The number of phishing attacks targeting users of Mac computers, iOS-based mobile devices, and the associated web services ecosystem to lure them into fraudulent schemes has reached 1,6-million in the first half of 2019 (H1-19) – demonstrating that the growing number of users of popular digital devices is clearly attracting more and more cybercriminals.
While the volume of malicious software threatening users of macOS and the iOS mobile platform is much lower than those threating users of Windows and Android platforms, when it comes to phishing – a platform agnostic cyberthreat – things are quite different.
Phishing attacks rely on social engineering, which means most have nothing to do with software. In fact, Kaspersky’s recent Threats to Mac Users research highlighted that the number of cases where users faced fraudulent web pages utilising the Apple brand, as a decoy, has increased significantly in the first six-months of the year, reaching 1,6-million.
This figure is around 9% greater than attacks experienced during the whole of 2018, when Kaspersky security solutions prevented more than 1,49-million attempts to access Apple-themed phishing pages.
What’s more, some regions had more MacOS users hit by phishing than others. Brazil leads this list with 30,9% of users attacked, followed by India with 22,1% – and, while not as prominent as other regions (and in proportion to the number of ‘i-users’), South Africa still sits at 17,5%.
The research is based on threat statistics voluntarily shared by users of Kaspersky Security Network – a global cloud infrastructure designed for immediate response to emerging cyberthreats.
Among the most frequent fraud schemes are those designed to resemble the iCloud service interface, aimed at stealing credentials to Apple ID accounts. Links to such services usually come from spam emails posed as emails from technical support. They often threaten to block user accounts should they not click the link.
Another widespread scheme is the use of scaremongering pages that try to convince the user that their computer is under serious security threat and it will only take a couple of clicks and a few dollars to solve those issues.
“While technically these fraud schemes are nothing new, we believe they pose an even greater danger to Apple users than similar schemes against users of other platforms – such as Windows or Android,” says Tatyana Sidorina, security researcher at Kaspersky. “This is because the ecosystem around Macs and other Apple devices is generally considered a far safer environment. Therefore, users might be less cautious when they encounter fake websites.
“Meanwhile the successful theft of iCloud account credentials could lead to serious consequences – an iPhone or iPad could be remotely blocked or wiped by a malicious user, for example. We urge users of Apple devices to pay more attention to any emails they receive, especially those claiming to be from technical support and requesting the user’s details or asking the user to visit a link.”
In addition to a rise in phishing, the report also revealed other types of threats to users of macOS-based devices. The results have demonstrated some relatively positive tendencies: the most common threats for Mac users proved not to be critically dangerous malware, like banking Trojans, but instead AdWare threats, which are not-necessarily fatal and defined as “potentially unwanted programs”.
Most are threatening users by overloading their devices with unrequested advertisements, yet some of these programs might, in fact, turn out to be a disguise for more serious threats.
Other findings of the report include:
* The total number of phishing attacks detected in the first half of 2019 (H1-19) on Mac computers protected by Kaspersky solutions was almost 6-million. The whole of 2018 saw 7,3-million hits.
* 39,95% of the detected attacks were aimed at stealing users’ financial data. That is 10%more than in the first half of 2018 (H1-18).
* The most active malware to hit macOS users were variations of the Shlayer family, that succeeded in distribution by disguising itself as Adobe Flash Player updates.