Making Cybersecurity Accessible for All: My Exclusive Interview with MacPaw from Kyiv

0
55
Making Cybersecurity Accessible for All: My Exclusive Interview with MacPaw from Kyiv

The DMN Security Bite series is proudly sponsored by Mosyle, the sole Apple Unified Platform. Our mission is to ensure Apple devices are ready for work and secure for enterprise use. By integrating advanced Apple-specific security solutions, including automated Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management, we deliver the most efficient and modern Apple MDM available. The outcome is a fully automated platform trusted by more than 45,000 organizations, ensuring millions of Apple devices are prepared for work effortlessly and affordably.Try your EXTENDED TRIAL today and discover why Mosyle is essential for Apple device management.


As a long-time subscriber of CleanMyMac, I have been highly impressed with its focus on providing Mac users with straightforward yet effective malware detection and prevention. When MacPaw invited me to Kyiv, Ukraine, for an interview with the leaders of Moonlock, its cybersecurity division, I eagerly accepted.

The interview consists of three segments: an overview of Moonlock, the technology behind the Moonlock Engine, and future aspirations.

Disclosure: Ukraine is currently engaged in a conflict. Several members of the Moonlock team are involved in their country’s defense, leading to the use of pseudonyms in this discussion to ensure their safety. Some transcript sections have been edited for clarity.

You are reading Security Bite, a column dedicated to security on DMN. Weekly insights and interviews on data privacy, the latest malware trends, and evolving threats in Apple’s extensive ecosystem, which supports over 2 billion devices, are presented by Arin Waichulis.

Pasted Image 1 2 24 5 39 PM
Making Cybersecurity Accessible for All: My Exclusive Interview with MacPaw from Kyiv 2

Recently, MacPaw’s headquarters—the location of this interview—suffered significant damage due to a ballistic missile strike. My thoughts are with the team. Please consider contributing to MacPaw’s relief efforts here.

Now, here’s the complete interview. Participants included Oleg (head of product for Moonlock), Borys (head of Moonlock Lab, research division), Anastasiia (senior PR specialist at Moonlock), and myself.

Q: What inspired MacPaw to establish a cybersecurity division?

Oleg, head of product for MacPaw’s Moonlock:

After implementing our first malware detection features in CleanMyMacX, we realized this issue was much broader than we had anticipated—we had merely skimmed the surface.

We began to ponder: why not create something better and more thorough? Thus, Moonlock was born. Unlike typical cybersecurity firms that target businesses or Windows platforms, we have extensive experience with Macs, making this an intuitive evolution. Additionally, many Mac users falsely believe that their devices are immune to malware, which we know isn’t true.

Consequently, we felt it necessary for MacPaw to address this misconception. We were already cleaning systems and removing harmful files, so it made sense to enhance our services by preventing these threats from inflicting damage in the first place.

Q: Understood. What is Moonlock’s mission and focus?

Oleg:

Moonlock’s mission is to democratize cybersecurity. When we communicate with users, we often find that while they are aware of cybersecurity issues and express concern, they typically don’t take proactive measures to defend themselves—unless they have already encountered a problem.

For most users, an incident serves as a wake-up call. Even though they hear about cybersecurity risks, people tend to take a passive approach because they don’t know where to begin or feel they lack the time to educate themselves.

That’s where Moonlock aims to provide assistance. While cybersecurity can seem complex, we strive to offer tools that defend users without requiring them to become cybersecurity experts.

CleanMyMac is regarded as both simple and powerful. We want to extend this philosophy to Moonlock, creating solutions that are user-friendly—often just a couple of clicks away—yet highly effective.

Q: Now, regarding the technology, can you explain the function of the Moonlock Engine?

Oleg:

The Moonlock engine is specifically tailored for Macs. It is developed by engineers who grasp macOS inside and out, including how malware can thrive and infect systems. This specialized knowledge enables us to precisely address Mac-specific threats effectively.

A major advantage is its integration into CleanMyMac. Thus, users installing CleanMyMac for its cleaning functionalities automatically gain access to its security features.

