Blog | Mac malware — what you need to know

By Sumit Bansal

(Photo by RENDY ARYANTO/VisualVerve.SG)

Macbook users are increasingly being targeted by malware. In the SophosLabs Malware Forecast this year, it was found that Mac malware is often technically sneaky and geared towards harvesting data or providing covert remote access to thieves and holding files for ransom.

Other types of malware include the FileCode ransomware, written in the Swift programming language, a relatively recent programming environment that comes from Apple.

FileCode releases text files telling users to pay bitcoins to the crook and leave their computer connected to the Internet so the cybercriminal can access their computer remotely to unscramble users’ files within 24 hours.

However, there are simple ways for Apple users to avoid falling prey to FileCode:

1. Stay away from websites claiming to help you bypass the licensing checks built into commercial software as FileCode is usually planted in software piracy sites masquerading as cracking tools for mainstream commercial software products

2. FileCode uses an encryption algorithm that can almost certainly be defeated without paying the ransom. Hence, if you have the original, unecrypted copy of one of the files that ended up scrambled, there are high chances of using free tools to “crack” the decryption key and recover files for yourself

Recently, SophosLabs has identified a new piece of Mac ransomware, popularly known as MacRansom, which is reported as an example of ransomware-as-a-service (RaaS). This means that someone with no coding experience could also easily make money by distributing the ransomware to accomplices.

How does MacRansom work?

The malware installs itself quietly to work under the user’s account, rather than as a system-wide program. It is unlikely that users will notice the presence of the malware as it is given a seemingly common name, similar to the official mac OS filename.

Once the malware is activated, it begins to encrypt the user’s files and offer a decryption key at a price. As this malware targets files in attached hard-disks, USB keys and other removable drives, it is recommended to keep at least one recent backup copy offline, and off-site as well.

Best security practices to protect against malware:

• Patch early, patch often

• Consider implementing a holistic, next-generation security solution that has anti-malware and anti-ransomware innovation

• Beware of unsolicited attachments, and only open documents from known senders

• Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing while you have administrator rights

• Try the free Sophos Home antivirus solution with business-grade security that protects both PC and Mac

The author is director for Asean and Korea at Sophos

Comment on this post