Malicious installers led to rotten Apples and adware, as adversaries continued to target macOS throughout 2021. Pairs With This Song
Considering we name all of the novel activity clusters we track after birds, this song was a natural choice.
Editors’ note:While the analysis and detection opportunities remain applicable, this page has not been updated since 2022.
We’ve come a long way from hearing cries of “Macs don’t get viruses!,” and in 2021, the information security community saw more and more malware targeting macOS systems. In contrast to Windows systems, we observe far fewer malicious documents or email attachments on macOS systems. Instead, the majority of malware we observe on macOS stems from malicious installers that trick victims into thinking they’re downloading legitimate content. This approach is particularly insidious, as victims on macOS systems usually possess administrative privileges. Shlayer, Bundlore, and Silver Sparrow followed this malicious installer trend. Also, four of the eight macOS malware threats Objective-See covered in their review of 2021 relied on malicious installers for deployment.
Most macOS threats we observe are malicious adware. Malicious adware is an unwanted program designed to show advertisements on a victim’s screen, often within a web browser. A good example of the potential impact of malicious adware comes from the activity cluster Red Canary tracks as Silver Toucan. This cluster discloses its own terms of service that victim hosts may use for proxy activities. Malicious macOS adware often includes tools such as MITMProxy for ad injection, which raises the privacy concern of web traffic inspection on affected hosts.
Updating the operating system and applying antimalware controls are the best defenses against malicious software on macOS. Patching to the latest version possible ensures that malware exploits are less likely to succeed. Malware authors still circulate versions of installers that exploit patched vulnerabilities, knowing that not everyone can patch their macOS system. Antimalware controls help mitigate this threat. Where possible, obtain software directly from trusted sources that sign the installers and seek notarization from Apple. Malicious software has been mistakenly notarized in the past, but each case has been rapidly found and remedied.
See what it's like to have a security ally.
Experience the difference between a sense of security and actual security.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.