The Apple ecosystem has been recognized for years by users and cybersecurity experts as among the most secure, offering flagship security features and a high level of user privacy protection.But macOS security may be experiencing a turning point in 2024, as experts point to a sharp increase in malware created specifically to target the operating system, as well as the increased use of generative AI for attacks against macOS users, who continue to grow in numbers, making the platform a bigger draw for cybercriminals.The Moonlock Threat Report for macOS 2024 reveals disturbing trends that are turning Apple’s platform into a lucrative target for cybercriminals. The report examines the evolving tactics used by attackers, from cheap plug-and-play malware kits to sophisticated AI-generated exploits that bypass key security measures.Importantly, Apple equipment in organizations is very often used by key employees, which is an additional incentive to create new cyberthreats. Such use also puts more pressure on Apple to better secure its operating system. Analysts emphasize that most attacks are not caused by system vulnerabilities. They exploit the weakest link: users who are encouraged to disable security measures and install faulty software.Cybercriminals have traditionally ignored Macs due to their smaller user base, but they now see the platform as another opportunity alongside the perennially plagued Windows. What’s worrying is how accessible tools have become to exploit macOS vulnerabilities .A decade ago, developing malware for this platform required deep technical skills and computational resources. Today, malware-as-a-service platforms such as AMOS Stealer are lowering the barrier to entry.For as little as $1,500 a month, even inexperienced hackers can buy a toolkit that automates the process of stealing user data. Affordability has opened the floodgates.Another factor driving the growth of malware is the use of artificial intelligence. As Moonlock reveals, AI tools such as ChatGPT are being used on dark web forums to guide hackers step by step through the process of creating malware.These tools can generate scripts, package malware into installer files, and even teach attackers how to bypass macOS Gatekeeper, the primary and most important security solution that guards the macOS system image. AI-assisted malware allows even novices to deploy threats that would have been out of their league just a few years ago.Attackers bypass macOS Gatekeeper through social engineering and technical manipulation, exploiting user trust and system vulnerabilities. Cybercriminals trick users into disabling Gatekeeper with fake prompts or detailed instructions, claiming they are installing legitimate software.Malware disguised as trusted apps or system updates overrides security warnings. In some cases, attackers obtain or steal valid Apple Developer certificates to sign their malware, bypassing Gatekeeper verification.
New macOS threats emerge
Threats to Mac computers have been dominated by adware and ransomware for years. These tools, designed to extort money from users, are no longer effective. Instead, cybercriminals have abandoned them in favor of software designed to gather confidential information collected from the system.In August 2024, security researchers discovered the “Cthulhu Stealer,” a new piece of malware for macOS sold to cybercriminals for as little as $500 per month. The malware disguised itself as legitimate software, such as Grand Theft Auto IV or CleanMyMac, to trick users into downloading and installing it.Once installed, it tricked users into entering sensitive information, which it then sent to attackers. Cthulhu Stealer showed similarities to “Atomic Stealer,” suggesting that the developers had reused its code.In September 2024, cybersecurity experts discovered a new macOS threat called HZ Remote Access Tool (HZ RAT). The malware gave attackers full administrative control over infected systems.HZ RAT was typically distributed via modified versions of popular apps such as OpenVPN Connect. Once installed, it would install additional software, capture screenshots, log keystrokes, and access user data from apps such as WeChat and DingTalk.
Keeping secure
Fortunately, most of the activity targeting the macOS platform is small-scale. Many attacks rely on social engineering, tricking users into bypassing their own security settings. Staying safe on your Mac means analyzing every system prompt, avoiding suspicious downloads, and avoiding unknown links.Users should also rely on trusted sources, such as the Mac App Store, when downloading software and double-check permissions required by installed apps.It is also essential to keep up to date with the latest security patches that are regularly released by Apple with each macOS release.IT administrators of macOS-based fleets should consider investing in additional protection. Tools such as endpoint detection and response (EDR) software or reputable antivirus solutions can provide an additional layer of protection.End-user education is also important. Staying up-to-date with the latest security threats can enable users to make better decisions.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3617624/is-the-tide-turning-on-macos-security.html