Why Apple Malware is Increasing

by | Apr 25, 2022

Apple Malware, Apple, MacBook

Image Credit: Freepik.com

Not long ago Apple computers were used mainly in the education sector and by creative professionals (desktop publishing). Today, we see MacBooks, iPads, and iPhones used across industries and Apple devices have increased their footprint in the business world. Powered by macOS, iPadOS, and iOS respectively, these devices are increasingly being connected to enterprise networks. Apple devices were once known to be more secure than PCs, with few viruses or malware being reported. That is no longer the case today, and Apple device users are being increasingly targeted. Although Apple is quick to respond to reported vulnerabilities, with patches and software updates, it is up to system administrators to update user devices on time — and to govern their use, Let’s take a look at the threats or risks and then look at some solutions.

Image credit: Laptop mockup psd created by freepik – www.freepik.com

Growing Footprint

According to IDC, macOS devices were used in 23% of U.S. enterprises in 2021, iPhones accounted for 49% of business smartphones and iPads were the most-used tablets in the workplace.

“Growth in Mac usage among business users, especially for employees working remotely and given their choice of PC device, is pushing more businesses to formally adopt management tools and strategies around macOS, along with iOS/iPadOS and tvOS,” said Phil Hochmuth, program vice president, enterprise mobility and client endpoint management, IDC.

Alcyr Araujo, founder and CEO of Mosyle tells me that one factor driving the growth of Apple devices in the enterprise is a young workforce for which a MacBook, iPad, or iPhone was their first computing device. Some of them work as gig workers, freelancers, or apprentices. And they bring their own devices to the workplace since they are at ease using these.

At the top end of the organization chart, managers and C-suite executives bring their high-end iPads and iPhones to work and request connectivity to the enterprise network.

The work-from-home and hybrid work culture has also dissolved the separation barrier between work and personal devices — it’s quite common to see the same device used for both purposes.

It’s become common for enterprises to ask employees about their preference for devices – Windows or Mac – during onboarding or device refreshes. And most choose Apple because of its simple interface and easy troubleshooting.

But there are strategic reasons why organizations are in favour of Apple, and this has to do with productivity and support costs.

Enterprises are also happy to choose Apple because it requires less support personnel for Apple devices than for Windows devices. The time to resolution is also faster on Apple devices, and fewer tickets are generated.

Time to Resolution is a customer service metric measuring the average amount of time between when a customer interaction is created and when that interaction is marked as “resolved.” Time To Resolution may also be called Mean Time to Resolution or Time to Resolve and abbreviated as MTTR or TTR (Source: Helpscout).

Users of Apple devices are also known to be more productive, as less time is spent on learning the interface or troubleshooting system or application issues.

The tight integration of OS, apps, and hardware in the Apple ecosystem ensures smooth operation and infrequent application or system hang or freeze.

But there is still the malware threat that can spoil the party.

Apple Malware Threats

Here are some examples of malware targeted at macOS and iOS devices:

GIMMICK

This malware variant was discovered by Volexity in late 2021 on a system running frp – or fast reverse proxy – where it detected internal port scanning activity. The traffic was determined to be unauthorized and was coming from a MacBook Pro running macOS 11.6 – Big Sur. The system was immediately isolated for forensic analysis.

Volexity researchers determined that this malware was being used in targeted attacks by Storm Cloud, a Chinese espionage threat actor active across Asia, but that it had not been written specifically for macOS. They traced the attack back to IPStorm, a malware botnet first spotted last year targeting Windows systems that has since evolved to infect other platforms, such as Android, Linux and Mac devices.

Silver Sparrow

In February 2021, Cyber security company Red Canary published findings of Silver Sparrow, a payload-less malware compiled to execute natively on Apple Silicon chips. This malware is notable for being one of the first to include native code for Apple’s new M1 chips.

XcodeSpy malware

XcodeSpy malware for macOS spreads via malicious Xcode projects. It installs a custom Eggshell backdoor.

Cryptomining

With powerful processors like the M1 chip and the A-series bionic processors used in Apple devices, malicious actors are tapping the computing power for cryptomining. In February, Trend Micro found that a coinminer sample sourced in early January 2022 uses several modified open-source components.

The sample used i2pd – a C++ implementation of the Invisible Internet Protocol client – to hide its network traffic. Trend Micro says the use of i2pd in a Mac malware sample is new.

