Mac users under attack as never before- android ransomeware up 138%

News by Bradley Barth

In the first half of 2017, incidences of Android malware increased more than five percent since the start of the year. Most notably, incidents of Android ransomware increased 138 percent in Q2 .

More new Mac malware families have already emerged in 2017 than in any previous year, a new analysis shows, further proving that safety is not guaranteed just because one uses a Mac device instead of a Windows one.

In fact, Mac devices saw more new or significantly evolved malware families (17) in the first half of the year than they did in all of 2016, according to data collected by Malwarebytes, which published its findings in a report detailing Mac and Android malware trends.

"What a lot of Mac experts will tell you even today is, 'Macs don't get viruses... You just need to be careful with what websites you go to. And that's not really good advice anymore, if it ever was," said Thomas Reed, director of Mac and mobile at Malwarebytes, in an interview with SC Media.

Among the more significant new Mac malware entries, Malwarebytes notes, is Proton RAT, a trojan that exfiltrates password data from sources such as the macOS keychain, 1Password vaults, and browser auto-fill data. Apple disclosed Proton as a threat in February 2017, around the same time that web monitoring company Sixgill found an early version of the malware featuring various spyware and phishing capabilities in a Russian cybercrime forum. Then in May 2017, attackers replaced an installation package for open-source digital video file transcoder HandBrake with Proton in order to infect Mac users with a more recent variant. "The most frightening aspect of this event was how many experienced, security-minded people were either infected or nearly infected," the Malwarebytes report states.

Based on its analysis, Malwarebytes predicts that Mac users in 2018 will be especially plagued by Potential Unwanted Programs (PUPs), which Reed said have already become a nuisance this year, filling the Mac App Store's pages of adware and fake anti-virus products.

"The fact they have spread into the Mac App Store [is] very concerning because that was supposed to be one of the last bastions of safe software downloads, and it's not actually so safe anymore," said Reed. "These are not well controlled by Apple and not commonly known of even within the security community.

Reed said that many anti-virus PUPs, especially the free ones, "will often tell you that you have to go and download some other app to clear up your machine, and that app will not be free. And worse, these paid apps don't actually do what they claim to do."

As for Android systems, Malwarebytes has observed a 137.8 increase in screen locker ransomware from Q1 to Q2. Fortunately, said Reed, Google is introducing new protections into its forthcoming Android Oreo operating system, that will makes render many screen lockers ineffective. “One of the big features of Android Oreo is it's going to prevent apps from taking over the screen, so that will really address the screen locker issue in large part,” said Reed.

In the first half of 2017, three malware families, Jisut and SLocker and Koler, compromised nearly 95 percent of ransomware detected on Malwarebytes-protected Android devices, with Jisut alone making up 60 percent of detections. "These threats are typically distributed to Android mobile users masked as fake software updates or they are bundled in infected applications," the report explains.

Android malware detections in general increased 5.5 percent from Q1 to Q2, largely to due to an increase in the detection of trojans, which can include ransomware, banking malware and backdoor programs. Trojans were responsible for 48.4 percent of Malwarebytes' Android malware detections in the first half of the year, with PUPs comprising another 47.1 percent of detections over the same time period.

In its report, Malwarebytes said it foresees an increase in hidden advertising and click fraud malware in 2018, as well as a rise in ransomware actually introduces legitimate encryption functionality into their attacks. "Most ransomware on Android has not used encryption, but... that will change in order for attackers to keep their revenue stream active," the report states.

"This really just follows ransomware's similar evolution on Windows," Reed concluded.

Mark James, security specialist at ESET emailed SC to add, "MAC Malware has been steadily on the rise for some time- to be honest any machine that runs an operating system and connects to the internet or a network in any way shape or form is susceptible to malware. Windows has always been known as a malware magnet, but if you look at the ratio between windows and MAC it makes more sense to write malware for windows if you're looking for a return on your investment. That's not to say of course that you could increase your attack vector by pulling MAC's into your target zone and infecting both.”

James advises that, “Keeping safe is a good mix of various methods to not only defend against infection, but also to recover if anything actually manages to get through. Using a good regular updating multi-layered internet security product along with point-in-time backups stored offline or offsite will help you enormously. Sadly these days you also have to have your wits about you as you surf- being very cautious when clicking email or web links, and keeping your operating system and applications up to date is a must if you want to stay protected."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews