Kaspersky: Macs overripe for malware threats

3 min read

We’re fanatical about your privacy and security.

Security firm Kaspersky recently released its Security Bulletin for 2014, detailing critical cybersecurity statistics gathered in the last year. Among their findings? That Apple Macintosh computers are quickly becoming less secure.

In 2014, the average Mac user encountered nine cyber threats — doesn’t sound like much until you consider that the company detected 200 more pieces of Mac malware than in 2013 and blocked more than 3.5 million infection attempts on Mac OS devices. Are these Apples finally past their prime?

Ad Nauseam

According to The Telegraph, almost half of the top 20 threats to Macs came in the form of AdWare, which can add links to browser bookmarks, change default search engines and force devices to display contextual advertising. By and large, AdWare is harmless, but is nonetheless malware and opens the door for less benign threats. Among the most interesting: a malware program that took screenshots every minute, one designed to steal bitcoins, a backdoor that offers remote system access and access to contact lists and a piece of malware designed to also infect any connected iOS devices.

David Emm of Kaspersky Lab says that “the myth of Mac OS X being invulnerable no longer stands true, and as cyber criminals continue to evolve their attack methods, users should also evolve by taking the necessary steps to bolster security on their Mac devices.” In other words, the shine is off the Apple, and while the first forays by cybercriminals into the Mac landscape are mostly focused on advertising, it won’t take long for more sophisticated attacks to breach the OS X perimeter.

You’ve Been Slothed

Consider a recent example of Apple security breached for more…hilarious purposes. As noted by Consumer Affairs, Apple users in the San Fransicso area have been the victims of an “AirSloth” attack: pictures of a sloth wearing a spacesuit were pushed to their devices via the AirDrop feature, which provides a simple way to exchange files among Mac and iOS devices located in close physical proximity.

Josh Lowensohn of the Verge eventually took credit for the attack, saying that while riding the train to work and playing with his Apple device, he noticed that many his fellow passengers had a feature turned on in AirDrop that allowed them to receive files from anyone. The setting was likely an oversight from users turning on AirDrop but not configuring its permissions, and allowed Lowensohn to sloth them.

It’s a funny little joke and a funny little picture, and users can still decline the file even if their AirDrop is wide open. But there’s a serious point worth making: what if Lowensohn had been sending pictures that weren’t G-rated, or there was a line of malicious code buried in his hilarious sloth image? He also points out another easy way to hack Macs and iDevices: set up a wireless hotspot and change your device name. In the coffeeshop? Give it a popular brand name. On a University campus? Name it after the institution or the nearest building. Once users connect to your network, you have access to everything.

Attacks as a Service

So far, it seems like most Mac problems come from users: if they download AdWare or leave AirDrop on, they have only themselves to blame, right?

According to Tech News World, however, 2015 will see the spread of “attacks as a service,” where would-be hackers head to a website, choose what they want to steal and how, then pay a fee and get an all-in-one software package. A survey by security company SentinelOne found that attacks on OS X have begun to rise, and predicts that Apples will be increasingly targeted by these attacks because more and more businesses are using Macs and iOS devices to store critical data, making them valuable targets. What’s more, Apple’s reputation as a “safe” OS has led to a lack of dedicated security measures — claiming the door is locked only works so long as no one tries to kick it down.

Bottom line? Macs are under threat as the specter of Apple malware grows. Both users and the company have their work cut out if they want to stay safe in 2015.

ExpressVPN is dedicated to your online security and privacy. Posts from this account will focus on company news or significant privacy and security stories.