DMN Security Bite is proudly sponsored by Mosyle, the premier Apple Unified Platform. Our mission is to ensure Apple devices are ready for work and secure. By employing a unique integrated approach to management and security, we offer state-of-the-art Apple-specific security solutions for automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management, all layered on the most robust and innovative Apple MDM available. The outcome is a fully automated Apple Unified Platform that over 45,000 organizations trust to prepare millions of Apple devices for usage seamlessly and affordably. Request your EXTENDED TRIAL today to see why Mosyle is essential for Apple operations.
Annually, Moonlock Lab, the cybersecurity research division of MacPaw, publishes a report highlighting the evolving macOS threat landscape. On Tuesday, Moonlock Lab released its 2024 Threat Report, which discusses how AI tools, such as ChatGPT, are now capable of assisting in the creation of malware scripts, the rise of Malware-as-a-Service (MaaS), and other revealing statistics drawn from their internal data.
// The Dawn of AI-Driven Malware
The potential for threat actors to leverage AI tools for malicious purposes has long been speculated. We are now witnessing how these tools are being utilized.
Recent screenshots from dark web forums reveal that attackers are employing AI solutions, such as ChatGPT, to navigate complex malware creation frameworks. One notable instance involves a Russian-speaking threat actor dubbed “barboris,” who shared their journey in crafting a macOS stealer without any prior coding skills.
“With merely a few directives, attackers can produce scripts and incorporate sophisticated techniques that would have demanded considerable expertise in the past. The barriers to entry are now drastically diminished, with AI emerging as a new ally for cybercriminals launching macOS-targeted initiatives,” the report from Moonlock Lab notes.
This development raises significant concerns. What once necessitated substantial technical knowledge can now be executed by nearly anyone with online access.
This year may mark a pivotal change in malware creation. The art of crafting malware is no longer limited to skilled programmers, signifying a decentralization of cybercrime.
Despite this, navigating code can remain demanding for criminals, leading to the emergence of MaaS.
// The Rise of MaaS
According to Moonlock Lab, there has been a notable uptick in discussions surrounding the evasion of macOS defenses and the distribution of malware-as-a-service (MaaS) in 2024 on the dark web.
Currently, cyber gangs such as AMOS have established lucrative MaaS operations. In this framework, malware developers create the malicious software, while partners—often those less technologically adept—pay to utilize the tools against their selected targets.
This presents an appealing option for affiliates (criminals) with minimal technical capabilities.
Affiliates will pay a “licensing” fee for the malware package, which can either be a single payment or a more manageable recurring fee. Operators engaged in ransomware—referred to as Ransomware-as-a-Service—often earn a commission from any ransom collected.
As highlighted by Moonlock, the emergence of MaaS has significantly lowered entry barriers for cybercriminals, with services previously valued in the tens of thousands now accessible for around $1,500 per month. This decrease is likely due to intensified competition, with a proliferation of MaaS providers like RansomHub.
// What You Can Do
If you’ve been actively following Security Bite, much of this information might be familiar to you. Nonetheless, the best advice remains unchanged: ensure your software is up to date, download apps only from reliable sources, and consider a third-party security solution for added protection. Personally, I recommend MacPaw’s CleanMyMac, which provides real-time malware detection.
The notion that “Macs don’t get viruses” is a myth of the past.
For more comprehensive insights, I strongly recommend reading the complete report from Moonlock Labs.
FTC: We use income-generating auto affiliate links. More.
