Mac malware is set to accelerate over the coming months after having its most prolific year ever so far in 2015, according to new research from endpoint security firm Bit9 + Carbon Black.
After an analysis of the year so far, the vendor concluded that five times more Mac malware appeared in 2015 than the previous five years combined.
It collected 1,400 unique samples over the period using custom built sandboxes and tools such as such as fs_usage, dtrace, and opensnoop.
It found that Mac malware as a whole does not borrow very heavily from Unix or Linux malware, which was unexpected given OS X’s roots in the open source FreeBSD.
Another interesting find was that more than 90% of the Mac malware it discovered still uses the old load command (LC_THREAD and LC_UNIXTHREAD) to define the entry point into the Mach-O format.
This makes it easier to spot potential malware—if a new system is still using the old command.
In addition, the Bit9 + Carbon Black researchers concluded that the vast majority of Mac malware uses one of just seven persistence techniques to remain on an infected system.
These include LaunchAgents; LaunchDaemons; Login items; Browser plugins; StartupItems; Binary infection; and Cron job.
It appears the growing prevalence of Mac malware is unsurprisingly linked to a rising market share among consumers and enterprises.
“For years, Mac users have watched their PC-using counterparts struggle with cyber-attacks, while enjoying the relative immunity that their hardware provides from malware. This view is becoming increasingly outdated; our research shows that Mac users should be just as worried,” argued Bit9 + Carbon Black Emea MD, David Flower.
“With 45 per cent of businesses now offering Macs as an option to staff, our research should be seen as a timely reminder that every device on the network is a potential target—businesses can’t just rely on a clearly outdated perception of invulnerability.”