Technically, the engine employs both static and dynamic analysis. Static analysis inspects the code itself, while dynamic analysis tests the code in a virtual environment to monitor its behavior. This dual methodology is essential as some malware can remain dormant for prolonged periods, complicating detection.

Furthermore, we’ve prioritized performance alongside thorough scanning. For instance, we offer a quick scan that swiftly inspects frequent malware locations and a comprehensive scan that investigates additional areas and file types.

Q: Are there any new security features included in the redesigned CleanMyMac?

Oleg:

Currently, we are not introducing any major new security features in CleanMyMac, but we’re continuously refining the engine under the hood. While changes may not be revolutionary, each update enhances its effectiveness. We frequently update databases to recognize top threats, incorporating new signatures and adapting detection strategies to stay ahead of malware creators. It remains a constant back-and-forth.

For the most part, Apple does an excellent job of preventing malware with integrated tools like XProtect and Gatekeeper. Still, users occasionally click on unsafe links or execute questionable files, which is where we step in to provide preventative measures.

Q: Borys, can you elaborate on Moonlock Lab and your team’s research efforts?

Borys, head of Moonlock’s research division, Moonlock Lab:

In Moonlock Lab, we investigate not only malware samples but also analyze the motives of malware creators. We live in an era where technologies can conceal, obfuscate, and mutate code. If creators leverage tools like ChatGPT or neural networks to modify code, they can produce countless variants that are not easily recognizable upon casual inspection.

Our objective is to comprehend malware behavior and enhance our capabilities to gather and examine samples based on their actions. Studying code can be static through direct observation, or dynamic by executing it in a controlled environment. Since malware can remain inactive for extended periods, even advanced sandboxes cannot always uncover malicious actions.

A notable emerging trend involves malware-as-a-service, enabling individuals to create harmful code without commercial intent and sell it on dark web platforms for Bitcoin. This increases danger since individuals without coding skills can now purchase and run malware.

Q: Are you observing a rise in criminal activity in particular regions, perhaps Russia?

Borys:

Attribution is particularly challenging; it’s not always evident from the code whether it originates from Russia, China, or North Korea. By researching and analyzing command and control (C2) servers, alongside comparing code elements on GitHub or the dark web, we can trace the source of the code. It’s akin to investigative work.

IP addresses can be misleading given Russia’s use of various techniques to obscure their origins. They may commandeer IPs, deface websites across countries, infiltrate infrastructures, and turn them into proxies. Botnets built from inadequately secured smart devices are commonplace. Legislative measures are forthcoming to enforce stronger security protocols, as so many devices still operate with default passwords.

Oleg:

The Mac market appears to be encountering many of the same dilemmas that Windows has faced, albeit decades later and at a faster pace. This situation resembles a second season of a familiar show evolving on a different platform. Windows security researchers can swiftly apply their learnings to address these challenges before they escalate to the same magnitude as seen with Windows.

Q: Are there any intentions to develop Moonlock into a standalone product, similar to an EDR solution?

Oleg:

We are actively developing a product along those lines. This concept was discussed during the Moonlock launch—transforming our insights and findings into practical solutions for users. Our initial focus was enhancing CleanMyMac’s removal capabilities through the Moonlock engine to provide immediate protection to millions of users.

We are committed to realizing our vision of making cybersecurity accessible to every Mac user—more sophisticated, capable, yet easy to understand and use. This undertaking requires time. The primary difficulty lies not just in the creation of security tools, but in motivating users to adopt them and alter their behaviors.

Cybersecurity is often perceived as tedious or overly complex. We aim to revitalize it, making it straightforward and user-friendly—akin to CleanMyMac, where users can rely on it without needing to contemplate numerous steps; it simply works. However, the challenge is more nuanced because when cybersecurity issues arise, it may be too late; the approach is similar to vaccines—preventive measures are necessary before a problem occurs.

Conclusion

I would like to express special gratitude to Anastasiia at MacPaw for arranging a smooth and secure visit during such uncertain times in Ukraine. The MacPaw team is exemplary, and I would liken them to the Google of Ukraine. Truly.

Additional Resources on Apple Security

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.