Why Apple Malware is Increasing
A look at the types of malware and threats targeting Apple devices and some solutions to protect them.
Not long ago Apple computers were used mainly in the education sector and by creative professionals (desktop publishing). Today, we see MacBooks, iPads, and iPhones used across industries and Apple devices have increased their footprint in the business world. Powered by macOS, iPadOS, and iOS respectively, these devices are increasingly being connected to enterprise networks. Apple devices were once known to be more secure than PCs, with few viruses or malware being reported. That is no longer the case today, and Apple device users are being increasingly targeted. Although Apple is quick to respond to reported vulnerabilities, with patches and software updates, it is up to system administrators to update user devices on time — and to govern their use, Let’s take a look at the threats or risks and then look at some solutions.
Image credit: Laptop mockup psd created by freepik – www.freepik.com
According to IDC, macOS devices were used in 23% of U.S. enterprises in 2021, iPhones accounted for 49% of business smartphones and iPads were the most-used tablets in the workplace.
“Growth in Mac usage among business users, especially for employees working remotely and given their choice of PC device, is pushing more businesses to formally adopt management tools and strategies around macOS, along with iOS/iPadOS and tvOS,” said Phil Hochmuth, program vice president, enterprise mobility and client endpoint management, IDC.
Alcyr Araujo, founder and CEO of Mosyle tells me that one factor driving the growth of Apple devices in the enterprise is a young workforce for which a MacBook, iPad, or iPhone was their first computing device. Some of them work as gig workers, freelancers, or apprentices. And they bring their own devices to the workplace since they are at ease using these.
At the top end of the organization chart, managers and C-suite executives bring their high-end iPads and iPhones to work and request connectivity to the enterprise network.
The work-from-home and hybrid work culture has also dissolved the separation barrier between work and personal devices — it’s quite common to see the same device used for both purposes.
It’s become common for enterprises to ask employees about their preference for devices – Windows or Mac – during onboarding or device refreshes. And most choose Apple because of its simple interface and easy troubleshooting.
But there are strategic reasons why organizations are in favour of Apple, and this has to do with productivity and support costs.
Enterprises are also happy to choose Apple because it requires less support personnel for Apple devices than for Windows devices. The time to resolution is also faster on Apple devices, and fewer tickets are generated.
Time to Resolution is a customer service metric measuring the average amount of time between when a customer interaction is created and when that interaction is marked as “resolved.” Time To Resolution may also be called Mean Time to Resolution or Time to Resolve and abbreviated as MTTR or TTR (Source: Helpscout).
Users of Apple devices are also known to be more productive, as less time is spent on learning the interface or troubleshooting system or application issues.
The tight integration of OS, apps, and hardware in the Apple ecosystem ensures smooth operation and infrequent application or system hang or freeze.
But there is still the malware threat that can spoil the party.
Apple Malware Threats
Here are some examples of malware targeted at macOS and iOS devices:
This malware variant was discovered by Volexity in late 2021 on a system running frp – or fast reverse proxy – where it detected internal port scanning activity. The traffic was determined to be unauthorized and was coming from a MacBook Pro running macOS 11.6 – Big Sur. The system was immediately isolated for forensic analysis.
Volexity researchers determined that this malware was being used in targeted attacks by Storm Cloud, a Chinese espionage threat actor active across Asia, but that it had not been written specifically for macOS. They traced the attack back to IPStorm, a malware botnet first spotted last year targeting Windows systems that has since evolved to infect other platforms, such as Android, Linux and Mac devices.
In February 2021, Cyber security company Red Canary published findings of Silver Sparrow, a payload-less malware compiled to execute natively on Apple Silicon chips. This malware is notable for being one of the first to include native code for Apple’s new M1 chips.
XcodeSpy malware for macOS spreads via malicious Xcode projects. It installs a custom Eggshell backdoor.
With powerful processors like the M1 chip and the A-series bionic processors used in Apple devices, malicious actors are tapping the computing power for cryptomining. In February, Trend Micro found that a coinminer sample sourced in early January 2022 uses several modified open-source components.
The sample used i2pd – a C++ implementation of the Invisible Internet Protocol client – to hide its network traffic. Trend Micro says the use of i2pd in a Mac malware sample is new.
Malware written specifically for Apple devices is rare today, and Silver Sparrow malware is one of the few exceptions. Experts say malware targeting Apple devices are mainly variants of malware created for other platforms.
“I believe the number of Apple-only malware is still not alarming. We can see more versions of the same malware as an attempt to evade any kind of control that solutions would be able to have on those devices. And I believe it’s a consequence of the growing number of Apple devices in the enterprise,” says Mosyle’s Araujo.
Writing malware specifically for Apple devices will require a new approach, due to their strong OS security framework and security features, such as app sandboxing, system integrity protection, and built-in anti-malware, such as XProtect.
So the growth of Apple-specific malware is still far smaller than that seen on Windows and Linux platforms.
So in that sense, Apple devices are more secure. Still, users and organizations that use Apple devices need to take certain precautions and use solutions that are specifically tailored for macOS platforms.
Also see: Secure Your Mobile Devices and Wireless Connections When Working From Home
MDM and MAM
When the bring your own device or BYOD concept was introduced in organizations, their IT support staff insisted on installing Mobile Device Management (MDM) and Mobile Application Management (MAM) solutions.
Apple iOS, iPadOS, macOS and tvOS have a built-in framework that supports mobile device management. According to Apple, MDM lets you securely and wirelessly configure devices by sending profiles and commands to the device, whether they’re owned by the user or the organisation. MDM capabilities include updating software and device settings, monitoring compliance with organisational policies, and remotely wiping or locking devices. Users can enrol their own devices in MDM, and organisation-owned devices can be enrolled in MDM automatically using Apple School Manager or Apple Business Manager.
MAM is a set of software solutions that enables administrators to securely deploy and manage mobile applications on corporate and personal smartphones and tablets. (Source: appaloosa).
Examples of Apple MDM solutions are Mosyle, ManageEngine, Jamf, Zscaler.
End-users should also ensure that there is an anti-malware package installed on their devices. Anti-virus/anti-malware developers offer both, Windows and macOS versions. Some can also run on mobile devices. When opting for a package, look for a subscription plan that covers multiple devices. Some subscriptions include up to 5 devices. With the same subscription, you can protect your desktop, laptop, desktop, phone, and tablet.
Examples: BitDefender, Norton360, McAfee, Panda, Kaspersky.
In addition to anti-malware, a system optimiser looks after the “health” of your MacBook device by monitoring the performance of all subsystems. It can also free up RAM, clean up junk files, cookies, and uninstall infrequently used applications. This maintenance will prevent your apps and system from crashing. System optimisers make your device faster and perform at their peak.
Examples: CleanMyMac (Windows version: CleanMyPC).
Apple devices are very secure out of the box and the company ensures that its operating systems are quickly patched when bugs are reported. But as more companies adopted work from home and hybrid work models, malicious actors have started targeting Apple devices.
If you use an Apple device for work, and it is connected to the corporate network, it becomes an endpoint – and could pose a threat to the network. You Apple endpoint device becomes a gateway to the company network, and hackers could target your device through phishing attacks and malware.
To minimize the risk, ensure that your device has an MDM solution installed as well as anti-malware.