It is accepted as a fact that running Windows software means staying vigilant to protect against malware attacks. Frequent security scans are part of the Windows experience, so says the slightly smug MacOS user who can't imagine how dire the susceptibility to hacking must be.
There is a mythologized idea that Apple MacBooks are immune to malware; therefore, savvy consumers with larger than average pockets need not worry about system security.
To state the obvious: that's not true. If you're not going to preemptively protect against malware, it's best not to use your MacBook in a way that essentially invites it in. For example, the $300 Final Cut Pro costs might make downloading a large pirated file from a torrent attractive, especially with the false confidence of not using a Windows PC.
security researchers in jamf have discovered that torrents in The Pirate Bay, claiming to contain Final Cut Pro, are distributing cryptojacking malware to Macs. When installing the pirated version of โFinal Cut Proโ, users will see a message stating that the file is corrupted and it can't be opened. Behind the scenes, the Mac is covertly mining cryptocurrency on behalf of cybercriminals, using CPU cycles.
Traditionally, adware was the most widespread type of MacOS malware, but as Apple's ARM processors continue to advance, they will become more attractive for cryptomining, which will benefit from the high processing power.
Part of the reason this malware has been so successful could be psychological. In addition to the false sense of security promoted by Apple's marketing, users won't be surprised when the download apparently doesn't work; of course, hypersecure MacOS would not allow the illegal download of a free version of one of its most used applications.
This lets the malware run in the background; if the user realizes that he downloaded ransomware, it is unlikely that he will be honest with security and IT teams about how he got there.
Everyone must protect themselves against malware
The bad actor responsible for the poisoned Final Cut Pro torrents has loaded many other malicious payloads which mines cryptocurrency, and has been doing so since 2019. Many of the malware bundles are among the most shared versions of their respective titles.
Historically, Windows has been a low-hanging fruit for bad actors. However, as Apple's processing power begins to catch your eye, so does the massive use of Linux, making it an attractive target.
Compared to Windows, Linux is more difficult to infiltrate with ransomware, especially at scale. Typical infection vectors, such as phishing or drive-by downloads, are not effective, because most production Linux systems are headless servers (they run without a traditional desktop where users interact with the system). Often the feat of taking on Linux seemed futile with Windows such an easy target.
However, the world is running more and more on Linux. A major server takedown could have a massive impact, and attacks are beginning to affect it. Bad actors are exploiting application vulnerabilities such as demonstrated by IceFirewhich have previously focused solely on attacking Windows.
Linux versions of IceFire ransomeware have been found to have intruded on various organizations in the media and entertainment industry around the world. Observations currently indicate that the attackers deployed the ransomware by exploiting CVE-2022-47986, a deserialization vulnerability in the IBM Aspera Faspex file-sharing software.
The hack causes IceFire to drop a ransom note from a resource embedded in the binary, written to each directory intended for file encryption. It contains an encrypted username and password required to log into the ransom payment portal hosted by a hidden Tor service.
Tracked to the group because the Linux version's Onion hostname matches the hostname that ransomware trackers link to IceFire, including attacks targeting Windows, evolution shows growing popularity of ransomware targeting Linux by 2023.
Long-term Windows users can sit back with some satisfaction as previously "immune" software comes under new criticism. However, they should not get too comfortable. As long as the Windows desktop dominates, so will the number of instances of malware targeting the platform.
