New WatchGuard report shows Mac malware is on the increase

11 Dec 2018

Image: © alexshutter95/

While many people believe that Apple Mac systems are less at risk when it comes to malware, that is more of a myth than anything else.

People involved in cybercrime are constantly trying to create new avenues and discover new attack vectors. While some stick to tried-and-true methods, others are more experimental in approach.

A prime example is the appearance of Mac-based malware on the list of the 10 most common malware types in WatchGuard’s Q3 2018 Internet Security report. The report was compiled using data from tens of thousands of WatchGuard network security appliances deployed in enterprises across the globe.

Malware targeting Macs gains traction

According to the extensive report, while attackers this quarter generally reused and modified old attacks such as Mimikatz, cryptominers and cross-site scripting, there is always room for a surprise to surface, hence the Mac-based malware. It is notable that Mac-based threats are rarely seen in the wild in significant volume and this variant made sixth place on the WatchGuard list.

This particular threat targeting Macs is known as ‘scareware’ and is a form of malware where the attacker uses social engineering techniques to intimidate or shock the user into buying and downloading unnecessary software. It appears as a prompt to get the user to install a fake Mac malware-cleaning service.

If the link is followed, it takes the user to a malicious domain and prompts them to install the fraudulent software. The malicious installer uses a valid Apple-issued certificate, allowing it to bypass macOS protections such as Gatekeeper. WatchGuard said that users should keep a close eye on digital certificates and exercise caution when it comes to installing software.

It added that the threat is more likely to be ‘greyware’, a class of malware that unethical firms try to foist on users as opposed to truly malicious software. The report added: “Furthermore, if you haven’t installed any Mac security software due to the impression that they are invulnerable to attacks, it’s time you change that opinion. You do need to install anti-malware and security software on your Mac.”

Insecure SLL protocols still in use

In another alarming security finding unearthed by the report, 6.8pc of the top 100,000 websites in the world are still using old and insecure versions of the SSL encryption protocol.

Despite it being deprecated by the Internet Engineering Task Force (SSL 2.0 was deprecated in 2011 and SSL 3.0 in 2015), 5,383 websites in the top 100,000 via Alexa still accept SSL 2.0 and SSL 3.0 encryption. Also, 20.9pc of the top 100,000 websites still do not use web encryption at all.

Overall, network attacks declined, with fewer than 1m hits globally. While this is a positive turn of events, the WatchGuard team is monitoring it as an unusual trend. Network attacks are exploits for vulnerabilities in server or client software used over the network, including Microsoft Office products and various other server and desktop apps.

The WatchGuard team also recommends that IT managers keep cryptominers on their radar, as they are likely to remain high on the watchlist for the next number of quarters to come.

On a positive note, even the most basic malware protection services do a decent job detecting these threats.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects