Security: Macs Face More Threats Than Ever (More Than Windows!)

MacOS vs. Windows is a battle that never stops evolving. 

MacOS was considered to be the safest operating system that is not as susceptible to malicious exploits as much as Windows. However, as the world of cybersecurity is evolving, threats are becoming more serious and more prevalent. 

Recent reports have shown that MacOS’s threat level has dramatically increased since 2018. It is worth noting that most of the macOS exploits aren’t as damaging as Windows exploits, but they can still cause a lot of damage. 

Let’s learn more about these threats and how they work.

MacOS Threats Increased by 400% in 2019

Malwarebytes has issued its 2020 ‘’State of Malware’’ report, where they carefully dissected and talked about various real-world threats that concern both iOS and Android users, as well as browser attacks that are aimed at Windows and macOS users. Before we proceed with details, let’s talk about the most worrisome number that came out of this report – MacOS threats increased by more than 400% in 2019. That means that MacOS has surpassed Windows in the ratio two-to-one.

The report notes that only one cybersecurity threat in 2019 did not happen due to human error. Human error includes all activities performed by the user, such as opening phishing links, social engineering, etc. That means that human error still remains the number one reason for cyberattacks in both companies and personal lives.

However, that doesn’t mean that macOS devices are bad. Instead, that just means that the volume of macOS users has been steadily increasing, and macOS devices have experienced an increased market share in 2019. Moreover, for the first time ever, MacOS exploits have risen to the number one spot on the Malwarebytes’ threat detection list. There are many different kinds of threats, two of the most prevalent being NewTab and PCVARK. Let’s learn more about these threats.

Top MacOS Threats

When it comes to types of threats, macOS and Windows are very different. Windows is susceptible to traditional malware that’s mostly aimed at businesses, while MacOS is most susceptible to adware and PUPs (potentially unwanted programs). Top 10 macOS adware and PUP threats include:

  • Adware.NewTab
  • PUP.PCVARK
  • PUP.MacKeeper
  • PUP.JDI
  • PUP.MacBooster
  • OSX.Genieo
  • PUP.Kromtech
  • PUP.TuneupMyMac
  • PUP.MacReviver
  • Adware.OperatorMac

Malwarebytes reminds us that some of this year’s most noteworthy cybersecurity threats aren’t necessarily the most voluminous. They separated the four most interesting exploits that either dominated or disrupted the threat landscape. Those include:

NewTab

NewTab is currently at the top of the list, and it has affected almost 30 million devices so far. NewTab is a family of adware that aims to redirect browser searches. Its goal is to earn illegal affiliate-type revenue. The delivery method is pretty straightforward, and it is usually delivered through apps with embedded Safari extensions. The most common spreading methods include fake maps, tracking pages, and fake directions pages. For example, a fake package tracking page would accept any parcel number entered by the user. Once the user clicks the Track button, a file download would be prompted.

Genieo

Genieo is number six on the Malwarebytes’ list of macOS threats, and it is a very interesting type of adware. In fact, some would argue that acts as a typical malware because some installation methods might abuse system vulnerabilities and because it’s very difficult to uninstall. So far, Malwarebytes has detected it across seven million devices. 

What makes this adware different is the fact that it’s continuously upgrading and evolving. Just like NewTab, Genieo also aims to earn illicit affiliate money through redirected searches and home pages. Users whose devices were infected with Genieo noticed that their search engines were replaced, or that their browsers were hijacked. Then, different sponsored content would overflow their search results, which increases the chances for hackers to earn a profit. 

When it comes to traditional malware, the top two contenders are OSX.Generic.Suspicious and OSX.FakeFileOpener. Let’s see how they work:

OSX.Generic.Suspicious

OSX.Generic.Suspicious is a group of detections that are known to exhibit malicious behavior. This type of software performs suspicious actions that are distinctive to malware, which is why it triggers Malwarebytes’ detection criteria. This type of malicious behavior has been on the rise in the past couple of years. Even though Apple has introduced stricter requirements and conditions for code checking, signing, and notarization, shell scripts are still exempt from these restrictions. Because of that, it is expected that hackers will use them more frequently in the future.

OSX.FakeFileOpener

This is a very interesting type of malware because it can imitate legit MacOS functions to redirect users to various scam websites and pages. It works like this: when a user tries to open a file type that is not recognized by the system, and the user’s computer was infected with FakeFileOpener, instead of being redirected to the App Store, the user is taken to a page that says that their computer was infected with malware. Then, it offers certain ‘’remedies’’ that are actually malicious exploits.

macOS users shouldn’t be that scared, though. Most of these exploits aren’t as dangerous as they seem. However, they can still be annoying and negatively impact the device’s performance. To prevent these incidents from occurring, users should consider installing additional security software such as NordVPN, antiviruses, and anti-malware. That way, they will be instantly notified in case they downloaded a suspicious file, or if they are attempting to access a malicious website.