According to Malwarebytes 2020 State of Malware Report, Mac threats have increased exponentially in comparison to those against Windows PCs, of course with a difference between the types of threats between the two operating systems. Nonetheless, in the end, it’s about the victims. Lately, researchers have reported new malware threats targeting both Mac and Windows.

The Mac threat

Researchers discovered two pieces of malware in a span of two weeks that appear to run natively on Apple’s recently introduced M1 System-on-Chip (SoC). The chips cover two key aspects for a machine -  increased performance and better security.
  • The first malware, an adware variant of Pirrit (first detected on Windows systems back in 2014), is packed with various anti-detection capabilities and fakes as a Safari extension.
  • Despite the threat, Thomas Reed, director of Mac & Mobile at cybersecurity firm Malwarebytes, said M1-powered Mac users need not worry about this malware.
  • The narrative appeared to take a turn after the disclosure of the second malware targeting the M1 chips by the analysts of Red Canary.
  • Dubbed Silver Sparrow, this mysterious piece of adware was found recently in at least 30,000 devices across 153 countries with prime targets in Canada, France, Germany, the U.K, and the U.S.
  • The malware has two versions - one targeting Intel-based Macs and the other capable of infecting both the older and M1-based devices.
  • As noticed by experts, actors use JavaScript API to execute suspicious commands, which is a rarity in the macOS malware world.

The end goals of these malware are yet unclear; however, we have a fair amount of clarity on the next Windows threat.

The Windows threat

Check Point researchers detected a new Office365 threat called APOMacroSploit that has victimized over 80 customers globally.
  • In this campaign, about 40 hackers used 100 different email sending services to target users in over 30 different countries.
  • The malware is most probably the creation of two French-based threat actors - Apocaliptique and Nitrix.
  • The actors made more than $5,000 in one and a half months just by selling the malware.
  • As per experts, APOMacroSploit builder weaponizes Excel documents that are capable of bypassing Windows Antimalware Scan Interface (AMSI), antivirus software, and even Gmail and other email-based phishing detection.

Malware attacks making ripples

  • A joint cybersecurity advisory warned against the AppleJeus malware, a threat activity by the Lazarus group targeting Mac devices while masquerading as a crypto trading software.
  • Researchers uncovered one of the largest Monero cyptojacking attacks on Windows and Linux devices by WatchDog malware operators.

It is also worth noting that both the attacks mark the actors’ profound interest in cryptocurrency.

The bottom line

By pioneering into untapped zones of computer hardware and software, cybercriminals demonstrate an improved distribution of malware, along with efficiency and precision in bypassing security filters. It doesn’t matter which OS is frequently targeted, it is absolutely crucial to implement cybersecurity countermeasures on both platforms. Experts advise SOC teams to first analyze the type of threats for a particular OS, for the given environment, and then develop a mitigation strategy.

Cyware Publisher