New Malware-as-a-Service Offerings Target Mac OS X

  /     /     /  
Publicated : 22/11/2024   Category : security


New Malware-as-a-Service Offerings Target Mac OS X


MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.



Threat actors are setting their sights on Mac OS with MacSpy and MacRansom. The two malware-as-a-service (MaaS) offerings were created to take advantage of the growing Mac user base.
The concept of MaaS is not new; however, malware authors have historically targeted more popular Windows devices.
The fact that this is a focused effort for just Mac OS makes it unique, says Peter Ewane, security researcher at AlienVault.
Researchers at AlienVault discovered MacSpy in May 2017 through an advertisement for the service. The free variant of the Mac RAT is primarily used to collect various pieces of user data, which can include browser history, screenshots, clipboard data, and other information.
Cybercriminals collect the data through clipboard data scraping, keylogging, voice recording, and browser data harvesting, Ewane explains. They trick their victims into executing the malware, or obtain physical access to the device, to get what theyre looking for.
The business impact can vary depending on what data is collected, Ewane explains. For example, getting the username and password for an email account is a much smaller impact than the attacker potentially getting a private key for a web service.
There is also a paid version of MacSpy, which costs an unknown number of Bitcoins and comes with additional features including the abilities to retrieve any files and data on the Mac, encrypt the user directory in seconds, or disguise the program in any legitimate file format.
MacSpy is not widespread at this time and seems to be in a beta test mode. It is not known to exploit any vulnerabilities, says Eware. Victims can verify whether they have been infected by checking for a launch entry /Library/LaunchAgents/com.apple.webkit.plis.

Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the
conference schedule
 and
to register.
MacRansom is the only other known variant of MaaS targeting Mac devices. The ransomware-as-a-service (RaaS) offering was
discovered
by Fortinet researchers around the same time AlienVault found MacSpy.
Fortinet reports this could be the first known occurrence of RaaS targeting Mac OS. MacRansom shares web portal similarities with MacSpy and its believed the two were developed by the same malware author.
The malware customers must directly contact the MacRansom author and can set a trigger time to launch their attack. When they do, the ransomware begins to lock files and can encrypt a maximum of 128.
After it encrypts targeted files, MacRansom encrypts both com.apple.finder.plist and the original executable. It changes the Time Date Stamp; this way, even if recovery tools are used to retrieve the files, they will be rendered unusable. The ransomware demands 0.25 Bitcoin (~$657 USD) and provides an email address for decryption.
Even if it is far inferior from most current ransomware targeting Windows, it doesnt fail to encrypt victims files or prevent access to important files, thereby causing real damage, say Fortinets Rommel Joven and Wayne Chin Yick Low, who also express concern that copycats will generate additional variants of MacRansom.
The MacSpy authors, currently unknown, state they created this malware in response to Apple products gaining popularity in recent years, AlienVault
reports
. During their time in the field, the authors explain, they noticed a lack of sophisticated malware for Mac users and created MacSpy because they believed people were in need of such programs on MacOS.
Higher rates of business adoption are likely part of the motivation. One could say Mac OS adoption by [the] enterprise is making them a more interesting target to malware authors, adds Ewane. Security teams can protect their organizations with up-to-date antivirus and endpoint protection, he says, as well as user training.
Related Content:
How End-User Devices Get Hacked: 8 Easy Ways
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
New Attack Method Delivers Malware Via Mouse Hover
Security Orchestration Fine-Tunes the Incident Response Process

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Malware-as-a-Service Offerings Target Mac OS X