Security Bite: Infostealer malware spikes 28% among Mac users, says Jamf

Advertisement रंडी भाभी के साथ बॉयफ्रेंड ने सेक्स करके लंड माल दिया 44K Download video 0 / 0 North Indian XXX Free sex videos xxx sex hd चुदाई वीडियो हिंदी सेक्सी फिल्म रंडी भाभी के साथ बॉयफ्रेंड ने सेक्स करके लंड माल दिया जब वह घर पर अकेली थी और चोदन के लिए तरस रही थी अपनी भरी जवानी में प्यासी रहकर. देखें इस सेक्सी शेप वाली वाइफ के रसीले चूचे को कैसे दबाकर और चूसकर ये ठरकी आदमी इस रंडी औरत की ठरक को उकसाता है और उसके साथ पेला पेली की मस्ती करता है एकदम जोश में आकर. HD 22:06 घर देखने आया मर्द भाभी की चूत चोदा बेड पर लेटाकर 4K 84% 31:48 ठाकुर की बीवी को नंगी करके चूत चोदा नौकर बैडरूम में 8K 86% 16:51 माँ बेटी लेस्बियन सेक्स से एक दूसरे को मस्त कर देती हैं 11K 77% HD 22:43 बाबाजी ने मिल्फ भाभी को नंगा चोदा चूत में माल भरकर 30K 66% HD 24:44 शादीशुदा साली की चूत चुदाई करता है हॉर्नी जीजा 72K 73% HD 12:09 देहाती बिहारी पति पत्नी की चुदाई मस्ती कैमरा सामने 85K 71% 08:14 भोजपुरी भाभी की ब्लोजॉब पड़ोसी साथ सेक्स करते 86K 72% HD 32:45 सीक्रेट बॉयफ्रेंड साथ चुद गई हॉट लड़की हिंदी क्सक्सक्स बीएफ 89K 74% 22:03 सेक्सी सेक्रेटरी को बॉस ने जमकर चोदा नंगी हिंदी क्सक्सक्स बीएफ 29K 75% HD 19:45 सौतेली बहन को रंडी बनाकर चोदा लड़का हिंदी क्सक्सक्स बीएफ 39K 72% Show more related videos

Key findings from the report

32% of organizations operate at least one device with critical (and patchable) vulnerabilities
Jamf identified approximately 10 million phishing attacks in the past year, with 150,000 to 200,000 of these attacks being classified as zero day attacks
25% of organizations were impacted by a social engineering attack
Infostealers continue to surge in popularity, now the leading Mac malware family, accounting for 28.36% of all Mac malware detected
1 in 10 users clicked on a malicious phishing link
Over 90% of cyber attacks originate from phishing

Infostealers surpass adware

“What started as a machine for creatives and executives is becoming more ingrained into the daily operations for engineers and more. But with its continued integration at work, it becomes a larger attack surface for threat actors,” says Jaron Bradley, Director of Jamf Threat Labs.

It’s a long-running misconception that Macs can’t get malware. This might have been more true in the early 2000s, but certainly not today. Their growing numbers have put them on the map for better or worse. Both enterprise and personal Mac users are still falling victim at record rates, despite Apple’s strong built-in system security mechanisms through XProtect. Today’s report from Jamf highlights which types of malware are wreaking the most havoc.

For the first time, infostealers have overtaken adware as the dominant form of malware caught by Jamf users. Infostealers saw a 28.08% increase, surpassing adware with now 28.36% of total malware samples analyzed.

Malware families affecting Macs the most, according to Jamf Threat Labs.

If you’ve been following Security Bite for the last year, this should come as no surprise. In fact, I’m shocked that this wasn’t already the case among Jamf’s research.

As I reported around this time last year, researchers uncovered an attempt by state-sponsored hackers from North Korea (DPRK) to target Mac users with an infostealer through a trojanized meeting app. I’m talking about none other than BeaverTail, of course.

Once infected, the malware would establish a connection between the Mac and the attacker’s command and control (C2) server to exfiltrate sensitive data like iCloud Keychain credentials. It was also found to quietly install the remote desktop application AnyDesk and keylogging software in the background to take over machines and collect keystrokes. Infostealers generally also target web browsers for credentials like passwords and cryptocurrency wallet keys.

What can often make infostealers, and heck, any form of malware above, so elusive is that they can slip through antivirus scanners like VirusTotal undetected. Cybercriminals are known to upload their executables on platforms like VirusTotal to ensure the malicious aspects are hidden well enough to remain undetected by popular scanners. The downside is that the “good guys” can see them uploaded on there.

So, why the rise in popularity?

We’ve seen infostealers skyrocket in the past years, partly due to their accessibility and a low barrier to entry. For example, underground criminal groups are increasingly running Malware-as-a-Service (MaaS) businesses. This is where malware developers create and maintain tools like infostealers and rent them out to affiliates, those with little technical skills. Affiliates get ready-made malware packages to direct at whomever they’d like.

Other contributing factors include good payouts quickly over attacks like ransomware, which can take weeks or even months before cybercriminals see any return.

Interestingly, Jamf’s report specifically mentions the abuse of PyInstaller, a legitimate open-source tool developers use to package Python scripts into standalone binaries. Attackers are now using it to covertly package malicious Python scripts to send to potential victims to execute on their machines. This is just one of many clever delivery techniques used.

How to protect against infostealers

Apple pre-installs many valuable background services on every Mac to protect users from the scary things that lurk on the internet, but often, these aren’t enough.

While you may already know many of these tips, I think it’s important to regurgitate them again for the masses.

Do your due diligence before installing anything outside the official Mac App Store
Hover over and confirm links before opening them
Use strong, complex passwords and 2-step authentication (non-SMS if possible, OTP is best)
Exercise caution when granting permissions on your Mac
Keep your devices and applications up-to-date

Jamf’s Security Trends Report is dense and full of great insights. I highly recommend the read. You can check it out here.