Two new strains of malware aimed at macOS operating system have been discovered: MacSpy and MacRansom. Bleeping Computer first reported the news that these two Mac malware have been offered through Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) portals on the Dark Web for almost three weeks, yet until recent days did they been found by security researchers during a routine scan.
Both launched on May 25, the pair of portals are the work of the same developer, and the websites peddling the Mac spy and malware software are almost identical. According to security firms Fortinet and AlienVault, the person behind the malware is an “inexperienced” coder. Though creating two MaaS portals, the code writer did not pay much effort in improving the quality of his code. Both malware lack the the digitally signed files, and that means the security measures on a standard installation of macOS will be alerted to the malware (as an application with no signed file).
Fortinet and AlienVault got their hands on fully-working samples of MacRansom and MacSpy respectively. Both of them concluded that MacSpy is “a better-coded tool”, while MacRansom could be a dangerous software that have the potential to “permanently wreck user files”, if deployed for malicious purposes in live campaigns.
Before MacRansom, that kind of MaaS service has appeared at Mac platform (like Tox and Shark), yet MacSpy can be seem as one of the first RaaS that targets Mac OS.
Suspect that your Mac has been infected by adware or malware? You could run a reliable uninstaller (e.g. Osx Uninstaller) to delete any unwanted apps on Mac.
So far none of these two appear to be in any active distribution campaigns, mostly likely due to the obtaining process. Anyone interested in purchasing the services has to contact the malware coder to get demo packages and then negotiate payment. However, these portals may drive more crooks toward the Mac user base and lower the entry bar for parties that had no previous experience with creating Mac malware.
Mac security researcher Patrick Wardle said that more and more hackers are aiming at Mac computer as Apple products are gaining popularity in the recent years. Malware attacks aiming at Mac computers were up to 744% in 2016, though most of them are aroused by the advertisement plugins bundled in the downloaded software. Many macOS and iOS users lack adequate security knowledge to fight against hacking attacks, and those inexperienced users are likely to be hackers’ major targets. It is time to set up your vigilance about Mac-targeting malware and learn some security skills.
To keep your Apple devices safe, security researchers suggest you not to download and install apps outside the App Store and trusted third party developer websites.