Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.
Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac.
… as if any machine that runs code could possibly be immune to malware…?
Boy, was that a stretch.
The untruthiness of the notion that Macs are immune to malware has been proved by multiple MacOS-focused malwares. Examples include Silver Sparrow, the malware capable of targeting Apple’s then-new M1 ARM architecture Macs back in February 2021. Another: the variant of the Shlayer Mac OSX malware with advanced stealth capabilities that was spotted in the wild in June 2020, actively using poisoned Google search results in order to find victims.
Do you still hear people say “Oh, I’m on a Mac. I can’t get a virus”?
Jamie Levy, director of R&D at Huntress, recently hosted one of the company’s “Tradecraft Tuesday” webinars, where she dug into the threat landscape on the MacOS side of the aisle to take a look at which threats are the most dangerous. If you’re still hearing Mac users swear they’re invulnerable, this is the podcast to listen to. … or to get them to listen to.
She dropped by the Threatpost podcast to bring us the highlights of that webinar, including:
- What malware looks like on MacOS;
- How persistence works on MacOS, and what it means for victims; and
- The severity of the typical threats that prey upon MacOS users, and how defenders can protect their users and environments from those threats.
Please see below for a list of MacOS security tools that Jamie listed in the show.
Tools to Protect MacOS
These are the tools to protect MacOS that Jamie recommended during the podcast:
- Apple’s Gatekeeper, Notarization, and XProtect: Turn on Apple’s own MacOS tools to identify and block malware.
- Lulu: A free, open firewall for Macs from Objective-See that Jamie recommends as a supplement to the default firewall in MacOS.
- Little Snitch: A host-based application firewall for macOS from Objective Development Software GmbH, Little Snitch can be used to monitor applications, preventing or permitting them to connect to attached networks through advanced rules. Jamie said it’s basically like Lulu, except “maybe it’s a little more extended.”
- RansomWhere: A tool from Objective-See that continually monitors the file system for the creation of encrypted files by suspicious processes in order to protect personal files from ransomware.
- BlockBlock: Another tool from Objective-See, BlockBlock monitors common persistence locations and alerts whenever a persistent component is added.
Moving to the cloud? Discover emerging cloud-security threats along with solid advice for how to defend your assets with our FREE downloadable eBook, “Cloud Security: The Forecast for 2022.” We explore organizations’ top risks and challenges, best practices for defense, and advice for security success in such a dynamic computing environment, including handy checklists.