/>
X

Join or Sign In

Register for your free ZDNet membership or if you are already a member, sign in using your preferred method below.

Use your email Use Linkedin Use Facebook

The Mac malware most likely to attack your PC this year

These are the 10 malware families used the most in new macOS attacks over 2019.

|
charlie-osborne.jpg
|
Topic: Apple
screenshot-2019-07-02-at-11-53-27.png
1 of 8 Charlie Osborne/ZDNet

OSX.Dok

According to SentinelOne, a new variant of OSX.Dok appeared in January which is actively targeting macOS users. The malware installs a hidden version of Tor and aims to compromise user traffic by redirecting activity to a hidden onion server. 

VirusTotal sample

screenshot-2019-07-02-at-12-04-41.png
2 of 8 Charlie Osborne/ZDNet

CookieMiner

CookieMiner is a cryptocurrency mining malware that attacks Mac machines in the quest for cookies associated with crypto trading posts, alongside Google Chrome credentials. 

The malware installs a Monero cryptocurrency miner, backdoor, and a slew of other tools to not only mine for virtual coins but also to raid victim wallets. 

VirusTotal sample

screenshot-2019-07-02-at-12-10-24.png
3 of 8 Charlie Osborne/ZDNet

Lazarus

Lazarus, an APT group connected to North Korea, makes use of a macOS backdoor spread through weaponized Microsoft Word documents. The threat group has recently been spotted striking cryptocurrency exchanges and South Korean businesses in a campaign known as AppleJeus which will drop different payloads depending on whether Windows or macOS machines are in play. 

VirusTotal sample

screenshot-2019-07-02-at-12-05-33.png
4 of 8 Charlie Osborne/ZDNet

Pirrit

In April, researchers spotted a new strain of macOS malware known as Pirrit. While there are related samples on VirusTotal, the new variant is not picked up by the majority of antivirus engines. Pirrit is an adware and browser hijacking form of malware. 

Read more: Cybereason 

screenshot-2019-07-02-at-12-06-32.png
5 of 8 Charlie Osborne/ZDNet

OSX.Siggen

OSX.Siggen is a form of macOS malware spread through drive-by downloads. The malicious code masquerades as a WhatsApp application and creates a backdoor on infected machines, likely for the purposes of adding PCs to botnets. 

VirusTotal sample

screenshot-2019-07-02-at-12-11-21.png
6 of 8 Charlie Osborne/ZDNet

OSX Loud Miner

Loud Miner is an interesting form of macOS malware which began making the rounds in June with the infection of cracked versions of popular software including Ableton Live. It is believed over 100 virtual studio apps could be harboring the malware.

Loud Miner installs Linxus emulators to mine for cryptocurrency. By infecting resource-intensive software, it is likely the developers hope mining activities are masked. 

VirusTotal sample

screenshot-2019-07-02-at-12-07-39.png
7 of 8 Charlie Osborne/ZDNet

KeyStealDaemon

KeyStealDaemon is an exploit leveraging a macOS vulnerability, CVE-2019-8526, which impacts users that have not updated their software to a version beyond macOS 10.11 El Capitan. The malware can be used in privilege escalation attacks to access the macOS Keychain.

VirusTotal sample

screenshot-2019-07-02-at-12-08-42.png
8 of 8 Charlie Osborne/ZDNet

OSX/Linker

OSX/Linker is a form of malware which abuses a zero-day vulnerability in Gatekeeper. Malicious Adobe FlashPlayer installer samples were found which contained the malware and given the bug allowed Gatekeeper to be bypassed, users may find themselves mounting malicious disk images without warning. 

VirusTotal sample

Related Galleries

Apple Watch Series 7: Unboxing and first impressions
Hello QWERTY keyboard

Related Galleries

Apple Watch Series 7: Unboxing and first impressions

First look at the YubiKey Bio
YubiKey Bio

Related Galleries

First look at the YubiKey Bio

First look: iPhone 13 Apple event [in pictures]
california-streaming-2.jpg

Related Galleries

First look: iPhone 13 Apple event [in pictures]

iOS 15 Tips app teaser
Available in the Tips app.

Related Galleries

iOS 15 Tips app teaser

Nomad Rugged Leather Moment case: MagSafe, 10-foot protection, and advanced lens support
nomad-moment-iphone-12pm-1.jpg

Related Galleries

Nomad Rugged Leather Moment case: MagSafe, 10-foot protection, and advanced lens support

Finding a lost AirTag
Here is the AirTag

Related Galleries

Finding a lost AirTag

CASETiFY MagSafe cases for iPhone 12: Customizable protection with support for Apple's technology
casetify-magsafe-iphone-12-1.jpg

Related Galleries

CASETiFY MagSafe cases for iPhone 12: Customizable protection with support for Apple's technology