THE GREAT MALWARE MISCONCEPTION
Demystifying malware myths with Malwarebytes.
“MacOS is more secure than Windows” – a saying that you probably would have heard about numerous times before. In fact, Apple themselves even proclaimed that Macs “doesn’t get PC viruses”, and that it “isn’t susceptible to the thousands of viruses plaguing Windows-based computers” as part of its ‘Why you’ll love a Mac’ marketing campaign back in 2010.
But have you actually wondered if there was ever any truth to these adages, especially in this day and age? To help us separate fact from fiction, we consulted Thomas Reed, the Director of Mac and Mobile at Malwarebytes. It has long been said that Mac users need not worry about their systems being infected by spyware or malware. Has this been a grave misconception all along? Or has there been a sudden influx of Mac-specific malware threats over the recent months?
Many believe that the Mac is immune to malware, but that’s far from true. It’s been a misconception from day one. For the Mac, malware is still a far smaller problem than it is on Windows, but it is growing at an alarming rate. In 2017, we’ve seen that malware has increased by 220 percent over last year, and we’re not even done with the year yet.
We see adware and PUPs (potentially unwanted programs) as being the biggest problem on the Mac these days. Especially for PUPs, they are increasingly being exploited lately, and the numbers are growing rapidly. We’re already seeing quite a number of them on the Mac App Store.
People believe the Mac App Store is a totally secure and safe environment from which to download software. That is no longer the case. There are lots of “bad software” out there that promise to do things which they can’t. For example, there are a number of fake anti-virus programs readily available on the Mac App Store.
The average consumer would be none the wiser, but we have a whole bunch of malware samples to test them with, and what we found is that they don’t protect you from anything.
So, why go through the hassle of developing malware specifically for Mac when there are significantly more consumers and businesses out there that are running on a Windows operating system?
While more consumers and businesses are running on a Windows operating system, the market share of Mac has been increasing over the years. Go back 10 years, and the Mac was more of a niche market and not as common as it is today. While the Mac has more security features today than it did 10 years ago, it is also facing far more malware than it used to.
At Malwarebytes, we believe everyone has a fundamental right to a malware-free existence, no matter the platform they are using, whether it be Android, Windows, or Mac. We look towards creating specific solutions for each platform, as differing operating systems face different security problems.
Cybercriminals are known to go where the money is, and seeing that Macs are getting more popular – with quite a number of people believing there are no viruses on the Mac, and are therefore not taking any precautions – it is only a matter of time before Macs become big money for hackers.
Whilst the magnitude of the threats that Macs are encountering today is still some ways off from being as severe as Windows, they are on track to being a big problem in the future. As such, at Malwarebytes, we continue to look at building out our capabilities to ensure our Mac users are adequately protected today, as well as in the future. Can you provide some examples on how malware can wreak havoc on a Mac system? A worst-case scenario, perhaps?
The worst thing that malware can do to most people is to destroy or steal their personal information. Unfortunately, doing so is almost trivially easy. Such attacks require no special permissions, so any application that the user allows to open could execute such an attack instantly. This means that using social engineering to trick a person into running a piece of malware may be the only barrier between that person and a nasty infection, unless there is something like Malwarebytes for Mac installed to actively protect against this kind of thing. Malwarebytes recently discovered that the number of Android malware cases between Q1 to Q2 2017 in countries like Thailand and Singapore have increased exponentially, but not so much in Malaysia. Why is this the case? What do you think Android smartphone users in Malaysia are doing differently compared to their Singaporean and Thai counterparts?
We did see a significant quarter-on-quarter percentage increase in Singapore, with about 23,000 instances of malware detected in Q1, versus about 29,500 instances in Q2. However, it might be misleading to say that this is an exponential increase, because in this particular context, a 28-percent increase translates to 6,000 instances, whereas in Malaysia, we are seeing more than 160,000 instances of malware per quarter. Unfortunately, we are currently unable to provide a distinct causality for the increase in malware we are seeing in various countries, and this is something that will require further study. Why should Android users be concerned about their devices being infected by malware? Or, in other words, what’s the worst that could happen?
On Android, about half of what we have detected are malware and trojans. Of those trojans, the majority of what we’re seeing are screen locker and ransomware programs. Both can render your Android device useless, or what we like to term ‘bricking’. Once infected with ransomware or screen lockers, users are effectively locked out of the device, unless one has the proper remediation tools, or pay a ransom to the hacker and are lucky enough to have their device un-encrypted or unlocked.
We don’t recommend paying the ransom, as there is no guarantee that you will have your files returned. For many individuals who encounter such malware and do not have the right remediation tools, the only option ends up being ditching their device and buying a new one. They say due diligence (and a little common sense) goes a long way when it comes to keeping your system or mobile device safe from malware. But is this no longer the case?
In the future, we expect that PUPs will become a bigger problem than malware. This is because hackers believe that not many cybersecurity companies are willing to take risks associated with detecting PUPs, as the companies that created them have phone numbers, addresses, and even lawyers.
In addition, unlike creating malware, once the hackers have built a PUP, they can put it on the internet and have it do nothing for a couple of years while the PUP continues to generate good money for them.
Antivirus software with machine learning technologies can detect malware automatically, as there are certain behaviors malware execute, making them easier to detect and block. With PUPs, human intervention is required to make a judgment call on whether the app is bad. For example, the app may not be able to perform tasks it claims to be able to do such as ‘cleaning your system’, or ‘reducing battery drain’. Therefore, humans often have to make a decision on whether or not the program is legitimate, and it’s hard to teach people how to do that.
So even in terms of avoiding malware, the age-old advice of not clicking on suspicious links is definitely great advice. But then again, even the most shrewd cybersecurity researcher can have a bad day and make a bad decision. Hackers are also getting more sophisticated and are disguising their methods of delivery better. Some phishing attempts look so much like the real thing, that it is almost impossible to distinguish them. As hackers get more sophisticated, it makes sense to rely on realtime protection that can actively detect and block attacks even should one click on the wrong link – making it all the more necessary for people to move on from traditional anti-virus software to next-generation solutions such as Malwarebytes for Mac and Malwarebytes for Android.