There’s a growing business in the underbelly of the Dark Web marketplace. It’s called malware-as-a-service and it’s where developers are selling malicious software tools to willing buyers. Their business model even mimics mainstream software marketplaces, they have free versions and paid premium versions of malware.
Now, although Macs are still traditionally thought of as safer than Windows PCs, malware makers and cybercriminals are increasingly shifting their sights to Macs due to a growing user base. In fact, free malware-as-a-service tools are now being distributed in the Dark Web. This could only lead to more Mac-based attacks in the future.
The first piece of Mac malware that’s freely accessible on the Dark Web is MacRansom.
Discovered by security researchers from FortiGuard, MacRansom is the first known ransomware-as-a-service variant that’s targeting Mac computers specifically. It’s being described as the “most sophisticated Mac ransomware ever.”
Although MacRansom is not directly available from its Dark Web portal (hosted in a TOR network), interested parties are required to contact its author to order the ransomware.
And get this, these malware services also have advertised “features” like any common software. MacRansom’s “features” include invisibility until scheduled time, unbreakable encryption, no digital trace and encryption speed.
Also, note that the ransom demand of MacRansom for unlocking files is 0.25 Bitcoins or around $700. Victims are required to contact a specific email address to unlock their files.
Upon analysis, the researchers wrote that although MacRansom is “far inferior from most current ransomware targeting Windows,” it still causes real damage by encrypting the victims’ files.
Security Tip: This is why it is vital to have a backup plan just in case disasters like ransomware attacks hit your computer. We recommend our sponsor IDrive. IDrive’s Universal Backup will not only protect a single PC or Mac, it can protect all the gadgets in your household. Click here to save 50 percent on 1 TB of IDrive cloud backup storage when you use promo code KIM!
Next is MacSpy, a type of Mac-specific spying software that incorporates keylogging, clipboard content viewing, screenshot capture and audio recording through the computer’s built-in mic.
MacSpy is now being given away for free on the Dark Web and is advertised by its creators as “the most sophisticated spyware ever.”
Researchers from Alien Vault reported that the authors of MacSpy created it because Apple products have been gaining popularity in recent years and there’s a market need for such spying software.
The malware’s promotional ad for the free version even boasts that once installed, it has no digital trace that can be linked to anyone since all communications are securely encrypted through the Tor network.
Additionally, the ad claims that MacSpy has a small undetectable footprint at less than 30MB and is undetectable by existing anti-virus software.
Like similar malware, MacSpy is distributed via a zip archive. AlienVault stated while it’s not the most stealthy program, “it is feature rich and it goes to show how malware authors are increasingly targeting Mac OS X.”
How to guard against Mac malware
To protect yourself Mac malware in general, be extra vigilant when downloading, installing software or clicking links. These are the common vectors – poisoned links and attachments, drive-by downloads, and trojan software.
It is also essential to keep your operating systems and applications up-to-date and patched with the latest security patches to close potential security holes that hackers could take advantage of.
And like we mentioned earlier, to protect yourself against a ransomware disaster, make sure you always have a secure backup either on an external drive (Time Machine) or cloud services such as IDrive.
To read FortiGuard’s report on MacRansom, click here.
For Alien Vault’s report on MacSpy, click here.