Weissblick - Fotolia
More new malware families have appeared in the first half of this year than in any other previous year in Mac history, the data shows.
In the light of these findings, the security firm has released Malwarebytes for Mac to protect against increasing threats to the operating system, either as a standalone system or to run alongside any antivirus software.
According to Malwarebytes CEO Marcin Kleczynski, antivirus and security awareness is no longer enough defence for Mac users, who will now have to seek additional defences.
The Mac operating system has long been regarded as a relatively secure operating system, but this was mainly due to the fact that there were relatively few threats designed to target Mac users rather than the operating system being inherently secure.
“Mac threats are not taken seriously enough in the security community today,” said Thomas Reed, director of Mac and mobile at Malwarebytes.
The App Store is not immune to these threats, said Reed. “For example, the recent Proton remote access Trojan that plagued Mac users fooled many experienced, security-minded people who became infected.
“Despite what many Mac users think, they are not safe even if they are careful about what they download. Being security-savvy is no longer enough. All Mac users need dedicated protection against malware, adware and PUPs.”
Proton was discovered for sale on a closed Russian cyber crime message board by researchers at security firm, Sixgill.
The researchers reported that the Rat is intended for installation exclusively on Mac OS devices, and includes root-access privileges and features allowing an attacker to obtain full control of the victim’s computer.
Its capabilities include: running real-time console commands and file-manager, keylogging, screenshots, webcam operation and the ability to present a custom native window requesting information such as a credit-card, driver’s license and more.
The threat behind the software
The real threat behind the software, according to research, is that the malware is shipped with genuine Apple code-signing signatures.
“This means the author of Proton Rat somehow got through the rigorous filtration process Apple places on Mac OS developers of third-party software, and obtained genuine certifications for his program. Sixgill evaluates that the malware developer has managed to falsify registration to the Apple Developer ID Program or used stolen developer credentials for the purpose,” the researchers wrote in a blog post.
Sixgill also believes that gaining root privileges on Mac OS is only possible by employing a previously unpatched zero-day vulnerability, which is suspected to be in possession of the author.
Proton’s users then perform the necessary action of masquerading the malicious app as a genuine one, including a custom icon and name. The victim is then tricked into downloading and installing Proton,” they said.