Apple is doing a tremendous job keeping the macOS ecosystem safe from exploitation. It stays committed to the long-standing “walled garden” philosophy that reins in on the code allowed to run on its computers.
The features called XProtect and Gatekeeper block suspicious code before it causes damage, and the recently introduced M1 technology hardens the defenses at the hardware level. The Secure Enclave component safeguards users’ data through an isolated environment baked into Apple systems on a chip (SoCs).
These initiatives are warmly received by users and security professionals, but are they enough to fend off malware attacks? Unfortunately, no. Each time the Cupertino tech company raises the bar for foul play, threat actors come up with new ways to get around the increasingly strong protection.
The current state of the Mac threat landscape
According to Malwarebytes, Mac malware saw a 61% spike in 2020 versus 2019, with the average number of threats detected on endpoints outpacing Windows stats. The prevalent forms of malware on the rise are info-stealers, backdoors, adware, and crypto miners. The trend appears to be the case in 2021, too. A strain of adware called Silver Sparrow broke new ground in February 2021 by running natively on the latest-generation Mac machines with M1 chips on board. It hit roughly 40,000 computers in one go. Macs are also on the receiving end of massive browser hijacking schemes.
Furthermore, reports about zero-day vulnerabilities won’t stop surfacing. Earlier this month, Trend Micro researchers discovered a privilege escalation bug affecting macOS Big Sur. In May, Apple patched a loophole in its Transparency, Consent, and Control (TCC) framework used by the sneaky XCSSET malware to circumvent victims’ privacy preferences.
To recap, Macs have been in the crosshairs of bad guys over the past several years. The situation resembles a cat-and-mouse game where crooks keep masterminding new techniques to bypass countermeasures on Apple’s part.
Mac malware entry points and red flags
Most Mac threats infiltrate systems by means of bundling. This tactic revolves around embedding harmful components into app packages that seem to install some kind of benign software. In this scenario, the installation client’s default screen only mentions the harmless component, and it takes a good deal of digging into the extra options to explore what’s being promoted additionally.
The Flash Player update bundle advertised via deceptive pop-up ads on fishy websites had dominated the Mac adware distribution scene for years until January 2021 when Adobe stopped supporting its famous product. Crooks often embed their code into torrents and pirated versions of popular programs such as graphics editing and word processing tools.
When malware sneaks its way into a Mac, there are usually plenty of giveaways to identify it. One of the wake-up calls is the emergence of web push notifications on the desktop and redundant advertisements on visited websites. Unauthorized tweaks of web browser settings such as the default search engine and homepage are a telltale sign of a malware attack, too. System slowdown, combined with alerts recommending an “effective” optimization tool that’s scareware in disguise, is another common symptom to watch out for.
How to purge predatory apps from your Mac?
You have two options: use a trusted cleaning solution or find and delete all files spawned by the infection. Before applying the former technique, be sure to check the reputation of the anti-malware you are about to install. A good example of security software worth its salt is Malwarebytes for Mac. It comes with a free disinfection feature and boasts high detection scores.
Manual removal tends to be tedious, but it does the trick in most cases. You’ll need to find and uninstall recently added applications and browser extensions. One more step is to check the Launch Agents, Launch Daemons, and Application Support folders for new suspicious items and move them to the Trash.
One of the obstacles you may experience is that some types of harmful code establish persistence and won’t vanish until you terminate their process via the Activity Monitor and remove a rogue entry from the list of configuration profiles under System Preferences. When done, don’t forget to empty the Trash folder. No matter if you take the route of automatic or manual cleanup, the rule of thumb is to back up your important data in advance.
Another good habit is to report malware through the official Apple Support Community forums. This will help others avoid the threat. Furthermore, if the troublesome app was downloaded from the App Store, your feedback will encourage Apple’s security teams to reassess its behavior and remove it from the software marketplace if violations are spotted.
Apple’s default security features
As previously mentioned, there are defenses built into macOS that prevent harmful apps from running. Although some malware can fly under the radar, these mechanisms are fairly effective in blocking mainstream threats. Here is a summary of them:
- XProtect. This is Apple’s antivirus technology that relies on regularly updated signatures of known malware strains. It detects and blocks a suspicious app when it is executed for the first time or if its code has been modified since the previous launch.
- Gatekeeper. This feature works in concert with Notarization, a service that scans apps for malicious characteristics when developers want to distribute their products outside the official App Store. If a piece of software passes the checks, it gets a Notarization ticket, and users won’t be alerted to risk when installing it.
- Malware Removal Tool (MRT). As the name suggests, MRT cleans a Mac already infected with malware. It looks for traces of unwanted apps every time the Mac is turned on or restarted.
- Fraudulent Website Warning. When enabled in Safari settings, this feature will display an alert whenever you are visiting a phishing page camouflaged as a website of a legitimate organization such as a bank or an email provider.
In addition to these features, automatic macOS updates are an incredibly valuable source of protection. They bring the latest vulnerability patches and strengthen the security of separate system components. Therefore, you should install an update whenever a System Preferences notification badge appears in the Dock area.
Keep your security awareness high
Keep in mind that there is no such thing as foolproof security, and therefore a lot of the protection is up to you. Mac malware attacks often happen because users recklessly install dodgy bundles from unofficial app stores, follow phishing links, or click dubious ads on websites. That said, a combination of online vigilance and native macOS defenses should make cybercriminals’ plans go down the drain.