Byte-size Bulletins

Mac Users “Naive and Unsuspecting” about risks says cybersecurity head

Written by Rachael Brown | Aug 6, 2021
 
A warning has just been issued for millions of Apple users. Something on their computer is stealing credentials, logging keystrokes and recording screenshots.

The infamous Xloader malware for Windows, has just been detected on Macs, due to a recent report by Check Point Security. Shattering the common assumption that serious malware is just a ‘PC thing’, and Mac users are insulated from such threats.

This malware is fully-fledged, having both malicious intent, advanced functionality and the capacity to travel at immense speeds. Xloader even boasts several features and tricks which make it more difficult for researchers to analyse and identify.

According to Yaniv Balmas, head of cybersecurity at Check Point, malware targeting Macs is “becoming bigger and more dangerous” coming close to closing the risk gap between Mac and Windows. As the number of Macs being used rises, in part due to remote working and the pandemic, the frequency and intensity of attack tools like Xloader being rented to go after these users increases.

What does this mean?

It means that cyber criminals can pay a sum, starting at $49 a month, to rent the malware to get access to a user’s Mac.

But critically there is something needed for this access- user permission. Xloader can't be added or run on a Mac without explicit permission from its user, so the malware is typically deployed alongside social engineering, to trick users into downloading and allowing it on their system.

Because of this, and the risk Xloader poses towards Mac users, Yaniv has spoken out on the misconceptions Mac users have when it comes to their security. “Most are sure they’re safe and malware-free”, he notes, an attitude which in combination with a Mac's lack of technical barriers can be disastrous.

Mac’s protections are significantly less mature than Windows, and cyber crime is especially now a highly lucrative source of income.

“Naïve and unsuspecting” users, according to Yaniv are easy targets for this malware, the assumption that Mac users are perfectly safe being the very thing that may “result in serious damage.”

The solution to this is cultivating a security-first mindset among Mac users. It's no secret that many senior business staff often opt for Macs, in part due to their stylish and sophisticated design. These staff are at increased risk of being targeted by cyber criminals, due to the fact they have greater permissions and access than those further down the company chain. 
 
One compromised machine can compromise an entire organisation. Mac users are not immune to this and educating your staff is the answer. 

Ensure they are adhering to the established common sense security behaviours. Like being wary of links in messaging apps and emails, and not opening attachments from unknown sources.

Most importantly, encourage critical thinking and checks and balances when it comes to digital channels of communication.

Phishing exploits the trust and dynamic of working environments to execute their criminal activity, so double-check and even triple check, before sharing any personal data.

Photo by Patrick Ward on Unsplash