X

The Mac malware most likely to attack your PC this year

These are the 10 malware families used the most in new macOS attacks over 2019.
By Charlie Osborne, Contributing Writer
screenshot-2019-07-02-at-11-53-27.png
1 of 8 Charlie Osborne/ZDNET

OSX.Dok

According to SentinelOne, a new variant of OSX.Dok appeared in January which is actively targeting macOS users. The malware installs a hidden version of Tor and aims to compromise user traffic by redirecting activity to a hidden onion server. 

VirusTotal sample

screenshot-2019-07-02-at-12-04-41.png
2 of 8 Charlie Osborne/ZDNET

CookieMiner

CookieMiner is a cryptocurrency mining malware that attacks Mac machines in the quest for cookies associated with crypto trading posts, alongside Google Chrome credentials. 

The malware installs a Monero cryptocurrency miner, backdoor, and a slew of other tools to not only mine for virtual coins but also to raid victim wallets. 

VirusTotal sample

screenshot-2019-07-02-at-12-10-24.png
3 of 8 Charlie Osborne/ZDNET

Lazarus

Lazarus, an APT group connected to North Korea, makes use of a macOS backdoor spread through weaponized Microsoft Word documents. The threat group has recently been spotted striking cryptocurrency exchanges and South Korean businesses in a campaign known as AppleJeus which will drop different payloads depending on whether Windows or macOS machines are in play. 

VirusTotal sample

screenshot-2019-07-02-at-12-05-33.png
4 of 8 Charlie Osborne/ZDNET

Pirrit

In April, researchers spotted a new strain of macOS malware known as Pirrit. While there are related samples on VirusTotal, the new variant is not picked up by the majority of antivirus engines. Pirrit is an adware and browser hijacking form of malware. 

Read more: Cybereason 

screenshot-2019-07-02-at-12-06-32.png
5 of 8 Charlie Osborne/ZDNET

OSX.Siggen

OSX.Siggen is a form of macOS malware spread through drive-by downloads. The malicious code masquerades as a WhatsApp application and creates a backdoor on infected machines, likely for the purposes of adding PCs to botnets. 

VirusTotal sample

screenshot-2019-07-02-at-12-11-21.png
6 of 8 Charlie Osborne/ZDNET

OSX Loud Miner

Loud Miner is an interesting form of macOS malware which began making the rounds in June with the infection of cracked versions of popular software including Ableton Live. It is believed over 100 virtual studio apps could be harboring the malware.

Loud Miner installs Linxus emulators to mine for cryptocurrency. By infecting resource-intensive software, it is likely the developers hope mining activities are masked. 

VirusTotal sample

screenshot-2019-07-02-at-12-07-39.png
7 of 8 Charlie Osborne/ZDNET

KeyStealDaemon

KeyStealDaemon is an exploit leveraging a macOS vulnerability, CVE-2019-8526, which impacts users that have not updated their software to a version beyond macOS 10.11 El Capitan. The malware can be used in privilege escalation attacks to access the macOS Keychain.

VirusTotal sample

screenshot-2019-07-02-at-12-08-42.png
8 of 8 Charlie Osborne/ZDNET

OSX/Linker

OSX/Linker is a form of malware which abuses a zero-day vulnerability in Gatekeeper. Malicious Adobe FlashPlayer installer samples were found which contained the malware and given the bug allowed Gatekeeper to be bypassed, users may find themselves mounting malicious disk images without warning. 

VirusTotal sample

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes
Holiday lights in Central Park background

Related Galleries

Holiday wallpaper for your phone: Christmas, Hanukkah, New Year's, and winter scenes

21 Photos
Winter backgrounds for your next virtual meeting
Wooden lodge in pine forest with heavy snow reflection on Lake O'hara at Yoho national park

Related Galleries

Winter backgrounds for your next virtual meeting

21 Photos
Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes
3D Rendering Christmas interior

Related Galleries

Holiday backgrounds for Zoom: Christmas cheer, New Year's Eve, Hanukkah and winter scenes

21 Photos
Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza
img-8825

Related Galleries

Hyundai Ioniq 5 and Kia EV6: Electric vehicle extravaganza

26 Photos
A weekend with Google's Chrome OS Flex
img-9792-2

Related Galleries

A weekend with Google's Chrome OS Flex

22 Photos
Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup
shutterstock-1024665187.jpg

Related Galleries

Cybersecurity flaws, customer experiences, smartphone losses, and more: ZDNet's research roundup

8 Photos
Inside a fake $20 '16TB external M.2 SSD'
Full of promises!

Related Galleries

Inside a fake $20 '16TB external M.2 SSD'

8 Photos