Most Apple Mac owners believe their customers are immune to viruses and malware. Even Apple has run advertising campaigns promising that its computers “don’t get viruses”. Those who have owned Mac for years, decades even, are particularly prone to believing that it indeed the case – after all, nothing has happened to them yet! Regrettably, Macs do get viruses and the threat is getting even larger.
For a long time, the argument was the cybercriminals didn’t bother to develop Mac viruses as there were not enough users to justify the effort. Instead, they turned their attention to PCs running Windows.
Over time through Apple’s market share has risen and it is increasingly common to see Macs in the workplace (especially in creative industries). Plus, there is a widespread assumption that Mac users are a smart target as they are likely to be better off and have higher incomes. So, while Mac computers themselves remain a harder to infect target (as installing most software requires a password), there is often a greater playoff.
Research shows that the Apple platform is getter more attacks and malware. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by a total number of distinct vulnerabilities. Apple TV and Safari also made a list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac in 2017 that in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016.
Finding Apple’s Weak Spots
It is now obvious that malware creators are no longer steering clear and are actively looking for ways to exploit Macs. A common approach is to use Trojans (named after a famous historical story where a wooden horse was used as a gift but actually hid ab army), Trojans looks like something you would want to install. So, Mac users happily enter their password to download that application and this then opens the gate to the cybercriminal.
In 2011, a Trojan called “Mac Defender” took advantage of Mac user’s desire to protect their computers. The fake program appeared to be anti-virus software but once the users installed it, they would get an onslaught of pop-ups ads encouraging them to buy more fake software.
Trojans get through the gates because you let your guard down. They may pretend to be:
- A note from a long-friend
- A picture of that famous celebrity
- A free game or application
- A free or cheap item or gift voucher that is available
- An email from a friend or colleague but the spelling, grammar and/or content of the email doesn’t look to match the person they are pretending to be.
All it takes to stop this type of attack is to be suspicious of everything you might install or download.
A business needs to educate its employees and staff about the importance of:
- Clicking on emails and attachments with care.
- Validating the source of any files they plan to open.
- Checking a website’s URL (being especially wary of those with less common endings such as .cc or.co).
- Questioning any promises of cheap items that are 90% off.
A new threat comes from within the Mac App Store. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Thomas Reed (a Mac security researcher) found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.
Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe and you also should look at installing an antivirus or security program on your Mac.