Be extra careful right now if you’re using a Mac: security experts have discovered two dangerous malware in circulation that targets Apple computers, a Trojan horse and ransomware.
No offense to Apple fans, and contrary to persistent legend, Macs are not immune to malware. On the one hand, even if it includes protection tools as standard, macOS suffers from security vulnerabilities which must be regularly plugged by updates, like all other operating systems. On the other hand, the success of recent models, with the famous gifted M chips, arouses the desire of cybercriminals who are increasingly interested in the Apple platform. We are seeing a growing number of malware attacking the Mac, especially since many users think they are perfectly protected. Recently, researchers from SentinelOne, a company specializing in cybersecurity, notably revealed the existence of MetaStealer, malware designed to steal the personal data of Mac users. And at the moment, two new threats weigh on macOS, with the almost simultaneous appearance of a Trojan horse and ramsonware.
Malware on Mac: applications infected by a Trojan horse
The first threat was spotted by Kaspersky, a well-known publisher of security solutions which notably offers a renowned antivirus. As they explain in their report of November 30, 2023, its experts have in fact detected that many software programs were infected with dangerous Trojan horse malware. More specifically, pirated versions of commercial software, such as those found on illegal download sites. Among the thirty adulterated copies identified, we find 4K Video Downloader Pro, Aiseesoft Mac Data Recovery, Aiseesoft Mac Video Converter Ultimate, AnyMP4 Android Data Recovery for Mac, Downie 4, FonePaw Data Recovery, Wondershare UniConverter 13, SQLPro Studio or again Artstudio Pro.
By downloading one of these applications for free and therefore illegally, you can install the proxy Trojan without knowing it. Result ? The malware uses your internet connection to forward traffic to other computers. Because, yes, this type of malware can be used by hackers to benefit from setting up a network of proxy servers, but also to commit various crimes in the victim’s name. As a general rule, this traffic is malicious or illegal since it concerns the trade of illicit products, hacking of company websites or even phishing.
You can, however, identify pirated copies because, unlike legitimate software, which is sold as disk images, they download in .pkg file format. As a reminder, these files can be treacherous since they can execute scripts before and after installing the application. Finally, it is also recommended to check the script code. Often, suspicious files can be found in the installation file of the application in question.
Malware on Mac: a worrying ransomware
The second malware spotted is even more worrying. In a publication also dated November 30, 2023, security researcher Patrick Wardle explains having found a new ransomware specifically attacking Macs that he called TurtleRansom (Tortle Ransom in French). More concretely, it is malicious code which aims to encrypt the data on your machine to prevent you from accessing it. Once this work is done, cybercriminals ask you to pay a ransom in order to get your files back.
However, the risks of infection are still very limited. As Patrick Wardle reminds us, Apple has put in place several safeguards to protect your device. This is particularly the case with Gatekeeper, a system process that ensures that only software validated by Apple can run on your Mac. For TurtleRansom to attack your device, you must consciously bypass this protection and allow the malware to operate.
The appearance of such ransomware should not be taken lightly. Although it does not appear to cause any immediate security concerns, this piece of malicious code should alert users of the macOS operating system. Expert Patrick Wardle recalls that the appearance of TurtleRansom should make observers aware that there are risks of infection, even on macOS. So be wary.