If you are a Mac user and you haven’t installed Big Sur yet, you may be at risk. Researchers say that a new type of malware has been infecting Mac computers since January. Thomas Brewster, cybersecurity editor for Forbes, relates:
“The hacks effectively take Mac security back a decade, according to Patrick Wardle, a former NSA analyst and a macOS security expert, who described it as one of the worst security issues to have ever hit the Apple operating system.”
How it works
What is so insidious about this malware is its ability to bypass all of Apple’s regular security checks once it is downloaded, thanks to an error in macOS’s logic that misclassifies its code. The bug masquerades as an app – albeit one that is not available via App Store or allowed by Apple.
According to Forbes, the malware was originally detected last month by security researcher Cedric Owens:
He found that certain scripts within apps were not checked by Gatekeeper. That came after he discovered Appify, a legitimate tool that had also managed to get past Gatekeeper checks back in 2011 with a tool allowing developers to create simple macOS apps with just a script. When Owens copied those techniques and tested his mock malware, he did it on an up-to-date macOS with the Gatekeeper settings set to the most restrictive. When he clicked on the download, it ran without any of the popups that should’ve warned he was about to run unapproved software. That gave him remote control over the test Mac.
How do I protect myself?
After Owens alerted Apple of the bug, they created a fix in Big Sur, the effectiveness of which he tested and confirmed himself. So the good news is that if you are a Mac user, downloading the latest version of Big Sur should get you covered.
[Bradley] said that as early as January 9, 2021, hackers running a known macOS malware called Shlayer had discovered and started using the zero-day vulnerability (one that hasn’t been patched at the time of exploitation.) The malware’s ultimate goal is to install adware on Macs, earning money for the fraudsters per faked clicks and views on advertisements. Often, Shlayer is installed on victims’ Macs via fake app installers or updaters. “Shlayer continues to be one of the most active and prevalent malware families for macOS,” added Bradley.
While it’s commonly held that “Macs don’t get hacked,” the sad reality is that they may have vulnerabilities just like other devices. Silver Sparrow malware recently breached an estimated 30,000 of the new M1 Macs.