Security Bite: Threat actors are widely using AI to build Mac malware

9to5Mac Security Bite is brought to you exclusively by Mosyle, the only Apple unified platform. What we do is get Apple devices ready to work and keep your business secure. Our unique integrated approach to management and security combines the most advanced Apple-specific security solutions with the most powerful, modern Apple MDM to enable fully automated hardening and compliance, next-generation EDR, AI-driven Zero Trust, and Exclusive rights management in the market. The result is a fully automated Apple unified platform, now trusted by more than 45,000 organizations, to put millions of Apple devices into use effortlessly and at an affordable cost. Request a trial extension Learn why Mosyle is everything you need to work with Apple today.

each year, moon lock laboratoryCyber ​​Security Research Department Mike Poreleased an annual report detailing the current state of the macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, detailing how artificial intelligence tools like ChatGPT can help with malware scripting, the shift to malware-as-a-service (MaaS), and other interesting statistics seen through internal data. .

// The age of AI-driven malware

There has long been speculation that threat actors have been working behind the scenes to turn AI tools into AI accomplices. Now it looks like we have an inkling of how it’s done.

Screenshots from dark web forums show that attackers are using artificial intelligence tools such as ChatGPT to guide them through the complex malware creation process. One notable example is a Russian-speaking threat actor known as “barboris” who publicly shared that they had developed macOS stealers No coding experience.

“With just a few prompts, attackers can generate scripts and implement advanced techniques that in the past required significant expertise. The barrier to entry is lower than ever, and artificial intelligence has become a new ally for cybercriminals looking to launch campaigns against macOS. .

This situation is shocking for a number of reasons. Mainly: Things that once required a lot of technical expertise can now be done by almost anyone with access to the Internet.

This year, we are likely to witness a fundamental shift in malware development. This is no longer just for skilled programmers. Essentially, this represents the decentralization of cybercrime.

However, working with the code remains challenging for criminals. This is the advantage of MaaS.

// MaaS dominates

Darknet bypasses macOS defenses and distributes malware as a service (MaaS) as discussion surges in 2024 Report from Moon Lock Laboratory.

Currently, Internet groups like AMOS operate in high-margin MaaS businesses. In this model, malware developers (or operators) create the software, and affiliates (often those with less technical knowledge) pay to access the malware package and direct it to targets of their choice.

This is a welcome solution for affiliates (criminals) whose technical capabilities are close to zero.

These affiliates will pay a fee to “license” the malware package. This can be a one-time payment or a more affordable recurring subscription. Operators who run ransomware (called ransomware-as-a-service) typically take a percentage of the ransom they receive.

According to Moonlock, the rise of MaaS has lowered the barrier to entry for cybercriminals, with services that previously cost tens of thousands of dollars now costing only about $1,500 per month. The price decrease may be due to increased competition as the number of MaaS providers proliferates, e.g. ransomware center.

//what can you do

If you are a regular reader of Security Bite, you may already know some of this information. However, the best advice remains the same: keep your software up to date, only download apps from trusted sources, and consider using third-party security solutions for extra protection. I personally recommend MacPaw Clean my Macwhich provides instant malware detection.

Long gone are the days of trusting your Mac to be virus-free.

For more details, I highly recommend checking out Moonlock Labs’ full report.