21 new malware families for Mac systems discovered in 2023
Apple devices have historically had a reputation for being immune to malware, but a new report from Jamf reveals that it's tracked 300 malware families on macOS and found 21 new ones in 2023.
Jamf's latest Security 360 report examined a sample of 15 million desktop computers, tablets and smartphone devices they protect, across 90 countries and multiple platforms (macOS, iOS/iPad, Android and Windows).
The report finds that 40 percent of mobile users and 39 percent of organizations are running a device with known vulnerabilities. Also 20 percent of organizations were impacted by malicious network traffic.
Where Macs are concerned, Trojans are growing in popularity, accounting for 17 percent of all Mac malware instances. Phishing attempts though were 50 percent more successful on mobile devices than on Macs.
There are also some rather alarming statistics about the use, or not, of security features. FileVault, a Mac basic feature that provides critical protection for user data by encrypting it within the volume was found disabled on 36 percent of devices, while 55 percent of Macs had the firewall feature disabled.
"I was really surprised to see some of the stats around just basic system configuration," says Michael Covington, VP of strategy at Jamf. "I think that there's this long held belief that on a Mac, you just don't need the firewall. And I think that came from how the Mac has been used historically, and the threats that have been developed specifically to target Mac OS. The world has changed. And I think one of the things that we've seen just by studying the malware families that are built for Mac is that they are no longer isolated to operate on the device. They are the kind of evolved threat that has connective tissue out on the internet. They're using command and control infrastructure. They're downloading additional malicious content to become more robust and stay persistent. And when you look at that type of connected nature of the malware, that's when you start to need some of these additional layers of defence. I think that's what we were ultimately trying to present through this report."
Thanks to changing working patterns devices are often not company-owned or company-issued. Along with shadow IT this risks users bypassing security protections by sideloading apps or relying on their preferred cloud-based app which may not be fully vetted or approved for use with business data because of inherent risks to using insecure versions of apps.
Jamf's research shows Onion Browser and Tor are among the top sideloaded applications installed on work devices. On personal devices, where users can control which apps they wish to download and use, messenger apps linked to social media platforms are in the top 20 list of vulnerable apps.
On mobile devices only three percent have the lock screen disabled, although a quarter of organizations have at least one user who had disabled the lock screen. Eight percent had a device accessing a third-party app store.
"Mobile has historically been the place where people did email, calling, calendaring and maybe a little bit of instant messaging. We're now seeing business critical applications in use on mobile and I think that's what's making them an interesting target for a lot of these attackers," adds Covington.
The full report is available from the Jamf site.
Image credit: InkDropCreative/depositphotos.com