While Mac users have enjoyed a computing experience largely free of viruses and trojans, the last year has seen a turning point in fortunes.
According to a new report, 2015 has seen more malware targeting Apple desktops and servers than the last five years in total. The report, published by IT security firm Bit9 + Carbon Black Threat Research team, analysed more than 1,400 unique OS X malware samples and found a flood of malware attacks this year.
“As big-picture trends from the data began to emerge, one data point struck the team as particularly noteworthy: 2015 has been the most prolific year in history for OS X malware,” the research team said in its report. “In 2015 alone, the research found, the number of OS X malware samples has been five times greater than in 2010, 2011, 2012, 2013 and 2014 combined.”
The report cited the growing popularity of Macs as an alternative to Windows as one reason behind the increase in malware targeting the operating system. More than ever before, Macs have entered the workplace which hackers could attack hoping to gain access to sensitive data.
“This rise in Mac OS X malware comes after several years of rapid OS X market share gains, with 16.4 percent of the market now running OS X, including expanding deployment in the enterprise,” the report said. “This represents a growing attack surface for sensitive data, as 45 percent of companies now offer Macs as an option to their employees.”
Some of the most common malware targeting OS X were: Lamadai, a backdoor trojan targeting a Java vulnerability; LaoShu, spam via undelivered mail parcels; Appetite, a trojan targeting government organisations; and Coin Thief, which stole bitcoin login credentials via a hacked version of the Angry Birds game.
The firm’s analysis showed that most OS X malware used features of the OS such as LaunchDaemons/ LaunchAgents, login items and browser plugins.
“Malware more often resided in userland and leveraged persistence mechanisms that supported this as opposed to attempting to reside in kernel-land by writing custom kernel extensions,” the report said.
It said another twist in the analysis was that the team expected that, given OS X’s roots in FreeBSD, adapting Unix/Linux malware would be common.
“However, based on this 10-week analysis, there does not appear to be much, if any, Unix-style malware brought over to OS X,” it said.
The report added that Apple introduced a new load command in OS X10.8, but 90 percent of OS X malware still used the old method, which made the malware much easier to spot. “Malware authors are not updating their malware to conform to the latest specifications by Apple.”
The report said that since OS X has until recently been largely ignored by malware and only rarely the target of advanced cyber-attacks, many enterprises have failed to implement the same safeguards and controls on OS X devices as they have for Windows machines.
“As OS X malware and targeted attacks have increased, this security gap has left many organisations exposed and unable to identify or stop infections. This reality has been compounded by the lack of OS X support from many endpoint security vendors and is a strategic vulnerability for organisations with large OS X deployments,” the report said.