Lucene search

K
threatpostLisa VaasTHREATPOST:DB4349EAC3DD60D03D1EBDEFF8ABAA8E
HistoryApr 07, 2022 - 1:00 p.m.

MacOS Malware: Myth vs. Truth – Podcast

2022-04-0713:00:56
Lisa Vaas
threatpost.com
92

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac.

… as if any machine that runs code could possibly be immune to malware…?

Boy, was that a stretch.

The untruthiness of the notion that Macs are immune to malware has been proved by multiple MacOS-focused malwares. Examples include Silver Sparrow, the malware capable of targeting Apple’s then-new M1 ARM architecture Macs back in February 2021. Another: the variant of the Shlayer Mac OSX malware with advanced stealth capabilities that was spotted in the wild in June 2020, actively using poisoned Google search results in order to find victims.

Do you still hear people say “Oh, I’m on a Mac. I can’t get a virus”?

Jamie Levy, director of R&D at Huntress, recently hosted one of the company’s “Tradecraft Tuesday” webinars, where she dug into the threat landscape on the MacOS side of the aisle to take a look at which threats are the most dangerous. If you’re still hearing Mac users swear they’re invulnerable, this is the podcast to listen to. … or to get them to listen to.

She dropped by the Threatpost podcast to bring us the highlights of that webinar, including:

  • What malware looks like on MacOS;
  • How persistence works on MacOS, and what it means for victims; and
  • The severity of the typical threats that prey upon MacOS users, and how defenders can protect their users and environments from those threats.

Please see below for a list of MacOS security tools that Jamie listed in the show.

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

Tools to Protect MacOS

These are the tools to protect MacOS that Jamie recommended during the podcast:

  • Apple’s Gatekeeper, Notarization, and XProtect:****Turn on Apple’s own MacOS tools to identify and block malware.
  • Lulu: A free, open firewall for Macs from Objective-See that Jamie recommends as a supplement to the default firewall in MacOS.
  • Little Snitch: A host-based application firewall for macOS from Objective Development Software GmbH, Little Snitch can be used to monitor applications, preventing or permitting them to connect to attached networks through advanced rules. Jamie said it’s basically like Lulu, except “maybe it’s a little more extended.”
  • RansomWhere: A tool from Objective-See that continually monitors the file system for the creation of encrypted files by suspicious processes in order to protect personal files from ransomware.
  • BlockBlock**:**Another tool from Objective-See, BlockBlock monitors common persistence locations and alerts whenever a persistent component is added.

_Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our _FREE downloadable eBook, “Cloud Security: The Forecast for 2022.”****We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C