Think Apple OS X is below the malware radar? Think again

New OS X malware in 2015 is five times the previous five years combined, Bit9 + Carbon Black says

Instances of Apple OS X malware are soaring this year, already totaling more than five times the number tallied over the previous five years combined, according to an in-house Bit9 + Carbon Black tally.

Instances totaled 180 from 2010 through 2014, but have already reached 948, according to “2015: The most Prolific Year in History for OS X Malware”, the results of a 10-week study of malware crafted for the operating system.

The Bit9+Carbon Black research team analyzed data it gathered from its own research efforts, culling open source data such as Contagio malware dump, experience from incident response-engagements involving OS X that were made by Bit9 + Carbon Black’s partners, and suspicious code uploaded to Bit9 + Carbon Black from its customers. They came up with 1,400 unique OS X malware samples.

“Based on the observations in the 10-week analysis, the Bit9+Carbon Black Threat Research Team confidently expects Mac OS X malware attacks to accelerate in the coming months,” the report says.

The researchers used a custom sandbox to observe and identify common actions performed by malware, such as file creation and network communications. This revealed artifacts left by malware execution as well as command-and-control infrastructure.

Some observations about the malware include that it tended not to attempt to reside in the OS X kernel but rather in user space, and that rather than attacking underlying UNIX mechanisms, the malware went after Mac OS X-specific mechanisms.

The malware takes advantage of mechanisms built into the operating system that allow the malware to persist. For example, it can take advantage of mechanisms that enable legitimate applications to start when the computer boots up or when a user logs in.

Some of these mechanisms in OS X are common to Unix and BSDs, but the writers of the malware focus more on using persistence mechanisms unique to OS X. Perhaps the writers of the malware have backgrounds in Windows environments and worked from OS X documentation rather than a knowledge of Unix, says Mike Sconzo, senior manager of threat research for Bit9 + Carbon Black.

Join the PC World newsletter!

Error: Please check your email address.

Tags Apple

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?