MacSpy, MacRansom: New Strains of Mac Malware
Two new strains of Mac malware are making the rounds, as per recent reports. They are being offered through Malware-as-a-Service (MaaS) portals on the dark web. Security researchers at AlienVault and Fortinet have identified these new strains of malware. They are now known by the names MacSpy and MacRansom.
Aren’t Macs Malware Free?
Mac’s OS is mostly seen as malware-free, with malware hits being relatively uncommon. This perception might be what prompted the developers of MacSpy and MacRansom to come up with their malware. Peter Ewane, who authored the AlienVault blog on MacSpy, writes, “MacSpy is advertised as the ‘most sophisticated Mac spyware ever,’ with the low starting price of free. While the idea of malware-as-a-service isn’t a new one with players such as Tox and Shark in the game, it can be said that MacSpy is one of the first seen for the OS X platform.” He adds, “The authors state that they created this malware due to Apple products gaining popularity in the recent years. They also state that during their tenure in the field that they have noticed a lack of ‘sophisticated malware for Mac users’ and they believe that ‘people were in need of such programs on MacOS’. So they created MacSpy.”
How Dangerous are MacSpy and MacRansom?
MacSpy reportedly leaves no digital trace of the threat actor and does screen capture every thirty seconds. It remains invisible to the victim as it performs keylogging, iCloud syncing, and continuous voice recording. It also has the ability to obtain browser history.
Rommen Joven and Wayne Chin Yick Low, authors of the Fortinet blog on MacRansom say that “Just recently, we here at FortiGuard Labs disco vered a Ransomware-as-a-service (RaaS) that uses a web portal hosted in a TOR network which has become a trend nowadays. However, in this case it was rather interesting to see cybercriminals attack an operating system other than Windows. And this could be the first time to see RaaS that targets Mac OS.” They add, “This MacRansom variant is not readily available through the portal. It is necessary to contact the author directly to build the ransomware.”
MacRansom, like MacSpy, claims to offer no digital trace of the threat actor and complete invisibility until the ransomware is executed. It also features unbreakable encryption and lightning-quick speed (the ransomware encrypts the victim’s home directory in less than a minute).
With these and other malware targeting Mac’s OS, Mac users and organizations using OS X should take the necessary steps to stay secure.