Derivative Malware

Malware written specifically for Apple devices is rare today, and Silver Sparrow malware is one of the few exceptions. Experts say malware targeting Apple devices are mainly variants of malware created for other platforms.

“I believe the number of Apple-only malware is still not alarming. We can see more versions of the same malware as an attempt to evade any kind of control that solutions would be able to have on those devices. And I believe it’s a consequence of the growing number of Apple devices in the enterprise,” says Mosyle’s Araujo.

Writing malware specifically for Apple devices will require a new approach, due to their strong OS security framework and security features, such as app sandboxing, system integrity protection, and built-in anti-malware, such as XProtect.

So the growth of Apple-specific malware is still far smaller than that seen on Windows and Linux platforms.

So in that sense, Apple devices are more secure. Still, users and organizations that use Apple devices need to take certain precautions and use solutions that are specifically tailored for macOS platforms.


Also see: Secure Your Mobile Devices and Wireless Connections When Working From Home


Solutions

MDM and MAM

When the bring your own device or BYOD concept was introduced in organizations, their IT support staff insisted on installing Mobile Device Management (MDM) and Mobile Application Management (MAM) solutions.

Apple iOS, iPadOS, macOS and tvOS have a built-in framework that supports mobile device management. According to Apple, MDM lets you securely and wirelessly configure devices by sending profiles and commands to the device, whether they’re owned by the user or the organisation. MDM capabilities include updating software and device settings, monitoring compliance with organisational policies, and remotely wiping or locking devices. Users can enrol their own devices in MDM, and organisation-owned devices can be enrolled in MDM automatically using Apple School Manager or Apple Business Manager.

MAM is a set of software solutions that enables administrators to securely deploy and manage mobile applications on corporate and personal smartphones and tablets.  (Source: appaloosa).

Examples of Apple MDM solutions are Mosyle, ManageEngine, Jamf, Zscaler.

Anti-Malware

End-users should also ensure that there is an anti-malware package installed on their devices. Anti-virus/anti-malware developers offer both, Windows and macOS versions. Some can also run on mobile devices. When opting for a package, look for a subscription plan that covers multiple devices. Some subscriptions include up to 5 devices. With the same subscription, you can protect your desktop, laptop, desktop, phone, and tablet.

Examples: BitDefender, Norton360, McAfee, Panda, Kaspersky.

System Optimiser

In addition to anti-malware, a system optimiser looks after the “health” of your MacBook device by monitoring the performance of all subsystems. It can also free up RAM, clean up junk files, cookies, and uninstall infrequently used applications. This maintenance will prevent your apps and system from crashing. System optimisers make your device faster and perform at their peak.

Examples: CleanMyMac (Windows version: CleanMyPC).

Conclusion

Apple devices are very secure out of the box and the company ensures that its operating systems are quickly patched when bugs are reported. But as more companies adopted work from home and hybrid work models, malicious actors have started targeting Apple devices.

If you use an Apple device for work, and it is connected to the corporate network, it becomes an endpoint – and could pose a threat to the network. You Apple endpoint device becomes a gateway to the company network, and hackers could target your device through phishing attacks and malware.

To minimize the risk, ensure that your device has an MDM solution installed as well as anti-malware.

Share This Article!

Brian Pereira
Brian Pereira
Brian Pereira is an Indian journalist and editor based in Mumbai. He founded Digital Creed in 2015. A technology buff, former computer instructor, and software developer, Brian has 29 years of journalism experience (since 1994). Brian is the former Editor of CHIP India, InformationWeek India and CISO Mag. He has served India's leading newspaper groups: The Times of India and The Indian Express. Presently, he serves the Information Security Media Group, as Sr. Director, Editorial. You'll find his most current work on CIO Inc. During his career he wrote (and continues to write) 5000+ technology articles. He conducted more than 450 industry interviews. Brian writes on aviation, drones, cybersecurity, tech startups, cloud, data center, AI/ML/Gen AI, IoT, Blockchain etc. He achieved certifications from the EC-Council (Certified Secure Computer User) and from IBM (Basics of Cloud Computing). Apart from those, he has successfully completed many courses on Content Marketing and Business Writing. He recently achieved a Certificate in Cybersecurity (CC) from the international certification body ISC2. Follow Brian on Twitter (@creed_digital) and LinkedIn. Email Brian at: [email protected]
Recommended Posts
The First 90 Days Are Crucial for the CISO and CIO

This book arms you with insights into crafting a robust 90-day plan, and you’ll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions.

Similar Articles