Hackers with their targets set on devices running Apple’s MacOS are selling access to new, sophisticated attacks that can infect machines and hold them for ransom.
The attacks, which include a malware-as-a-service (MaaS) known as MacSpy and a ransomware-as-a-service called MacRansom — both of which attackers can purchase to use to direct at a target— are supposedly designed as an answer to the lack of intricate attacks aimed at Mac users.
Advertised as the “most sophisticated Mac spyware ever,” MacSpy was discovered by security researchers at AlienVault. The service lowers the barrier of entry for actors by giving nontechnical users the ability to carry out attacks.
A version of the platform that is available for free offers users a number of spying features that allows them to retrieve information from a victim’s device. The maker of the malicious software promises the malware will go undetected on a person’s computer and provide persistent access.
MacSpy is able to capture a screenshot from the victim’s computer every 30 seconds, providing a regular glimpse at the user’s activity. It also installs a keylogger that records every keystroke entered on the computer, allowing the attacker to gain access to a user’s login credentials if entered while the malware is active.
Among MacSpy’s other features, the malware can gain access to a user’s microphone and record, acquire photos that are stored in the user’s iCloud when they sync their phone to the computer, track web browsing activity, and retrieve anything stored in a user’s clipboard from copying and pasting.
For those willing to pay for MacSpy’s service — the price tag is unknown and has to be paid in bitcoin—the creators of the malware offer special services, including the ability to retrieve any file on the infected computer and the ability to encrypt the user’s files and make them effectively inaccessible.
That service can be taken even further by signing up for another program created by the same authors of MacSpy known as MacRansom. Spotted by security researchers at Fortinet, MacRansom is one of the first ransomware-as-a-service programs developed to target MacOS.
The malicious program encrypts a user’s files and demands a payment of 0.25 bitcoin — about $700 — to decrypt the data. Fortinet concluded the attack was considerably less sophisticated than most Windows-targeted ransomware but could still cause issues for Mac users.
Both attacks are relatively new, and details on their origins are still sparse. The team behind the programs claim to be former engineers at Yahoo and Facebook, but much of the code of the programs appear to be derivative of prior attacks.
Users are advised to keep regular backups of their data in case their devices are compromised and files are made inaccessible. Mac owners should also not take comfort in the belief that they are safe simply because they are on MacOS; anti-virus software should still be installed on their machines to ensure their protection.