With a rising market share, macOS devices are increasingly being targeted by cybercrime gangs. Intel 471, a cyber threat intelligence company, has observed more than 40 threat actors interested in malware and other exploits.
Since last year, at least 21 actors have been interested in acquiring malware for macOS, with some looking for services to distribute already-existing malware. The same amount of threat actors have already been targeting macOS users.
To Intel 471, this suggests that “actors increasingly are attempting to target Apple devices.”
The rise is attributed to higher adoption of Apple devices, especially in small and medium-sized enterprises.
“Despite the high quality of Apple products, they are not infallible. Mac users should stay vigilant for a variety of threats as actors increasingly explore new and more sophisticated ways to infiltrate their systems,” the report warns.
Patrick Wardle, the creator of the Mac security website and tool suite Objective-See, also noted that the new macOS malware doubled in 2023 compared to 2022. The Group-IB cybersecurity firm saw a fivefold increase in underground sales related to macOS infostealers.
The most common malware on Macs is infostealers, designed to collect login credentials, session cookies, and other sensitive information. Criminals sell collected data in batches on illicit forums.
“We have observed some threat actors conducting research on the demand for macOS stealer,” Intel 471 said in a report.
In May 2023, they observed a threat actor under the moniker “Callisto,” asking if users were interested in “a stealer with RedLine functionality targeting macOS systems,” seeking thoughts on features and pricing. RedLine malware harvests information from browsers, such as credentials, autocomplete forms, and credit card information. It was one of the most frequently downloaded malware in 2023.
Other popular malware-as-a-service families, such as Atomic Stealer and ShadowVault, were offered online by other threat actors. Their functionalities also include draining cryptocurrency wallets.
Ransomware on macOS is not as prevalent as other types of malware, however, threat actors also increasingly recognize the potential of compromising Apple users.
Threat actors have attempted to develop ransomware strains capable of affecting Apple devices. Ransomware and remote access trojans (RATs) accounted for about 15% of all the malware used to target macOS users, according to Moonlock, the cybersecurity wing of MacPaw, in 2023.
In 2023, multiple vulnerabilities impacting Apple macOS were weaponized and exploited in the wild by threat actors. Spyware operators, including Cytrox and Pegasus, exploited some high-risk vulnerabilities. One threat actor offered an exploit for sale for $2.7 million.
While macOS still trails Windows by overall OS market share, which is the biggest deterrent to cybercriminals developing malware, the situation may change.
“The macOS market represents an opportunity for actors to capitalize on the lack of competition, and given the upward trajectory of macOS, a chance to establish a brand during a time of relevant market freedom,” Intel 471 warns.
In the short term, infostealers and RATs will remain the two most common macOS threats, and the growth of ransomware and other types will be incremental.
Your email address will not be published. Required fields are markedmarked