There is sometimes a common urban myth mentioned around the office water cooler. The myth is that Macs don’t get infected by viruses. This myth was partly spread by an Apple advertising campaign which featured in 2009 which formed part of the “Get a Mac” campaign. One of the key selling points of this campaign was that Macs didn’t suffer from the “thousands” of viruses, or more commonly referred to today as malware, which plagued Microsoft computers. Over time it was proven that Macs are not exposed to the multitude of malware strains which target Windows systems. The reasons for this are the following:
- Small market share. There is some truth to the “security through obscurity” argument. Many virus writers are motivated by the power they can command, and the money they can make, by seizing control of large numbers of computers. That puts a financial premium on Windows malware as globally there are far more Windows computers than those running Mac OS.
- Mac Operating Systems, with its Unix-based file system and kernel, is harder to infect with a self-replicating program. Windows, as I understand it, allows users to write run executable code outside their own protected memory space; Mac OS X does not.
However, the myth that Macs are in some sense invulnerable and come with a built-in anti-malware force field is not true. Macs actually are affected by malware and have been for most of their existence. One of the first pieces of malware to become popularised, ElkCloner affected Apple computers rather than the then MS-DOS computers. Security research firms are discovering malware targeting Macs more frequently on a year to year basis.
With the surge in popularity of cryptocurrencies like Bitcoin, Ethereum, and many others utilizing blockchain technology a new type of malware has risen in conjunction with cryptocurrencies. These new malware strains are called Crypto miners and some have been seen to infecting Macs.
What exactly are Crypto miners?
Currently, there are two ways you can get cryptocurrencies, one way is to buy them and the other is to mine them. There have been instances of hacks targeting the wallets of cryptocurrency buyers. These often rely on hackers exploiting vulnerabilities within wallets website or servers. Crypto miners rather rely on mining the actual currency. A Crypto miner sometimes referred to as a crypto jacker, can be defined as a piece of malware which uses the CPU power of the target device to mine cryptocurrency, with the profits being directed back into the wallet of the attacker.
There use and popularity has become so widespread that researchers believe that they are fast becoming more popular than the use of ransomware by cybercriminals. Security researchers have stated that the activity generated by Crypto Miners was the most detected network event in devices connected to home routers in 2017. The use of such malware ascent can only be described as meteoric. In October 2017 prevalence of Crypto Miner detections peaked at 116,361 events with many of those detections occurring in Japan, India, Taiwan, the U.S., and Australia. In order to understand the appeal for cybercriminals to use Crypto Miners one needs to understand the financial motivation. In February 2018 it was reported that one operation which installed malware on servers running Jenkins, an automation software designed for web development, mined roughly 3.4 million worth of Monero. That is essentially a payday the vast majority of individuals can only dream about. Monero is a popular choice for criminals to mine because of its increased privacy and anonymity features. This situation is further made problematic by the availability of applications like Coinhive, which allows owners of websites to mine currency when visitors visit their webpage. Such applications are abused by cybercriminals to continually maliciously mine for maximized profits.
Crypto Miners present very real Dangers
Besides the ethical issues and issues of the illegality of crypto miners, these types of malware can provide real problems. Problems that can result in a major financial loss for the victim be they individual or company. In February of this year, Metro reported that a two-floor apartment building in Artem, near Vladivostok, went up in flames. The fire was caused by a resident illegally using the apartment blocks electricity to mine Bitcoin. It is believed that a power surge caused the circuits to overheat, fail, and result in a fire that gutted the apartment building. Luckily in this instance, nobody lost their life. The above example did not involve a Crypto Miner but it is not outside the realms of possibility one could cause such an event.
As the miner uses the devices CPU, be it a smartphone, tablet, or personal computer, it causes an extra load upon the chipset. At the very least this will increase the power consumption of the device. The device will also become noticeably slower. While the CPU can handle increased loads for short spaces of time, however, the CPU running at 100% of the time for extended periods can cause a critical failure. In a recent article security researchers at Radiflow, a company that specializes in securing critical infrastructure, noticed miners infecting industrial control systems. The researchers feared such miners would inevitably have a severe impact on such systems. In the same article Marco Cardacci, a consultant for the firm RedTeam Security, which specializes in industrial control said,
The major concern is that industrial control systems require high processor availability, and any impact to that can cause serious safety concerns. Such systems control things like power grids and dam wall, a catastrophic failure in those instances could be disastrous.
