Mobile Myths: Can My Apple Devices Get Hacked?

Read Time:4 Minute, 18 Second

“I bought a Mac, because it’s safer than a PC.” 

“I always surf the web with my iPhone, because I know it can’t get infected.” 

“I got a virus on my first PC, so now I only use Apple products.” 

Sound familiar? 

Too often, the rhetoric around the Mac vs. PC debate focuses on Apple’s presumed invincibility to cybercrime. Many people believe (a belief that is bolstered by Apple’s marketing of “security by design”) that unlike Windows devices, Apple products are immune to cyber threats. 

This logic is deeply flawed. Apple products can and do get hacked. People who believe their devices are unhackable are most at risk of falling to a cybercriminal. A false sense of security could blind people to the threats out there. 

In this article, we’ll explore the myth of Apple’s immunity to viruses and outline a few recent threats Mac users should be on the lookout for. 

Where Did the Myth Come From? 

The relative global unpopularity of Apple devices is likely a large contributor to the myth that they’re virus-proof. Worldwide, Android is far and away the most popular operating system. Seventy-two percent of global mobile devices run off Android. Apple iOS is in a far-away second place at 27%.1  

Cybercriminals are busy people just like the rest of us and want to get the most reach for their nefarious efforts. That’s why they design most viruses to attack Android systems: Because there are more possible targets to infect and propagate their illegal bugs. 

While Apple’s security systems are certainly robust, security is also a priority for every other mobile device and computing system out there. On your cellphone, tablet, or laptop, does it seem like you’re always getting alerts to update the software? In many cases, software updates are made in response to stop newly discovered threats that have or could possibly sneak through gaps in their current security protocols. No technology company wants to leave its users vulnerable to cybercriminals nor do leaders want their company in headlines for the wrong reasons. As long as you keep your devices up to date and follow a few digital safety best practices, you should be protected against many threats regardless of whether you have an Apple or Android operating system. 

Apple-specific Viruses to Watch Out For 

To further illustrate that Mac users should be just as careful online as everyone else, here are a few viruses that’ve broken through Apple’s excellent security lately. 

XMRig. A pirated version of Final Cut Pro, an Apple-specific video editing software, was responsible for spreading crypto mining malware. Disguised as free editing software, users unknowingly downloaded XMRig, which diverts computing power to mining cryptocurrency for the cybercriminal’s own account. This malware is particularly sneaky because when users check their Activity Monitor, the program shuts down then reboots when the user exits Activity Monitor. So even when the user perceives that something is amiss with their machine, the machine shows that everything is normal.2 
oRAT. This malware hid itself within ads and by hitching onto free software downloads. It had many capabilities, such as keystroke logging and giving itself admin access to Mac devices. Hackers used oRAT to spy on targets and potentially steal sensitive personal information.3 

Every villain necessitates a hero, and these recent Apple viruses underscore the importance of threat research and responsible vulnerability disclosure. Vulnerability disclosure refers to a company’s obligation to tell the public about their security flaws.  

Cybercriminals are getting faster and smarter every day. The collective power of a global community of researchers collaborating to identify and disclose critical vulnerabilities is an important step in eliminating these types of malicious campaigns. Equally as important is dissecting attacks in their aftermath to expose unique and interesting characteristics and empowering defenders and developers to mitigate these threats in the future. 

How to Keep Your Apple Device Safe 

The common theme among these Apple viruses is that people let their guard down and visited risky sites that were best left alone. Make sure to stick to safe downloading practices and avoid “free” versions of TV shows, movies, video games, and expensive software. While you don’t have to pull out your wallet, you may have to pay for these “free” downloads by replacing infected devices or restoring your compromised online security. 

To protect all your devices (including your Apple products) from viruses, consider investing in McAfee+ Ultimate. McAfee+ Ultimate includes antivirus for all your devices, unlimited VPN, and web protection to alert you to risky sites. Plus, if you’re ever unsure of the safety of your identity or your online privacy, McAfee lets you scan and remove your information from the dark web. Finally, the top-notch monitoring services allow you to go about your digital life confidently. 

 

1Statcounter, “Mobile Operating System Market Share Worldwide 

2Bleeping Computer, “Pirated Final Cut Pro infects your Mac with cryptomining malware 

3MacPaw, “How to protect your Mac against oRAT malware 

The post Mobile Myths: Can My Apple Devices Get Hacked? appeared first on McAfee Blog.

Read More

Android-based banking Trojan Nexus now available as malware-as-a-service

Read Time:27 Second

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.

First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware for personal attacks.

To read this article in full, please click here

Read More

Defense in depth — the Microsoft way (part 84): (no) fun with %COMSPEC%

Read Time:23 Second

Posted by Stefan Kanthak on Mar 24

Hi @ll,

the documentation of the builtin START command
<https://technet.microsoft.com/en-us/library/cc770297.aspx>
of Windows NT’s command processor CMD.EXE states:

| When you run a command that contains the string “CMD” as the first
| token without an extension or path qualifier, “CMD” is replaced
| with the value of the COMSPEC variable.
| This prevents users from picking up cmd from the current directory….

Read More

chromium-111.0.5563.110-1.fc38

Read Time:15 Second

FEDORA-2023-afb29b2fce

Packages in this update:

chromium-111.0.5563.110-1.fc38

Update description:

update to 111.0.5563.110. Fixes the following security issues:

CVE-2023-1528 CVE-2023-1529 CVE-2023-1530 CVE-2023-1531 CVE-2023-1532 CVE-2023-1533 CVE-2023-1534

Read More

Exploding USB Sticks

Read Time:57 Second

In case you don’t have enough to worry about, people are hiding explosives—actual ones—in USB sticks:

In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said.

Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango. No one else was hurt.

Chango said the USB drive sent to Artieda could have been loaded with RDX, a military-type explosive.

More:

According to police official Xavier Chango, the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX. Also known as T4, according to the Environmental Protection Agency (PDF), militaries, including the US’s, use RDX, which “can be used alone as a base charge for detonators or mixed with other explosives, such as TNT.” Chango said it comes in capsules measuring about 1 cm, but only half of it was activated in the drive that Artieda plugged in, which likely saved him some harm.

Reminds me of assassination by cell phone.

Read More

UK parliament follows government by banning TikTok over cybersecurity concerns

Read Time:41 Second

The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental misconceptions” about the company.

The latest ban came as TikTok’s chief executive, Shou Zi Chew, faced hours of tough questioning by deputies in the US House of Representatives over whether the popular app is a “tool” of the Chinese Communist Party amid widespread concerns that user data from the app (owned by Beijing-based company ByteDance) could end up in the hands of the Chinese government, posing national security risks.

To read this article in full, please click here

Read More