In January of this year, security specialists noted a decrease in detections of threats for the macOS platform in the Czech Republic and Slovakia. Despite this, a fake application called MinaUSB patcher appeared, which hid and spread the Pirrit adware. The application promised users the alleged functionality to perform a so-called jailbreak of devices with the system iOS, i.e. the ability to bypass the security set by the manufacturer. However, the application did not work after downloading and only continued to download advertising malicious code to the device. This is according to regular cyber threat statistics from ESET.
Security specialists noticed a significant drop in detections on the macOS platform in January of this year. However, all known malicious codes that have appeared on this platform in the Czech Republic and Slovakia for a long time remain stable among the discovered cases.
"While at the end of the year we saw a noticeable increase in the number of detections of the Pirrit adware, which has been a leading threat in our environment for several years, in January, on the contrary, a significant decrease can be seen in all detected threats. Although it might seem that malicious code on the macOS platform is gradually disappearing and that devices with this operating system are less exposed to cyber risks, this may not be the case and users should not get the impression that they are not at risk. Attackers can use such a period to try out new types of threats or strategies," says Jiří Kropáč, head of the ESET virus laboratory in Brno.
A more detailed analysis of the January threats also confirmed this scenario. This time, the attackers spread adware Pirrit hidden in a fraudulent copy of the MinaUSB patcher application.
“The MinaUSB patcher app promised users the ability to crack security features on devices Apple, such as an iPod, iPhone or iPad. This breaking of the manufacturer's numeric lock is called jailbreak and thanks to this step, users would gain, among other things, the ability to download applications to the device outside App Store, which under standard circumstances Apple does not allow The attackers targeted users of the macOS platform, probably because it allows downloads outside the official store and that all products from the company Apple can be conveniently connected together. However, the fake application only faked the supposed functionality and was unable to unlock the device. She only installed adware on the computer, which can then track users' activities on the Internet," explains Kropáč.
You could be interested in
The attraction is typically handy or well-known applications
Spreading malicious code through fake apps that promise interesting features or are no longer available in official stores is still one of the most common strategies to get adware and Trojans onto our devices.
In addition to the fake MinaUSB patcher application, a fraudulent Adobe Flash Player application appeared again in January. This time, it was used to spread the Bundlore adware. However, as security experts have repeatedly pointed out, the official version of this application no longer exists, and users should always be wary of such download offers. maxextremely vigilant.
“With adware, users may feel that there is no major danger beyond aggressive and annoying advertising or performance degradation of their device. Therefore, sometimes it may be worth them to download the application even outside the official distribution points. Typically, they are also motivated by the fact that outside of well-known stores, applications can be free, or they just get a favorite application, even if it is no longer officially available. However, adware can also download other and far more dangerous malicious code to the device. Recently, it is also increasingly a risk for our privacy on the Internet, because attackers are able to monitor our online activities thanks to it," adds Kropáč from ESET.
Jailbreak is not worth it
The fact that attackers are looking for a way to users system iOS, is no surprise. Thanks to their architecture, these devices are far more secure than computers with the macOS operating system – applications on the device can communicate with each other only to a very limited extent. However, the so-called jailbreak can bypass these security features and thus expose users' devices and data to potential danger.
"Jailbreak is a modification of the operating system. On the one hand, the user gains the highest privileges, but on the other hand, it exposes their device to attacks because it unlocks access to sensitive parts of the device," says Kropáč and adds: "Thanks to jailbreak, users can install applications on their iPhone or iPad that are not available in the official store." App Store", but this means that they will no longer be protected in the event that such an application is not safe. In addition, performing a jailbreak is considered a violation of the license agreement."
Also in the case of the macOS platform, users should download applications exclusively from the official store App Store, where security teams regularly check them for malicious code. Before adware, potentially unwanted applications and web threats will then protect them modern security solution. Along with it, users can get a variety of other tools, such as a password manager or virtual private network VPN.
The most common cyber threats in the Czech Republic and Slovakia for the macOS platform in January 2024:
- OSX/TrojanDownloader.Adload (5,03%)
- OSX/Adware.Pirrit (3,27%)
- OSX/TrojanProxy.Agent (1,26%)
- OSX/Adware.Bundlore (1,01%)
- OSX/PSW.Agent (0,75%)
