Conversation with a Mac and security expert RE: malware

We need to have a conversation about Macs, says TJ Letourneau of VIPRE Security. I’ve been a long-time fan of Mac.  In fact, my first personal Mac was a Power Mac G5 and I absolutely loved that device.  So much so that when I had to evacuate my home due to a hurricane…I brought it with me!  Yeah, it was like that. Some call it the greatest love story ever told.

With my love of the Mac in mind, I feel that the time has come to discuss the state of Macs today and some of the preconceived notions around their security and security needs. Specifically, I want to discuss malware-related security, for Mac devices.

“Macs are Completely Safe, I’ll Never be Attacked”

One thing I’ve heard throughout the years and continue to hear today is that Macs are safe.  My response to this is, “How do you define safe?”.  Sure, they are safer from malware than Windows devices but that is only a numbers game, there are exponentially more Windows devices in the world than there are Mac. This disparity creates a false sense of security which is where this fake perception starts.

The first important point in understanding this perception is to let yourself think like a criminal.  Why attack Macs when there are so many unsecured, unpatched, easy to infect/hack Windows devices waiting?  Easy targets get hit for a good reason and for a very long time it just wasn’t worth paying close attention to the Mac side of the computer industry.  The low hanging fruit that existed on the Windows side kept the bills paid and criminals happy.  There was simply no need to reinvent the wheel.  Taking a look at the number of Macs shipped globally from 2002-2018, you can start to see this scenario change quite a bit in the chart below.

Source: Wired 2018

As Mac devices took more of the market share it was only a matter of time before the bad actors of the world started targeting those devices.  The increased number combined with the preconceived notion that Macs are safe gives you a disaster just waiting to happen.

Fruit Ripe for the Taking

Not convinced?  Let’s go back to our criminal mindset once again.  You now have a larger number of people that are purchasing Macs. The market is beginning to make the reward for criminals worth the risk.  What else do these large number of people have in common?  Most likely they have the belief that their devices are safe and use them each day without endpoint security software.  The fruit is suddenly now lower.

We are not just talking talking about minor annoyances, we are talking about full-fledged malware that can be extremely damaging to the person and/or business infected.

I feel it would be appropriate to examine in-depth one of the more harmful pieces of Mac malware that currently exists, OSX.Calisto.  This malware is a Trojan originally detected by Symantec researchers in July. It was first uploaded to VirusTotal in 2016 but sat dormant for two years before being put in to use.  This may have you thinking, “OK, so there is Mac malware, but what does it actually do?”. I am so very glad you thought that!

This piece of malware enables remote login, enables screen sharing, adds permissions for a bad actor, adds remote login capabilities for all users, and adds its own user account to your Mac.  It essentially gives the malicious actor full control over your Mac device and access to the entirety of your data.

What could a criminal could do with your data? They could find a myriad of items including personal documents, tax files, photos, instant messages, your browsing history, access to websites with saved passwords (NEVER save bank passwords in your browser by the way) or anything else that may be stored on your Mac.  OSX.Calisto can upload files such as your password keychain and cookies then download new malware to your device, so it can further infect it or spread throughout your network to possibly attack other devices, including Windows ones!

OSX.Calisto isn’t the only known malware for Mac, but it is definitely a scary start.  As global Mac sales continue to catch up to Windows devices you should expect more articles around Mac malware and the related breaches.  Don’t get caught off-guard or attempt damage control after an attack.  Know that Macs are no longer the “safe” devices they once were and protect yourself before the damage is done.

John Letourneau is the Senior Director of Customer Success for VIPRE Security and is a twenty-plus year veteran of the IT industry. Reposted from https://www.vipre.com/blog/mac-malware-cybersecurity/.

Cyber Safety Net is a KnowBe4 partner. Cyber Safety Net – Keeping you safe online. See https://cybersafetynet.net/cyber-security-awareness-training/ to train and strengthen your human firewall. See https://youtu.be/UFpFesrcnvY and https://www.knowbe4.com/security-awareness-training-features/ to learn more.