Apple Macs Are Being Targeted By MacRansom ‘Malware As A Service’ Attacks

The notion that Mac systems are immune to malware is just plain wrong. Sure, Macs might be less susceptible to malware than Windows-based PCs, but they are certainly not exempt from security threats. Proving otherwise, two different security outfits have put out warnings about separate threats targeting Mac users. One of them pertains to ransomware, where a user's documents and files are encrypted and held hostage until a ransom is paid, and the other is a spyware application that sniffs out sensitive information.

macOS
Image Source: Apple

Starting with the former, security outfit Fortinet said its labs recently discovered a ransomware-as-a-service (RaaS) called MacRansom that uses a web portal hosted in a TOR network. That has become a somewhat popular thing among cybercriminals as of late, though usually they attack Windows PCs, In this case, the culprits have OS X (macOS) square in their sights.

This is essentially a ransomware-for-hire operation.

"This MacRansom variant is not readily available through the portal. It is necessary to contact the author directly to build the ransomware. At first, we thought of it as a scam since there was no sample but to verify this we dropped the author an email and unexpectedly received a response," Fortinet says.

MacRansom
Image Source: Fortinet

Fortient provided the author with pertinent details, such as the ransom amount (in Bitcoin) and the date to trigger the ransomware, and obtained the code. It turned out that it was not a scam, but a real ransomware variant tailor made to attack Mac systems. MacRansom turned out to be "far inferior" from the crop of current ransomware targeting Windows PCs, but it does work as advertised.

As to the other threat, security outfit Alien Vault discovered a spyware program called MacSpy that is advertised as being the "most sophisticated Mac spyware ever." It's also free and therefore accessible to a wide audience, so that's a double-whammy to Mac users.

MacSpy is one of the first malware-as-a-service (MaaS) aimed at OS X. The authors of the program stated they built MacSpy in response to the growing popularity of Apple products in recent years, which reinforces the notion that one of the reasons why Windows is more susceptible to malware is because the platform is much more popular.

The free version of MacSpy is capable of several nefarious tricks, such as taking a screen capture every 30 seconds, logging keystrokes, plucking photos from iPhone devices as soon as iCloud syncs them to a Mac, recording audio, snooping browser histories, and more. There is also a paid version that ups the ante with more advanced spyware capabilities, such as providing access to emails and encrypting an entire user directory.

"While this piece of Mac malware may not be the most stealthy program, it is feature rich and it goes to show that as OS X continues to grow in market share and we can expect malware authors to invest greater amounts of time in producing malware for this platform," Alien Vault said.

That is really the bottom line here.