: McAfee

Image Source: McAfee

Image Source: McAfee


WHAT ARE COMMON macOS INFECTION VECTORS?

  • Opening malicious email attachments.
  • Clicking on malicious links.
  • Visiting a compromised website.
  • Downloading pirated software.
  • Installing compromised antivirus software.
  • Using unpatched Adobe Flash Player.
  • Enabling Java’s browser extension.
  • Installing malicious or hijacked apps and browser extensions.


RECOMMENDATIONS TO MITIGATE macOS MALWARE THREATS

Lock Down Access to your macOS Device:

  • Keep your software patched with up-to-date security fixes.
  • Run antivirus software on your Mac.
  • Uninstall or disable any and all unusued and/or unnecessary apps.
  • Disable any and all unusued and/or unnecessary ports and protocols.
  • Disable Java if feasible – it consistently contains security issues.
    • If you must run Java, set to update automatically.
  • Disable Adobe Flash Player if feasible – it consistently contains security issues.
    • If you must run Adobe Flash Player, set to update automatically.
  • Use a strong password for all accounts, including your operating system access and home WiFi access.
  • Check for software updates often.
  • Don’t leave your computer unlocked and/or unattended.
  • Use VPN software.
  • Avoid illegal file sharing.
  • Establish a backup solution.

macOS Settings – System Preferences

  • Create a standard account (non-administrator) for everyday activities.
  • Turn on firewall.
  • Set a password for your account, requiring the password after the device has gone into sleep mode or screen saver with a time to sleep as short as feasible, and disable automatic login.
  • Set Gatekeeper to only allow apps downloaded from the Mac App Store.
  • Turn on FileVault to encrypt the data on your disk.
  • Only turn location services on for apps that require it.
  • Adjust Safari privacy settings to prevent the browser from storing usernames and passwords.
  • Disable screen, printer, Bluetooth, internet and file sharing if unnecessary.
  • Disable remote login and management if unnecessary.
  • Apply a firmware password to ensure a password is required if anyone tries to boot your device in a non-standard way, such as via USB drive or the Recovery Console.
  • Audit your Security & Privacy settings periodically to ensure maximum security.
  • Enable parental controls for young users.


REPORTING

If you or your organization is the victim of macOS Malware, please contact a Cyber Liaison Officer at njccic@cyber.nj.gov.