There’s no denying the fact that macOS is a masterpiece in terms of security compared to Windows.
The official App Store is an amazingly safe place to get the software from, plus the built-in Gatekeeper feature identifies suspicious apps you may download from other sources and keeps them at bay.
All in all, Macs seem to be well protected from multiple angles, and that’s one of the perks that has traditionally motivated users to choose MacBooks and iMacs over PCs.
However, things have changed over time, and thinking that Macs are bulletproof is now a fallacy.
Cybercriminals follow the trends, so the growing popularity of Apple computers has incentivized them to extend their repertoire and come up with ways to circumvent the robust defenses macOS ships with.
A number of malware outbreaks that took place over the past few years have debunked the myth about invulnerable Macs.
Social Engineering, the Prevalent Infection Vector
Whereas compromising Mac machines via imperfections of the operating system or hardware is easier said than done, humans are the low-hanging fruit the crooks choose to focus on.
A vast majority of virus attacks take advantage of users’ gullibility and lack of security competence.
Many harmful apps are masqueraded as something benign that the would-be victims are duped into downloading to address various issues.
Scareware is a classic example. While surfing the web, you may click on an eye-catching ad that leads to a fake alert site reporting severe viruses and recommending a pseudo antivirus tool to get rid of these threats.
The installation may be accompanied by an Apple ID and password request.
The next thing you know, a phony system scan claims to detect numerous security and performance problems.
The goal is to fool you into purchasing the license for the “cleanup”.
Once the malefactors get hold of the admin credentials and credit card details, they may use this information to perpetrate financial frauds and contaminate the Mac with more malware.
Bundling is another common social engineering technique in cybercriminals’ toolkit, where multi-component installation clients covertly push malicious applications alongside harmless ones.
The presence of unwanted extra items is deliberately concealed from the users underneath the default setup option.
This is the way most Mac adware programs are distributed.
Notorious Mac Viruses – How They Work
The Mac threat landscape is currently dominated by rogue system utilities and adware doing the rounds through the above-mentioned techniques.
Cryptocurrency stealers and ransomware are less common, but they are gearing up for a rise.
Let’s take a dive into the modus operandi of the specific strains that target Macs the most.
The Advanced Mac Cleaner lineage
This one has been plaguing Mac computers on a massive scale for years.
It is a fake security and optimization app that uses a scare tactic to hoodwink victims into buying the licensed version.
The Advanced Mac Cleaner family has spawned a number of spinoffs that exhibit the same abominable functionality, including Mac Auto Fixer, Mac Cleanup Pro, Cleanup My Mac, and TuneupMyMac.
The propagation of this culprit and its clones relies on the activity of a virus codenamed OSX/Shlayer, or Crossrider.
This offending entity uses bogus Adobe Flash Player installers to pollute Macs. When inside, it pulls in the scareware that recurrently displays counterfeit system scans and alerts reporting a bevy of security, privacy and memory issues.
The trick is that the purported fix won’t take effect unless the user pays for a subscription.
Bing Redirect Virus
The malicious app that forwards victims’ web searches to Bing has seen a rapid spike in 2019.
It bolsters a large-scale Internet traffic interception and monetization campaign.
Technically, the infection is a persistent plugin that modifies one’s default browser settings without permission and causes annoying redirects to Bing via a series of intermediary URLs affiliated with dubious ad networks.
OSX/MaMi
This advanced sample hijacks a Mac user’s DNS records to perform MITM (man-in-the-middle) attacks, facilitate phishing scams, and inject sponsored information into the visited web pages.
It also installs a dodgy root certificate to tamper with HTTPS requests without raising red flags.
This combo of malicious characteristics allows OSX/MaMi to spy on the victim’s online activity and embed ads into any site, even a secure one.
KeRanger
KeRanger is a file-encrypting ransomware infection targeting Macs.
It is distributed by means of booby-trapped software, such as popular BitTorrent clients compromised by the attackers.
KeRanger leverages asymmetric RSA cryptosystem to lock down a victim’s personal data and drops ransom notes into encrypted folders, demanding up to 1 BTC for the recovery.
CookieMiner
The Mac malware dubbed CookieMiner pilfers browser cookies related to cryptocurrency exchanges and wallet services. It also intercepts iPhone text messages backed up to a victim’s iTunes storage.
The objective of this shady reconnaissance is to bypass two-factor authentication for the targeted websites and impersonate the victim to initiate cryptocurrency transactions.
Identifying and Removing Mac Viruses
Most Mac viruses signal their presence in a fairly straightforward way. A slew of alerts and systems scans are a telltale sign of a scareware attack.
Adware injects redundant ads into web pages or forcibly redirects the browser to unwanted sites.
Ransomware denies access to personal files and leaves ransom notes.
Any of these symptoms, if encountered, should be a wakeup call for you to take immediate action.
To get rid of a Mac infection, the first thing on your to-do list is to open the Activity Monitor and quit the malicious process.
Next, open the ‘Applications’ and ‘/Library/LaunchAgents’ folders in turn, find the potentially harmful entries there, and send them to the Trash. Finally, go to the ‘Login Items’ under ‘Accounts’ and remove the culprit from the list of Mac startup processes.
In a browser hijack scenario, you should additionally reset the settings for the affected browser.
Although there’s a great deal of skepticism regarding the efficiency of Mac antivirus solutions, there are effective tools that can protect your system in real time and eradicate most viruses.
Malwarebytes for Mac is an example of a security app worth its salt.
Protection Tips
A rule of thumb is to exercise caution when surfing the web.
Do not fall for alerts on sites that say you are badly infected or recommend an urgent software update.
Once again, most Mac virus campaigns cash in on a human error, so you should treat suspicious offers like that with some reasonable paranoia.
When downloading and installing software from sources other than the App Store, select the custom setup option and make sure there are no sketchy items in the bundle.
Also, keep the operating system and third-party apps up to date to prevent cybercrooks from exploiting known vulnerabilities, such as the infamous Meltdown and Spectre CPU bugs.
Summary
So, do Macs get viruses? Absolutely.
To top it off, they are becoming increasingly prolific and sophisticated.
The only good news is that Mac computers aren’t as heavily targeted as PCs so far, and yet the trend is disconcerting.
The viruses listed above are just the tip of the iceberg and there are actually many more in rotation, but they have given the community a heads-up about the growing threat.
In the meanwhile, let’s face it: Macs are susceptible to malware, and the only way to fend it off is to be a moving target.
Update your software, use the best VPN and other security software, do not click on suspicious links and email attachments, and make backups as often as possible.
