Owning a Mac is preferred by most since it is run by an operating system that is less prone to attacks. There have been multiple attempts to put the idea to the test, and now, two malware (MacSpy and MacRansom) have raised the alarm for some Apple desktop/ laptop users. MacSpy and MacRansom have been a cause for concern the past couple of weeks. A bit of good news is that these are still run via closed manner – meaning no one can simply download them and put them to work. According to, both portals started to come out last May 25 following a routine scan on the Dark Web. MacSpy peddles the spyware, while MacRansom rents ransomware using a classic RaaS method.

• Mac Spy And Macransom: New Strains Of Malware For Mac 2016

Both are not digitally signed. Both are believed to be created by a developer in response to the lack of sophisticated malware targeted to Mac users, reports. MacSpy can allegedly capture screenshots every 30 seconds, log every keystroke, access synced iPhone photos and even obtain history and downloads from Safari and Chrome. On the other end, MacRansom can encrypt an entire home directory. It promises an 'unbreakable' 128-bit industrial standard encryption algorithm that will leave the victim 'no option but to purchase our decryption software,' reports.

• Jun 12, 2017 - 'MacRansom' and 'MacSpy' being sold 'as a service' on the dark. 'It is not every day that we see new ransomware specifically targeting Mac OS platform. Of Mac-based malware was 'not as polished' as other known strains.
• Jun 14, 2017 - Apple Macs Are Being Targeted By MacRansom 'Malware As A. MacSpy is one of the first malware-as-a-service (MaaS) aimed at OS X.

There's also this malware author working on a brand new cross-OS ransomware, which he said he plans to offer through a RaaS portal hosted on the Dark Web over the summer. The number of Macs has grown, and so has the number of Mac-targeting malware.

Mac Spy And Macransom: New Strains Of Malware For Mac 2016

It is believed that both were done by inexperienced coders and are still technically under control. Nevertheless, it would be best for macOS users to stay vigilant especially when it comes to downloading software from less credible sites. Despite failed attempts to breach the macOS in the past, a small window of opportunity can instantly wreak havoc into any machine and place users in an unusual position. According to AlienVault, the best way to detect MacSpy is to use a combination of network IDS (NIDS) rules once CPUs communicate for added safety measures. Speaking of the macOS, Apple recently released the third beta for macOS Sierra 10.12.6 to developers. Folks who want to try it out can do so by downloading it via the Apple Developer Center, or through the Mac App Store software update mechanism.

With no significant features and bug fixes from the first two betas, the third beta is more than likely to be one of the final updates for the Sierra OS before transitioning to the macOS High Sierra.

This is where internal and industry reports on incident and threat data are most useful. For example, Malwarebytes recently blogged about an increase in malware attacks against Mac platforms and how enterprises should prioritize Mac security. In this tip, we'll take a closer look at the reported threats and the different enterprise defense techniques for Mac systems. A closer look at the Mac malware report The Malwarebytes report describes the high-level aspects of four Mac attacks reported early this year, including the following:.

OSX/MaMi has functionality for persistence and performs man-in-the-middle attacks via the domain name system. It also installs a fraudulent root CA certificate.

While it's not particularly advanced, it appears to be a port of Windows malware for Mac. Dark Caracal is written in Java, so it can be used against any computer that executes Java code.

It is an immature remote access tool that appears to be used by nation-state actors, but it only works on systems with Java installed - so it shouldn't affect most systems running macOS 10.7 and later, as those versions no longer install the Java runtime by default. Creative.Update is distributed through a supply chain via a compromised third -party software distribution website. The malware is bundled with what appear to be legitimate apps that seem to run normally while they. OSX/Coldroot is a generic backdoor that doesn't work on Macs running current versions of macOS, including macOS 10.11 and later. Enterprise defenses for Mac Enterprise defenses against look very similar to Windows-based tools, as the network defense will most likely protect endpoints regardless of which operating system the endpoint runs on. Macs have a built-in antivirus protection tool, XProtect, which can, but it is not as fully featured as commercial endpoint security tools, so implementing a third-party tool could help block two of the malware attacks described by Malwarebytes.

Enterprise defenses against Mac malware look very similar to Windows-based tools, as the network defense will most likely protect endpoints regardless of which operating system the endpoint runs on. Installing software from approved app stores and keeping the OS and software updated may block the other two strains of Mac malware that Malwarebytes identified. However, without knowing how malware got on an endpoint, it can be difficult to determine what other security controls can be used as part of a layered defense against the malware, which is a common issue. There is also the question of how to avoid being attacked. While we would all like to avoid being attacked, it's virtually impossible to control an attacker's target. Enterprises might be able to prevent opportunistic untargeted attacks, but if an attacker specifically targets an enterprise, it can be difficult to stop. What most enterprises can do is implement security controls that can detect, respond and protect against attacks.

Conclusion As a whole, Mac security receives, which can cause a false sense of security for users and can cause them to not take sufficient caution when using their computers. Enterprises and individual users need to maintain awareness that Macs - just like any other systems - are vulnerable to various security issues.