Reg comments49

MacBooks are so hot right now. And so is Mac OS X malware

5 times as much of it... though cyberthugs unsophisticated

Mac malware

There’s been an unprecedented rise in Mac OS X malware this year, according to security researchers at Bit9 + Carbon Black, with the number of samples found in 2015 being five times that seen in the previous five years combined.

This year, there have been 948 OS X malware samples, compared with 180 in the years 2011-14 inclusive.

Cybercriminals have stepped up their efforts to hack Apple devices because MacBooks are rising in popularity, both in homes and the workplace. Nearly half of organisations (45 per cent) are offering Macs as an option to their employees, according to stats cited by Bit9 + Carbon Black.

OS X vulnerabilities and malware have grabbed the security community’s attention this year. One example is XcodeGhost, which inserts malicious components into applications made with Xcode (Apple’s official tool for developing IOS and OS apps).

Additionally, it has emerged that OS X El Capitan, which launched in September, contains serious vulnerabilities in its Gatekeeper and Keychain features.

Flashback – the biggest Mac infection vector to date, which infected 700,000 devices on the back of a Java-based vulnerability – struck in 2012. What we’re getting this year is therefore a higher volume of less infectious nasties.

Malware authors targeting Macs are using OS X-specific mechanisms, rather than typical UNIX persistence methods commonly present in traditional malware samples, according to the security software vendor.

Hackers are adopting a targeted approach to Mac OS X systems, undermining the comforting notion that Macs are much more secure than their Windows counterparts in the process.

There may be a far greater volume of Apple-biting nasties this year but Mac OS X malware still isn’t that sophisticated. More than 90 per cent of the malware samples from 2015 analysed by Bit9 + Carbon Black were found to use an old load command that became redundant with the launch of OS X 10.8 in 2012.

Malware authors failed to begin using Apple’s new load command until 2014, and even then it was found in only a tiny percentage of malware samples.

Whilst there are 13 documented persistence techniques used by malware to remain on the targeted system, the research identified that just seven were present in the vast majority of OS X malware samples examined. This lack of variation gives threat detection teams an easier ride, as there are fewer places they need to check for malware in comparison with Windows systems.

The report (registration required), 2015 – The Most Prolific Year in History for OS X Malware, is based on over 1,400 unique OS X malware samples, aggregated over ten weeks from independent research efforts, open sources, real-world Mac OS X incident response experience, peer research, black lists, and contagion malware dumps amongst other sources.

By comparison there have been more than one million samples of Android malware to date. Vendors largely stopped counting Windows nasties years ago, but where estimates exist, numbers exceed 20 million even on the more conservative counts. ®

Bootnote

Persistence means that malware stays on compromised systems after a reboot, a key goal for malware slingers whichever computing platform their creations infect.

Sign up to our Newsletter

Get IT in your inbox daily

Biting the hand that feeds IT © 1998–2017