15 of the biggest Apple security threats

Ten years ago keeping track of Mac malware was an interesting hobby for security geeks. Examples popped up every now and then, security firms put out a press release, and everything went back to normal. There just wasn’t much to talk about.

Then, in 2012, something called Flashback hit the platform, anything up to a million users were infected, and perceptions changed.

Today’s Mac and iOS threats have stepped up a gear with three malware families appearing to target the Mac in 2016 alone. That sounds modest but many users are still under-protected.

Plus, with the latest bug sweeping MacOS High Sierra users, resulting in anyone being able to access a Mac with a blank password, more Apple users are realising that security isn't just a Windows problem.

Here are 15 of the biggest Apple security threats...

Read next: Best online privacy tools.

Apple’s MacOS High Sierra Bug (2017)

Apple’s MacOS High Sierra Bug (2017)

A serious security flaw has been found in the latest version of Apple’s MacOS High Sierra, allowing anyone to gain entry to the machine and its administrative control without a password.

The flaw - first discovered by Turkish developer Lemi Ergin - works by using the username 'root', leaving the password field blank, and pressing 'enter' multiple times.

In a statement, Apple said it was "working on a software update to address this issue" and told users to set a root password to prevent unauthorised access to their Macs.

After revealing the flaw via a tweet, Ergin was criticised for not following the 'guidelines typically observed by security professionals' according to the BBC.

It's believed that the flaw does not affect previous versions of MacOS and is likely not able to be exploited remotely.

Keydnap (2016)
Image: ESET

Keydnap (2016)

Discovered by ESET researchers in July 2016, Keydnap (say it out loud) is a full-blown backdoor Trojan that appears suspiciously similar to KeRanger from earlier in the year. Designed to steal passwords from Apple’s KeyChain application, was subsequently spotted being distributed inside the legitimate Transmission BitTorrent application. This is not mass malware but still a worrying example of how cybercriminals are targeting Macs in the same way they target Windows PCs.

Mac.Eleanor (2016)
Image: BitDefender

Mac.Eleanor (2016)

Another example of grown-up Mac malware similar to Keydnap and KeRanger, this time hidden inside a fake file converter. Once running it loads Tor, giving cybercriminals control of the victim’s Mac, including capturing webcam images. Discovered by BitDefender, the purpose seems to be to either lock users out of their computers as part of a blackmail scam or enrol it into a botnet.

KeRanger ransomware (2016)

KeRanger ransomware (2016)

After years attacking Windows users, ransomware finally hit the Mac in the form of KeRanger, hiding inside the Transmission open source BitTorrent client. Detected by Palo Alto, KeRanger was fully-functioning, Mac-specific ransomware with no compromises, written to target and encrypt files on OS X systems. The number of victims? Probably small. The dent to Mac invulnerability? Somewhat greater.

KeyRaider (2015)

KeyRaider (2015)

Distributed through Cydia repositories in China, KeyRaider is a severe warning to users of Jailbroken iOS devices of the risks they take. A previously unknown piece of malware that by mid-2015 had "stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts," said Palo Alto. "Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom."

Thunderstrike/Dark Jedi exploits  (2015)

Thunderstrike/Dark Jedi exploits (2015)

Discovered by a security researchers rather than criminals, but concerning nonetheless, Thunderstrike and  Dark Jedi were proof-of-concept attacks  designed to undermine Mac computers using firmware backdoors. Thunderstrike required physical access to the Mac using a Thunderbolt peripheral, whereas Dark Jedi didn’t but did demand a lot of firmware smarts.  Both issues were patched by Apple.

WireLurker and Masque (2014)

WireLurker and Masque (2014)

WireLurker was undoubtedly the most serious real-world attack on iOS devices and came hard on the heels of a similar proof-of-concept attack called Masque, itself serious enough for the US Government to warn its workers about it.  Masque only worked if users were tricked into installing an app from a third-party store but the Chinese WireLurker infected any iOS devices via USB from an infected Mac.

\'Celebgate\' iCloud attacks (2014)
iStock

'Celebgate' iCloud attacks (2014)

Arguably the most serious security issue to affect Apple,  the company’s iCloud data storage service was hit by a small flurry of apparent breaches in 2014, culminating in a targeted attack on celebrity accounts dubbed ‘Celebgate’ in which incredibly embarrassing images of Hollywood celebrities and actors were leaked to the Internet.  Apple had a habit of denying its systems had been breached. Regardless, users started paying attention to the personal data gathered by cloud services, or just turning them off.

Browser ransomware attack (2013)
Image: Malwarebytes

Browser ransomware attack (2013)

Publicised by Malwarebytes, this cross-platform attack was a simple Javascript con that interfered with the browser in order to persuade users to fork out $300 to make it stop. The only way to get rid of it was the instigate the ‘reset Safari’ option.  Far from complex but still a warning that simple tricks can work as well as sophisticated ones.

Flashback Trojan (2012)
Image: F-Secure

Flashback Trojan (2012)

Nobody knows for sure how many Apple computers were infected by the Flashback Trojan, but up to a million seems likely, making it by far the most significant Mac malware ever. Flashback installed as a drive-by attack posing as a Flash player install which reminded everyone of similar scams on Windows. This was the moment and the year when the perception of Aople security changed – even Oxford University and its students struggled with it.

MacControl APT (2012)

MacControl APT (2012)

Aimed by Chinese hackers at Uighur activists, this launched as a simple booby-trapped email attachment in order to take remote control of target Macs. Several attacks at the time used this technique since when it has continued to be tried on a small and targeted basis by Chinese groups against specific groups, hence the ‘APT’ moniker.

MacDefender (2011)
Image: Intego

MacDefender (2011)

A curiosity that marked the first time Macs had been targeted by the same sorts of fake anti-virus scams then flooding the PC world, MacDefender was a simple con trick. The malware posed as a security app users were invited to install an app that detected non-existent security threats users needed a paid license to rid themselves of. Notable because its creators had gone to come trouble to create a convincing Mac interface.

Boonana Trojan/worm (2010)
Image: SecureMac

Boonana Trojan/worm (2010)

By 2010, cybercriminals were experimenting with many of the same techniques tried against Windows, including ‘Boonana’ which at first appeared to be a re-packaging of the Facebook Koobface Trojan from 2008. Using Java to aid cross-platform nefariousness, Boonana was eventually identified as a new attack that used the same interest in spreading via social media and YouTube, then a much more recent phenomenon.

BadBunny (2007)

BadBunny (2007)

Affecting Mac, Windows and Linux, BadBunny was an OpenOffice macro worm, this was is still remembered for using Ruby scripts to drop pornographic images of a man in a bunny suit. Probably rarely if ever encountered in the wild, BadBunny looked like a proof-of-concept plaything as much as a serious attack.

DNSChanger/RSPlug (2007)

DNSChanger/RSPlug (2007)

This notorious attack lured Mac users using a fake CODEC (bizarrely offered as a Windows ActiveX control) allowing users to view a pornographic video. Also turned up in the form of Jahlav and turned out to be connected to the infamous RSPlug Mac malware from 2007. The Estonian group behind most of these attacks (including on Windows users) was eventually ‘downed’ by the FBI that year in Operation Ghostclick.

Copyright © 2017 IDG Communications, Inc.