The above is a nightmare scenario but Crypto Miners can easily cause major failures in the devices we use daily. Russian security firm Kaspersky reported detecting mobile malware that mines Monero, bombards users with unwanted ads, and can even be used to launch denial of service attacks. After two days of testing an infected device showed physical trauma: the overworked battery swelled up, damaging the phone’s outer shell. Some cyber criminals want their miners to run for as long as possible in order to evade detection, thus programmed to operate when CPU cycles are not being utilized on other things. However, not all malware authors are this cunning. A hacker who just copied someone else code in the hop of striking it rich may drive a CPU incredibly hard for an extended period of time placing the CPU at risk of catastrophic failure. This will result in the CPU or the entire device being replaced at obvious expense to the victim.
How to detect if your Mac is infected
As was mentioned above Macs are not invulnerable to malware infections and they certainly aren’t invulnerable to Crypto Miners. Security researchers recently reported on a miner being distributed via MacUpdate. The miner was called OSX.CreativeUpdate was designed to sit in the background and use your computer’s CPU to mine the Monero. The malware was spread via hacking of the MacUpdate site, which was distributing maliciously-modified copies of the Firefox, OnyX, and other applications.
It is inevitable that these now popular malware strains will evolve and change in the near future. They will have different key identifiers and some will develop even more cunning ways to avoid detection. That doesn’t mean that they cannot be detected. One of the key indicators that your Mac may be infected boils down to CPU usage. This can be checked by simply opening a resource monitor on your computer to check if CPU usage is abnormally high. On a Mac, such a resource monitor can be found in the Activity Monitor that comes with the operating system.
The following could be indicators of infection:
- If you see a spike in CPU usage when visiting a particular website that shouldn’t really be that taxing on your processor.
- If you have everything closed but CPU usage is still super high, then you may have a crypto mining malware problem.
- It is hard to say what “normal” CPU usage looks like since computer processing power and the applications people run vary so much, but a suddenly elevated level of CPU usage would indicate an abnormal increase in demand for processing power indicating possible infection.
The above are examples of measures you can easily adopt to prevent such infections from occurring or at least detecting them. Researchers at IBM have detected more sophisticated malicious miners recently. These more sophisticated examples are delivered through infected image files or by clicking on links leading to a malicious site. Such attacks tend to target enterprise networks who have far more CPUs and resources on offer to the attacker. However, like their less sophisticated cousins, they can be detected by monitoring CPU usage. For these more sophisticated strains, there are methods to help remove them if you have been infected. There are excellent third-party applications designed for the detection and removal of Crypto Miners such as Combo Cleaner.
Crypto Miners not the only Malware infecting Macs
While much of the above piece is dedicated to the understanding and detection of Crypto Miners, it is not only these strains of malware which can infect a Mac. While miners are predicted to be the dominant malware trend of this year, that nefarious title was held by ransomware for the previous year. Ransomware can be defined as a malicious program looks to encrypt user’s data so they cannot access their files. Once files are encrypted a ransom note is made available to the user that instructs how payment must be made in order to decrypt the data. The user’s data is effectively taken from them till they pay a ransom. More often than not payment is to be paid in Bitcoin or any other cryptocurrency the cybercriminal has taken a shine to. One of the more recent strains of ransomware seen to infect Macs was seen in 2017. Unoriginally called McRansom it was by no means the most sophisticated piece of ransomware. It could only encrypt a maximum of 128 files. The danger it posed was due to how poorly it was designed. In encrypting the files it also mangled them so when the victim paid the 700 USD ransom there was no guarantee that the files could be accessed again. Another variant called KeRanger was discovered in 2016. It affected some 7,000 Mac users was distributed via a compromised Transmission installer.
Another type of malware all too prevalent that can infect Macs is Adware. This is software designed to display advertisements, usually within a web browser. It can do this by either disguising itself as legitimate or piggybacks on another program in order to be installed. Once infected adware changes the way your browser behaves by injecting ads into web pages, causing pop-up windows or tabs to open, and changing your homepage or search engine. This is done with the intention of funneling advertising dollars away from companies who pay for online ads and into their own accounts as well as being incredibly frustrating for the victim. To this extent, Mac users are advised to make sure browser pop up blockers are activated to help prevent further infections.
It would be great if Macs were invulnerable to all types of malware infection. The truth is they are not. It is vital that users educate themselves as to the threats they face, this greatly helps prevent your day been spoiled by a cybercriminal. Unfortunately, some are incredibly cunning and you might not be able to detect you have a problem until it is too late. Programs like Combo Cleaner are the extra measure of defense recommended for Mac users. The company specializes in the detection and removal of malware which targets Mac OS. They also have a dedicated team of researchers who work continually to detect future threats before they become your problem.