An alarming warning has just been issued for millions of Apple users, after a “very malicious” malware was found stealing credentials, logging keystrokes and recording screenshots. Here’s what you must do today.
“This is serious and new threat for all Mac users,” warns Check Point’s Ekram Ahmed. The usual Mac malware landscape, he says, is not that serious. But this is very different. “It’s imperative that every single user check for these malicious files and delete them right away.”
Check Point has issued its warning as a wake-up call to Mac users, given the false assumption, it says, that users are fairly safe from such threats. And the cyber giant is not equivocating in its report, released today.
“This is a fully fledged malware,” Yaniv Balmas, the firm’s head of cyber research told me, “with very malicious intent and functionality.”
That functionality includes “harvesting credentials from various web browsers, collecting screenshots, monitoring and logging keystrokes, and downloading and executing files according to the orders received from Command-and-Control (C&C) servers.” The malware has also been designed with “a number of tricks to make it harder for researchers to analyze it.”
The new threat is a derivative of the notorious Formbook malware as a service. This rebranded to Xloader last year, Check Point says, and has been “prolific” in the last six months, “targeting not just Windows, but to our surprise, also Mac users.”
“The malware moves much faster and deeper, compared to its predecessor,” Ahmed says, and it’s set to get worse. “I expect the malware to continue to evolve in more virulent ways by the end of the year.”
There are two takeaways from Check Point’s new report. First, that Macs are becoming much more susceptible to attacks. Some of this is technical, a lot of it is opportunistic. More Macs, more reason to hone or rent attack tools to go after those users.
Second and more importantly, “there is a big misconception with Mac users regarding their security—for some reason most are sure they’re safe and malware free,” Balmas says. “From a technical perspective, there is no real barrier. It’s just a decision by the ‘bad-guys’. Once they enter the Mac ecosystem, there’s no stopping them—and if users are very naive and unsuspecting, that might actually result in serious damage.”
“Hackers can buy licenses for the new malware for as little as $49,” Check Point says in its report, “enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files.”
Less surprisingly, these attacks follow the tried and tested route of phishing targets using malicious Microsoft Office attachments sent by email. In the six months from December last year, Check Point says it tracked Xloader activity in 69 countries, with more than half of all victims in the United States.
Check Point urges users to check the usually hidden from view LaunchAgents directory in their library, where they should check for “suspicious” filenames. Delete any that are found, the firm says, giving the example of “com.wznlVRt83Jsd.HPyT0b4Hwxh.plist” as the kind of filename you should look for.
Realistically, you would be well advised running a reputable antivirus software package on your Mac, just as you would need to if running a PC. The time has come when you can’t trust Apple’s supposedly locked down ecosystem to do the job for you.
Given that Apple has acknowledged that “today we have a level of malware on the Mac that we don’t find acceptable,” and that it has used this problem to justify the iPhone walled garden that is now under antitrust scrutiny, there’s little alternative.
Balmas also warns users to adhere to the usual anti-phishing common sense behaviours. Don’t open attachments from unknown sources and be very wary of links in emails or messaging apps on your Mac.
“As Macs become more common,” he tells me, “so the cybercrime focus increases—it’s a good source of income, and protections are far less mature than Windows. That’s why educating Mac users about the threats to this ecosystem is very important.”