9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.
// the era of AI-powered malware
It’s been long speculated that threat actors have been working hard behind the scenes to turn AI tools into AI accomplices. Now it appears we’ve gotten our first-look at how it’s being done.
Screenshots from darknet forums show that attackers are using AI tools, such as ChatGPT, to guide them through complex malware creation processes. A notable example is a Russian-speaking threat actor known as “barboris,” who openly shared their experience of developing a macOS stealer without any prior coding experience.
“With just a few prompts, attackers can generate scripts and implement advanced techniques that would have required significant expertise in the past. The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns,” Moonlock Lab states in its report.
This situation is alarming for several reasons. Mainly: what once required significant technical expertise can now be accomplished by virtually anyone with internet access.
This year, it’s likely we are witnessing a fundamental shift in malware development. No longer is this a trade exclusively for skilled programmers. In essence, this represents the decentralization of cybercrime.
However, working with code can still be challenging for criminals. This is where MaaS has a hold.
// MaaS dominates
The darknet has experienced a surge in discussions around bypassing macOS defenses and distributing malware-as-a-service (MaaS) in 2024, according to the report from Moonlock Lab.
Currently, cyber gangs like AMOS operate as highly profitable MaaS businesses. In this model, malware developers (or operators) create the software, while affiliates, typically those with less technical knowledge, pay to access the malicious package and direct it toward their chosen targets.
A sought after solution for affiliates (criminals) with near-zero technical ability.
These affiliates would pay a fee to “license” the malware package. This can either be a one-time payment or a more affordable recurring subscription. Operators dealing in ransomware—known as Ransomware-as-a-Service—often take a cut from any ransom payment received.
According to Moonlock, the rise of MaaS has lowered the entry barrier for cybercriminals, with services that previously cost tens of thousands now available for around $1,500 per month. This price drop is likely due to increased competition, as there has been a surge in MaaS providers like RansomHub.
// what you can do
If you’re a regular reader of Security Bite, you probably already know some of this information. However, the best advice remains the same: keep your software up to date, only download apps from trusted sources, and consider using a third-party security solution for added protection. I personally recommend MacPaw’s CleanMyMac, which offers real-time malware detection.
The days of believing that “Macs don’t get viruses” are long gone.
For more detailed info, I highly encourage you to check out Moonlock Labs’ full report.
FTC: We use income earning auto affiliate links. More.
