First discovered in early 2014, LaoShu is a remote access trojan (RAT) that employs spam emails as its primary infection vector. This signed malware attempts to trick an unwitting user into executing it by masquerading as a .pdf file. It is actually a .app Mach-O application file. Once executed, it opens a backdoor that gives an attacker the ability to control, steal, or exfiltrate sensitive information.
KeRanger is one of the first ransomware threats to target the Mac OS® and was distributed by threat actors compromising the installer for the Transmission BitTorrent client application. KeRanger was signed with a valid Mac Developer ID in 2016 meaning it could bypass the built-in Mac OS Gatekeeper feature which blocks untrusted applications. Once discovered, the fraudulent signature was revoked.
XcodeGhost, first identified in 2015, is malware whose objective is to gather information on infected devices and upload it to C&C servers. XcodeGhost affects both iOS® and Mac OS® X and its malicious code was repackaged into some versions of the Xcode installers, Apple's official tool for developing apps for iOS and Mac OS X. It successfully infected at least two iOS apps that were accepted into the App Store™.
Get the Whole Story
For information on other noteworthy 2019 Mac threats and suggestions for mitigating risks associated with these threats, download the full BlackBerry® Cylance® 2020 Threat Report.