Security Bite: Threat actors are widely using AI to build Mac malware

Share via:


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.

// the era of AI-powered malware

It’s been long speculated that threat actors have been working hard behind the scenes to turn AI tools into AI accomplices. Now it appears we’ve gotten our first-look at how it’s being done.

Screenshots from darknet forums show that attackers are using AI tools, such as ChatGPT, to guide them through complex malware creation processes. A notable example is a Russian-speaking threat actor known as “barboris,” who openly shared their experience of developing a macOS stealer without any prior coding experience.

“With just a few prompts, attackers can generate scripts and implement advanced techniques that would have required significant expertise in the past. The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns,” Moonlock Lab states in its report.

This situation is alarming for several reasons. Mainly: what once required significant technical expertise can now be accomplished by virtually anyone with internet access.

This year, it’s likely we are witnessing a fundamental shift in malware development. No longer is this a trade exclusively for skilled programmers. In essence, this represents the decentralization of cybercrime.

However, working with code can still be challenging for criminals. This is where MaaS has a hold.

// MaaS dominates

The darknet has experienced a surge in discussions around bypassing macOS defenses and distributing malware-as-a-service (MaaS) in 2024, according to the report from Moonlock Lab.

Currently, cyber gangs like AMOS operate as highly profitable MaaS businesses. In this model, malware developers (or operators) create the software, while affiliates, typically those with less technical knowledge, pay to access the malicious package and direct it toward their chosen targets.

A sought after solution for affiliates (criminals) with near-zero technical ability.

These affiliates would pay a fee to “license” the malware package. This can either be a one-time payment or a more affordable recurring subscription. Operators dealing in ransomware—known as Ransomware-as-a-Service—often take a cut from any ransom payment received.

According to Moonlock, the rise of MaaS has lowered the entry barrier for cybercriminals, with services that previously cost tens of thousands now available for around $1,500 per month. This price drop is likely due to increased competition, as there has been a surge in MaaS providers like RansomHub.

// what you can do

If you’re a regular reader of Security Bite, you probably already know some of this information. However, the best advice remains the same: keep your software up to date, only download apps from trusted sources, and consider using a third-party security solution for added protection. I personally recommend MacPaw’s CleanMyMac, which offers real-time malware detection.

The days of believing that “Macs don’t get viruses” are long gone.

For more detailed info, I highly encourage you to check out Moonlock Labs’ full report.

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Security Bite: Threat actors are widely using AI to build Mac malware


9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


Each year, Moonlock Lab, the cybersecurity research wing of MacPaw, releases an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics it’s seeing through internal data.

// the era of AI-powered malware

It’s been long speculated that threat actors have been working hard behind the scenes to turn AI tools into AI accomplices. Now it appears we’ve gotten our first-look at how it’s being done.

Screenshots from darknet forums show that attackers are using AI tools, such as ChatGPT, to guide them through complex malware creation processes. A notable example is a Russian-speaking threat actor known as “barboris,” who openly shared their experience of developing a macOS stealer without any prior coding experience.

“With just a few prompts, attackers can generate scripts and implement advanced techniques that would have required significant expertise in the past. The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns,” Moonlock Lab states in its report.

This situation is alarming for several reasons. Mainly: what once required significant technical expertise can now be accomplished by virtually anyone with internet access.

This year, it’s likely we are witnessing a fundamental shift in malware development. No longer is this a trade exclusively for skilled programmers. In essence, this represents the decentralization of cybercrime.

However, working with code can still be challenging for criminals. This is where MaaS has a hold.

// MaaS dominates

The darknet has experienced a surge in discussions around bypassing macOS defenses and distributing malware-as-a-service (MaaS) in 2024, according to the report from Moonlock Lab.

Currently, cyber gangs like AMOS operate as highly profitable MaaS businesses. In this model, malware developers (or operators) create the software, while affiliates, typically those with less technical knowledge, pay to access the malicious package and direct it toward their chosen targets.

A sought after solution for affiliates (criminals) with near-zero technical ability.

These affiliates would pay a fee to “license” the malware package. This can either be a one-time payment or a more affordable recurring subscription. Operators dealing in ransomware—known as Ransomware-as-a-Service—often take a cut from any ransom payment received.

According to Moonlock, the rise of MaaS has lowered the entry barrier for cybercriminals, with services that previously cost tens of thousands now available for around $1,500 per month. This price drop is likely due to increased competition, as there has been a surge in MaaS providers like RansomHub.

// what you can do

If you’re a regular reader of Security Bite, you probably already know some of this information. However, the best advice remains the same: keep your software up to date, only download apps from trusted sources, and consider using a third-party security solution for added protection. I personally recommend MacPaw’s CleanMyMac, which offers real-time malware detection.

The days of believing that “Macs don’t get viruses” are long gone.

For more detailed info, I highly encourage you to check out Moonlock Labs’ full report.

FTC: We use income earning auto affiliate links. More.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Startup Policy Forum Looks To Fuel India’s New Economy 

SUMMARY Founded by Shweta Rajpal Kohli, a public policy...

US officials recommend using encrypted messaging after telecom hack

US officials are urging Americans to make calls...

Decentralized chatbots, gov’t bonds onchain — a16z’s 2025 crypto...

Venture capital firm a16z sees use cases powered...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!