Mac OS X and iOS Infections and Threats on the Rise: Symantec

The number of Mac OS X systems infected with malware during the first nine months of 2015 is seven times higher than in all of 2014, Symantec reports.

Threats against Apple’s computers have been steadily increasing over the past four years, Symantec’s Dick O’Brien noted in a recent blog post. The growth started in 2010, but started to spike in the recent years, reaching 29 percent in 2012, 44 percent in 2013, and hitting 15 percent in 2014.

In 2015 to date, however, the number of newly detected Mac OS X threats has seen a decrease, despite the fact that more and more Macs are being infected. The number of infections started to increase in June of last year and peaked in March 2015, O’Brien said. After a steady decrease until July, the infections went up again in August.

According to Symantec, the increase in infections is based mainly on “grayware”, including adware, potentially unwanted or misleading applications. These grayware infections accounted for the surge between June 2014 and March 2015, but other forms of malware started to appear in the infections observed over the past few months, O’Brien says

While the grayware malware features high prevalence, infections usually have a smaller impact, unlike other forms of malware, such as backdoors, infostealers, and Trojans, which have low prevalence by very high impact. By using more sophisticated malware, attackers can gain remote access to Macs, can steal sensitive information, including banking credentials, and can also encrypt data on infected machines and demand ransom to decrypt it.

iOS devices are also becoming a target for cybercriminals, and 2015 marks a new high in threats discovered for the platform, although the number of such threats remains very small at just 7, Symantec said. The main issue is the fact that attackers have few methods of installing malware on iOS devices.

Some malware infects iOS devices when they are connected to compromised desktops, but attackers also target jailbroken devices, since their users have access to third-party app stores and the systems has fewer application control policies in place. According to Symantec, 9 of the 13 iOS threats it has documented to date are aimed only at jailbroken devices.

The security firm notes that jailbroken devices are at high risk when installing apps from third-party stores, as they might include backdoors or other malware. iOS devices are also vulnerable to applications coming from unverified sources, and the XcodeGhost malware designed to inject malicious code into both iOS and Mac OS X applications is proof of that.

When it comes to Mac OS X vulnerabilities, Symantec notes that the number of newly discovered ones remains steady at between 39 and 70 per year. The number of new Mac vulnerabilities is usually lower than that of new Windows ones, mainly because Microsoft’s OS has a larger market share, which makes it the primary target for both researchers and cybercriminals.

The number of iOS vulnerabilities found each year has been growing steadily, exceeding those documented for Android between 2011 and 2014. This year, however, the number of new vulnerabilities discovered for Android has exceeded those found on iOS. Security researchers, however, have started to focus on iOS vulnerabilities, and recently announced $1 million bounty programs should determine them to accelerate work on the matter.

“Although still small in terms of overall numbers, the number of new OS X and iOS threats discovered annually has been trending upwards over the past five years. Given this trend, Apple users cannot be complacent about security. Awareness of common threats combined with properly securing Apple devices should minimize the risk of infection,” O’Brian says.

To stay protected, users should install robust security suites and keep them updated, should also keep the operating system up-to-date, and should avoid jailbreaking devices. They should also install applications from reputable sources only, and should not open suspicious emails or attachments they receive, to avoid falling victims to phishing attacks.