/>
X

The Mac malware most likely to attack your PC this year

These are the 10 malware families used the most in new macOS attacks over 2019.
screenshot-2019-07-02-at-11-53-27.png
1 of 8 Charlie Osborne/ZDNet

OSX.Dok

According to SentinelOne, a new variant of OSX.Dok appeared in January which is actively targeting macOS users. The malware installs a hidden version of Tor and aims to compromise user traffic by redirecting activity to a hidden onion server. 

VirusTotal sample

screenshot-2019-07-02-at-12-04-41.png
2 of 8 Charlie Osborne/ZDNet

CookieMiner

CookieMiner is a cryptocurrency mining malware that attacks Mac machines in the quest for cookies associated with crypto trading posts, alongside Google Chrome credentials. 

The malware installs a Monero cryptocurrency miner, backdoor, and a slew of other tools to not only mine for virtual coins but also to raid victim wallets. 

VirusTotal sample

screenshot-2019-07-02-at-12-10-24.png
3 of 8 Charlie Osborne/ZDNet

Lazarus

Lazarus, an APT group connected to North Korea, makes use of a macOS backdoor spread through weaponized Microsoft Word documents. The threat group has recently been spotted striking cryptocurrency exchanges and South Korean businesses in a campaign known as AppleJeus which will drop different payloads depending on whether Windows or macOS machines are in play. 

VirusTotal sample

screenshot-2019-07-02-at-12-05-33.png
4 of 8 Charlie Osborne/ZDNet

Pirrit

In April, researchers spotted a new strain of macOS malware known as Pirrit. While there are related samples on VirusTotal, the new variant is not picked up by the majority of antivirus engines. Pirrit is an adware and browser hijacking form of malware. 

Read more: Cybereason 

screenshot-2019-07-02-at-12-06-32.png
5 of 8 Charlie Osborne/ZDNet

OSX.Siggen

OSX.Siggen is a form of macOS malware spread through drive-by downloads. The malicious code masquerades as a WhatsApp application and creates a backdoor on infected machines, likely for the purposes of adding PCs to botnets. 

VirusTotal sample

screenshot-2019-07-02-at-12-11-21.png
6 of 8 Charlie Osborne/ZDNet

OSX Loud Miner

Loud Miner is an interesting form of macOS malware which began making the rounds in June with the infection of cracked versions of popular software including Ableton Live. It is believed over 100 virtual studio apps could be harboring the malware.

Loud Miner installs Linxus emulators to mine for cryptocurrency. By infecting resource-intensive software, it is likely the developers hope mining activities are masked. 

VirusTotal sample

screenshot-2019-07-02-at-12-07-39.png
7 of 8 Charlie Osborne/ZDNet

KeyStealDaemon

KeyStealDaemon is an exploit leveraging a macOS vulnerability, CVE-2019-8526, which impacts users that have not updated their software to a version beyond macOS 10.11 El Capitan. The malware can be used in privilege escalation attacks to access the macOS Keychain.

VirusTotal sample

screenshot-2019-07-02-at-12-08-42.png
8 of 8 Charlie Osborne/ZDNet

OSX/Linker

OSX/Linker is a form of malware which abuses a zero-day vulnerability in Gatekeeper. Malicious Adobe FlashPlayer installer samples were found which contained the malware and given the bug allowed Gatekeeper to be bypassed, users may find themselves mounting malicious disk images without warning. 

VirusTotal sample

Related Galleries

A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos
Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup
Asian woman working at a desk in front of a computer and calculator

Related Galleries

Hybrid working, touchscreen MacBook hopes, cybersecurity concerns, and more: ZDNet's tech research roundup

8 Photos
Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup
Person seated at a booth in a cafe looks at their phone and laptop.

Related Galleries

Developer trends, zero-day risks, 5G speeds, and more: Tech research roundup

10 Photos
Drive Electric Day: A dizzying array of EVs in sunny Florida
ca3b4019-26c5-4ce0-a844-5aac39e2c34b.jpg

Related Galleries

Drive Electric Day: A dizzying array of EVs in sunny Florida

16 Photos
Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on
s22-ultra-incipio-coach-cases-2.jpg

Related Galleries

Incipio, Kate Spade, and Coach cases for Samsung Galaxy S22 Ultra: hands-on

15 Photos