Apple Faces New Security Dilemma as Infostealers Execute Stealthy Attacks

There is an increase in the sophistication of info thieves targeting macOS, allowing them to evade Apple's malware protection built into the operating system as these attackers have become better at cracking static signature-detection engines like the platform's proprietary XProtect, which makes it harder to detect malicious programs.
Currently, there are three active stealers, KeySteal, Atomic Infostealer, and CherryPie that can evade detection engines and have been able to get around multiple detection engines.
XProtect's XProtect is currently evading a variant of the first two stealers, SentinelOne researchers revealed in a blog post earlier this week.
In macOS, XProtect is a built-in antivirus program that searches downloaded files and apps for malware signatures and then removes any that contain malware.
Information stealers targeting the macOS operating system have increased since the beginning of 2023, with many threat actors actively targeting Apple devices.
There have been a great deal of versions of Atomic Stealer, macOS meta-stealer, RealStealer, and many others that have been discovered in the past year.
In macOS, Apple updated its built-in antivirus signature database called XProtect, which indicates that Apple has taken the necessary steps to prevent these info thieves from getting their hands dirty.
The threat actors, on the other hand, have been continuously evolving and evading known signatures of malware.
Although Apple continuously updates the tool's malware database, SentinelOne says it passes through it almost instantly due to the fast response of the malware authors over Apple's constant updates.
Many info thieves bypass it in a matter of seconds and can identify endpoints that are hidden in downloaded files and apps.
It is important to note that SentinelOne's report cites KeySteal as the first malware example, which has evolved significantly since the malware was first reported in 2021.
The software is currently available via an Xcode-built Mach-O binary, named either 'UnixProject' or 'ChatGPT,' and it attempts to establish persistence and steal keychain data, as well as stealing credentials and private keys, which are stored securely in Keychain.
Using Keychain, users can securely store credentials, private keys, certificates, and notes securely.
A SentinelOne report states that KeySteal has been improved to ensure persistence and Keychain data theft since its emergence in 2021, even though Apple updated its signature last February in an attempt to prevent it from being detected by XProtect and other antivirus engines.
There is some good news in all this, as Apple updated its XProtect signatures for CherryPie in early December 2023, which is a good sign that it has worked well for new versions of the OS as well.
Malware detection has not always worked as well on Virus Total as it does on other security products.
As is evident from the above, there is an ongoing development of malware programs intended to evade detection and so, on the one hand, this game of whack-a-mole is becoming a much more complex and dangerous one for both users and operating system vendors.
Having only static detection as a means of securing your systems would be inadequate, and potentially dangerous.
Antivirus software equipped with heuristic or dynamic analysis capabilities should be incorporated into a comprehensive approach to achieve a more robust result.
As part of a comprehensive cybersecurity strategy, it is also essential to monitor network activity vigilantly, implement firewalls, and consistently keep up with the latest security updates, which are fundamental to ensuring security.


This Cyber News was published on www.cysecurity.news. Publication date: Sat, 20 Jan 2024 16:13:05 +0000


Cyber News related to Apple Faces New Security Dilemma as Infostealers Execute Stealthy Attacks

Why Infostealers are Stealing the Security Spotlight - The threat from Malware continues to escalate with infostealers, an increasingly popular variant. Research found that 24% of malware is now infostealers, and it's now one of the most popular topics on the cybercriminal underground. The malicious ...
11 months ago Cybersecurity-insiders.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Apple Faces New Security Dilemma as Infostealers Execute Stealthy Attacks - There is an increase in the sophistication of info thieves targeting macOS, allowing them to evade Apple's malware protection built into the operating system as these attackers have become better at cracking static signature-detection engines like ...
9 months ago Cysecurity.news
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
10 months ago Silicon.co.uk
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
8 months ago Esecurityplanet.com
New Stellar Cyber Alliance to Deliver Email Security for SecOps Teams - Stellar Cyber, a Double Platinum 'ASTORS' Award Champion in the 2023 Homeland Security Awards Program, and the innovator of Open XDR has entered inao a new partnership with Proofpoint, a leading cybersecurity and compliance company. Through this ...
8 months ago Americansecuritytoday.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
5 months ago Eff.org
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
10 months ago Eff.org
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
5 months ago Blog.checkpoint.com
Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
4 months ago Darkreading.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
5 months ago Esecurityplanet.com
The Rise in Attacks Requires Specialized Expertise - Organizations today are increasingly reliant on the convenience, scalability and cost-effectiveness of migrating data and operations to the cloud. While cloud migration offers organizations significant benefits, it has also opened them up to a myriad ...
10 months ago Paloaltonetworks.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
8 months ago Cybersecuritynews.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
11 months ago Bleepingcomputer.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
9 months ago Silicon.co.uk
DHS Awards UAA to Launch New ADAC-ARCTIC Center of Excellence - S&T will provide ADAC-ARCTIC $46 million over a 10-year cooperative agreement to establish this Research Center portfolio for Homeland Security in the Arctic. Vital insights from academic-led innovative research will help the Department of Homeland ...
9 months ago Americansecuritytoday.com
Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
9 months ago Darkreading.com
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
11 months ago Techrepublic.com
The 9 Most Essential API Security Tools to Protect Against Cyber Threats - Understanding the importance of API security is crucial as technological advancements across various industries continue to make our lives easier. Through APIs connecting different systems and services together, automation is becoming increasingly ...
1 year ago Csoonline.com
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
1 month ago Cyberdefensemagazine.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
10 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)