Hackers target Apple’s Mac with multi-architecture malware using ads

Even as cyberattacks on individuals recorded a drop from their peak during Covid-19, Apple’s Mac laptops and desktops have been witnessing a surge in cyber threats.  

According to the Nokia Threat Intelligence Report, 2021, attackers are using adware tools on macOS to inject malware in Apple PCs.  

The trend seemingly comes as attacks on individuals have declined over the past months as the pandemic recedes, according to Nokia.

The threat report states that attackers have been attempting increasingly sophisticated methods to infiltrate Apple’s Mac devices. These include executable scripts that can run malware on a Mac PC, after a user clicks on an adware tool. These tools used a macOS logic flaw to bypass Apple’s Gatekeeper and File Quarantine security protocols.  

Adware distributors have also used fabricated code signing to bypass Apple’s App Notarization process, and also directed victims on how to run an unsigned installer to distribute malware on Macs. 

According to Apple, “Notarization gives users more confidence that the Developer ID-signed software you distribute has been checked by Apple for malicious components.”  

The move ties into recent spotlight on Apple’s ‘closed ecosystem’ software approach, which Craig Federighi, senior VP of software engineering at Apple, recently said was not enough during his court representation in the Apple v Epic case. 

“If you took Mac security techniques and applied them to the iOS ecosystem, with all those devices, all that value, it would get run over to a degree dramatically worse than is already happening on the Mac. We have a level of malware on the Mac that we don’t find acceptable and is much worse than iOS,” Federighi had said during the hearing. 

Security threats have been steadily rising on Mac PCs. A Check Point Research report noted how the XLoader malware was in circulation in the dark web as a malware-as-a-service product, for $49.  

The XLoader tool could log keystrokes, harvest login information and scrape screenshots on Macs to steal sensitive data, or even download and install malware on Macs. 

The threats rise as Apple’s Mac PCs also see an increase in sales.  

According to data on global computer shipments from IDC, Apple saw a 9.4 percent year on year (YoY) rise in sales of Macs in Q2 2021. 

A recent Sophos report detailed critical malware on Macs. These include EvilQuest ransomware and spyware tool, NukeSpeed remote access trojan (RAT) to infiltrate systems and take over remotely, and GravityRAT – which serves the same purpose as NukeSpeed. 

In the 2020 State of the Malware report by Malwarebytes, Macs saw twice the number of malware threats on Macs, as against Windows PCs – widely perceived to at greater risk than Apple’s computers. 

The Nokia threat report says that Apple’s shift to its custom M1 processors have also seen hackers adapt to the platform.  

It says, “The SilverSparrow malware threat actors created and released multi-architecture malware shortly after the launch of the M1 chip systems. While multi-platform malware is not new, with two platforms currently supported on Macs, malware that supports both in the same binary image has been observed.” 

The increasing threat in Macs come as malware threats to individuals have decreased, while enterprise attacks such as supply chain cyber attacks, ransomware as a service and botnet attacks have grown.  

According to Nokia, 0.23 percent of mobile networks analysed by Nokia witnessed malware attacks in March 2020, at the onset of the pandemic. The number has since reduced to 0.09 percent in April 2021 – as bulk malware attacks using covid-19 as a keyword bait declined. 

The same trend reflects on home internet networks – Nokia states how 3.24 percent of all home internet networks it analysed saw malware attacks in November 2020. This has since declined to less than 2.5 percent of all networks in May 2021.