Malware threats targeting Apple’s Mac devices are on the rise – leaving people questioning whether Apple really cares.
A common misconception is that malware is less likely to infect an Apple device. Current times are proving this misconception wrong. Bugs have been a common factor of new macOS releases nowadays. Some of these bugs are the root cause of malware breakouts, but, Apple has been fairly prompt to patch these bugs out.
ThiefQuest: New new malware targetting macOS
A security company, Malwarebytes, have discovered a new ransomware named ThiefQuest. This malware encrypts all files on a computer, locking everything and telling the user to pay the ransom in Bitcoins. Aside from the ransomware component, this malware also has a built-in keylogger, as well as a reverse-shell component.
The reverse-shell component opens a backdoor to your computer so hackers can access everything without the user knowing. Furthermore, it is also said to withdraw files of different types, such as PDFs, images, MS Word, Powerpoint, Excel files. Banking details such as private and public cryptocurrency wallet keys are also being taken.
Users will not know their Mac is infected until they notice all of their files are gone and are left with this text file message:
Looking up this Bitcoin address in a Bitcoin block explorer, at the time of writing this article, shows that the account has no balance, and no coins have been sent or received.
How bad is it?
This ransomware is extremely high severity, being almost unnoticeable until all the user’s files are encrypted and the ransomware note appears. This malware is known to be spread via pirated applications, installing infected apps from deceptive websites and infected email attachments.
Once all files have been encrypted, there is absolutely no way to recover them. It is highly unlikely that the hackers will release the files even after the ransom is paid. There is also the risk of the malware encrypting and stealing files from external drives connected to the Mac. There are a few anti-malware softwares, such as Malwarebytes, which can remove this malware, though, once your files are encrypted, there is no way to recover them.
If you do get to that point where everything is encrypted, you’re better off saying sayonara to all your files and doing a clean reinstall of macOS. AES-256 is unbreakable, trying to crack the encryption may take hundreds of years to brute-force.
You can read more about AES encryption, in this Wikipedia page.
macOS or Windows, which is safer?
In Malwarebytes’ most recent report, which can be found here, they quote the following:
The average number of threats detected on a Mac is not only on the rise, but has surpassed Windows—by a great deal.Malwarebytes 2020 State of Malware Report
From this report, the malware detection per device value on Windows is 5.8, on macOS, this value is 11.0. This is almost double, thus, macOS is almost twice as likely to be infected.
Windows and macOS deals with foreign files in different ways. On Windows, a built-in, free and powerful anti-malware software called Windows Defender will scan any foreign apps or files. The Defender app will flag and quarantine any malicious files or apps to the user. The user then has a choice of whether to permanently delete the file/app or run it. This solution gives users the choice they deserve, yet maintaining a high level of security, and protection.
On the other hand, macOS doesn’t have any sort of built-in anti-malware applications. Instead, Apple are forbidding users from running any application which isn’t on Apple’s App Store or are apps developed by “identified developers”. This is a lazy approach and results in a huge variety of safe apps being blocked completely. Although this may seem much safer than Windows’ approach, it clearly isn’t. With malware threats, such as ThiefQuest, rising in macOS, Apple are doing it completely wrong.
On macOS, Gatekeeper is a security feature which blocks foreign apps from being run. In order to run apps which aren’t on the App Store or developed by “identified developers” you have to completely disable this feature. It is the only built-in software-based security feature on Mac devices, disabling this can be detrimental, doing so is similar to bringing down the only wall separating your Mac and malware. It would be incredible to see Apple implementing an anti-malware feature into Gatekeeper so that this tool can actively scan for malware.
Although statistics show that Windows may be the safer OS, you don’t get much control over your personal data and privacy on this operating system. With macOS, you have almost full control over your privacy.
Windows 10 gathers too much private information from users. Information such as the websites you visit, apps and features you use, and a full report of the device’s activities will be sent off automatically. Though you can opt to send only the “basic” information to Microsoft, there is no way to disable this. In my opinion, any software which doesn’t give you control over your own data should be classed as spyware.
The development of new malware will not stop, and malware is becoming more and more destructive. Having an anti-malware software is recommended, especially on macOS. On Windows, the Defender app is quite good, and mostly sufficient, especially given the fact that it’s free and built-in. A good active anti-malware software will flag viruses and malware immediately before it is even opened.
It is also highly recommended that you take full backups, so even if malware locks up your files, you can utilise the backups to recover them. Full bootable drive backups are the best, though this may take up a lot of space. On macOS, you can look into Time Machine Backups, otherwise, you can just simply copy files or folders to an external drive regularly, making sure this external drive is only plugged in during the backup process.