MacDirectory Magazine

Mike Thompson

MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.

Issue link:

Contents of this Issue


Page 78 of 131

• Avoid software from unknown or untrusted sources • Handle all incoming emails and links with care GravityRAT GravityRAT is a spyware tool that can give the bad guys remote access to an infected system, allowing them to steal data or execute commands. Like FinSpy, GravityRAT has been around for a while — but as a Windows threat. However, last year researchers at Kaspersky found a new macOS variant of GravityRAT (along with some Android versions), changing the game for Mac users. It seems that more and more malware authors are “porting” Windows and Linux malware to macOS, in much the same way that app and game developers do with legitimate software! In a way, this makes perfect sense: Developing malware takes time and effort, and for a long time, there just wasn’t much point in writing malware for macOS. However, as Macs become more prevalent, especially in the enterprise, that’s changing — which is probably why we’re seeing such a dramatic increase in Mac malware. Repurposing Windows malware for macOS is one quick and effective way to deploy “new” Mac malware, and so we expect to see more of this in the years to come. In terms of staying safe: • Keep an eye out for “new to Mac” versions of Windows malware • When installing new software, pay close attention to your Mac’s system dialogs and warnings, especially if they have to do with code signing and notarization issues XCSSET XCSSET is a suite of malicious components that infects Xcode projects (Xcode being a macOS development tool). As such, this principally affects app developers, but it does raise an important concern for everyday Mac users as well. XCSSET can steal credentials, exfiltrate data, and also has ransomware capabilities. Because developers often share Xcode projects, and use other people’s Xcode projects in their own work, there is a strong potential for XCSSET to spread from developer to developer, leading some to talk about the malware as a form of supply-chain attack. In terms of what’s significant for everyday Mac users: bad actors are targeting devs directly, and are succeeding in their attacks. This basic approach — infect someone’s software and hope that some other target further downstream picks it up and uses it — is known as a supply-chain attack, and it’s definitely something for non-developers to be aware of. The SolarWinds hack at the end of 2020 goes to show just how dangerous such attacks can be, but there are also less dramatic examples that normal computer users are more likely to encounter, such as e-skimmers. Keeping safe is hard to do when someone else has been hacked — and when you actually trust that someone else to deliver malware-free software! But there is one important measure that you can take: Install an outbound firewall app like LuLu or Little Snitch. These tools monitor network traffic leaving your computer, and can help detect and block suspicious traffic. If you are infected by malware, a good firewall app may be able to stop the malware from “phoning home” to its command and control server and doing further damage. ThiefQuest ThiefQuest may sound like an adventure game, but don’t let the name fool you: It’s a powerful and sophisticated hybrid malware threat for macOS, containing ransomware, spyware, and data theft capabilities. ThiefQuest’s ransomware aspect alone would make it notable in the world of Mac malware, since ransomware is still relatively uncommon on macOS. But researchers who have looked closely at the malware say that the actual ransomware functionality is not very well implemented, and suggest that it may just be a smokescreen intended to distract victims from ThiefQuest’s true purpose: surveillance and data exfiltration. Still, the malware is considered under development, meaning that a better-designed version may appear at some point in the future. And the fact that we’re starting to see new ransomware for macOS — even if it’s not very well made — is concerning. All Mac users should protect themselves from the threat of ransomware by performing regular backups of their systems and important files. In addition, we should mention that ThiefQuest spreads through Trojanized versions of pirated software, which is a pretty common malware delivery vector. If you want to stay safe, don’t steal software! If you’re on a tight budget, and truly need a software program, consider searching for an open-source alternative instead. Shlayer The last entry on our list is Shlayer,

Articles in this issue

Archives of this issue

view archives of MacDirectory Magazine - Mike Thompson