If you own an Apple device – be it a Macbook or iPhone – you are instantly safe from malware and viruses, right? After all, these are not Windows devices, they are not actually at risk from botnets or ransomware or massive Trojans, correct? Wrong, experts warn.
"There's a myth among Mac users that you don't need anti-virus because there's no malware because St. Steve Jobs, wherever he is, will keep us safe forever," Paul Ducklin, a Sophos cybersecurity researcher, said during a keynote at Infosecurity 2017 this week (7 June).
Ducklin took the stage to present a demonstration showing every segment of a known Mac exploit chain.
Using a strain of malware known as Eleanor, impacting OSX, Ducklin revealed how hackers could use it to run commands, take screenshots and infiltrate core systems.
When found in 2016, the malware was posing as a file converter. Once downloaded onto a Mac it would fail to function, leading the victim to swiftly delete it.
However the damage had already been done: it had connected to the criminals, via Tor, and malicious tools were stealthily installed on the computer.
It emerged last year as the latest in a long line of Mac-based malware toolsets. Other splashes have been caused by iPhone-tampering software "X-Agent", ransomware "KeRanger" and a "YiSpecter", a highly-concerning exploit that could target Apple devices that were not jailbroken.
Malwarebytes, a cybersecurity firm, said in a report this year that the first quarter of 2017 had seen "quite a few new pieces of Mac malware, nearly equalling the number that appeared in all of 2016" and claimed most of the threats were "backdoors", varying in capability and sophistication.
So why is it that many Apple Mac users still act as if their systems are immune to infection?
"The quantity of Mac malware traditionally has been very small but there is Mac malware and, unfortunately, even though there's a small quantity the quality and nature of it pretty much copies what's happening on Windows – such as bots and tools that use Tor," Ducklin said.
"Whatever has worked on Windows, that kind of malware can be written for the Mac. We think the crooks maybe haven't really figured out how to monetise it on the Mac yet, or maybe they don't really need to because they are making so much money off Windows.
"But there are plenty of them who are trying.
Rik Ferguson, during a separate keynote panel on the same day, largely echoed Ducklin's position, saying "the first ever virus was targeted at Apple systems and malware for Apple devices has been ongoing since then." He mentioned botnets, ransomware and Trojans – the usual culprits.
"All of those targeted at Apple were of course far lower in volume than we have seen target the WinTel platform," he continued. "That's not because it's inherently more secure but because historically you will get less return on your criminal investment."
Ferguson, who has long worked as a researcher for cybersecurity firm Trend Micro and is an active advisor to EU law enforcement, said most interest in Apple exploits is traditionally from those buying or selling major vulnerabilities found in operating systems like OSX and iOS.
"Most often that's people at a nation-state or corporate espionage level," he said. "The most valuable vulnerabilities and/or exploits out there are the ones aimed at iOS and that could be weaponised and used against those kinds of devices.
"I guess because they are perceived to be higher value targets. Probably also because Apple has done a comparatively good job of keeping the app store clean of malicious software. It's not 100% spotless, but by and large, it's a significantly better job that has been done [on] Google Play.
Ultimately, the researchers agreed it was largely a myth that Mac users are not actively targeted by hackers and cybercriminals. Of course, other cybercrime techniques are platform agnostic. Phishing, for example, remains one of the top digital threats and occurs regardless of OS.
And, for now at least, the quantities involved lag behind its Windows counterpart. "The bottom line is there isn't a lot of Mac malware," Ducklin admitted. "I'm not trying to say 'Whoa, what happened with WannaCry is going to happen with Macs in three and a half weeks' time."
Ferguson, talking Apple's reputation, was harsher. "It's a position of trust, unearned," he asserted.