The number of phishing attacks targeting users of Mac computers, iOS-based mobile devices, and the associated web services ecosystem to lure them into fraudulent schemes has reached 1.6 million in the first half of 2019.
This figure is around nine percent greater than attacks experienced in the whole of 2018. The growing number of users of popular digital devices is clearly attracting more and more cybercriminals. This is one of key finding of Kaspersky’s Threats to macOS Users Report 2019.
While the volume of malicious software threatening users of macOS and the iOS mobile platform is much lower than that threating users of Windows and Android platforms, when it comes to phishing – a platform agnostic cyberthreat – things are quite different. As they rely on social engineering, most phising attacks have nothing to do with software. As Kaspersky’s recent research showed, the number of cases where users faced fraudulent web pages utilizing the Apple brand as a decoy has increased significantly in the first six months of the year, reaching 1.6 million. This figure is nine percent higher than during the whole of 2018, when Kaspersky security solutions prevented more than 1.49 million attempts to access Apple-themed phishing pages. The research is based on threat statistics volunatarily shared by users of Kaspersky Security Network – a global cloud infrastructure designed for immediate response to emerging cyberthreats.
Among the most frequent fraud schemes are those designed to resemble the iCloud service interface and to steal credentials to Apple ID accounts. Links to such services usually come from spam emails which pose as emails from technical support. They often threaten to block user accounts should they not click the link.
Another widespread scheme is the use of scaremongering pages that try to convince the user that their computer is under serious security threat and it will only take a couple of clicks and a few dollars to solve those issues.
“While technically these fraud schemes are nothing new, we believe they pose an even greater danger to Apple users than similar schemes against users of other platforms – such as Windows or Android. That is because the ecosystem around Macs and other Apple devices is generally considered a far safer enviroment. Therefore users might be less cautious when they encounter fake websites. Meanwhile the successful theft of iCloud account credentials could lead to serious conseqences – an iPhone or iPad could be remotely blocked or wiped by a malicious user, for example. We urge users of Apple devices to pay more attention to any emails they receive claiming to be from technical support, which request your details or ask you to visit a link,” - said Tatyana Sidorina, security researcher at Kaspersky Lab.
In addition to a rise in phishing, the report also revealed other types of threats to users of macOS-based devices. The results have demonstrated some relatively positive tendencies: the most common threats for Mac users proved not to be critically dangerous malware, like banking Trojans, but instead AdWare threats, which are not-necessarily fatal and defined as ‘potentially unwanted programs’. Most are threatening users by overloading their devices with unrequested advertisements, yet some of these programs might, in fact, turn out to be a disguise for more serious threats.
Other findings of the report include:
- The total number of phishing attacks detected in the first half of 2019 on Mac computers protected by Kaspersky solutions was almost 6 million. The whole of 2018 saw 7.3 million hits.
- 39.95% of them were aimed at stealing users’ financial data. That is 10 percentage points more than in the first half of 2018.
- Some regions had more macOS users hit by phishing than others: Brazil leads this list with 30.9% of users attacked, India follows with 22.1% and France with 22%.
- The most active malware to hit macOS users were variations of the Shlayer family, that succeeded in distribution by disguising itself as Adobe Flash Player updates.
To keep your devices safe, Kaspersky recommends:
- Keeping macOS and all of your apps and programs up to date.
- Using only legitimate software, downloaded from official webpages or installed from the Mac App Store.
- Starting to use a reliable security solution like Kaspersky Internet Security that delivers advanced protection on Mac, as well as on PC and mobile devices.
Read the full text of the report on Securelist.com
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.