Patrick Wardle is one of the best-known Mac security experts. According to him, Apple released two new signatures that when put together allow the software to spot adware bundles containing Windows .exe files that are capable of running on Macs.
Here’s why it’s significant:
There’s a platform in the Apple ecosystem called Mono. Mono is a cross-platform framework that allows code written in C# to run on a variety of machines including Windows, Linux and Mac systems. While this is a great boon to legitimate developers, it has also been quickly taken advantage of by hackers around the world, who have already developed malware strains designed to be cross platform.
So far, the malware strains discovered that fall into this category fall more into the annoyance category than dire threats. They’re designed to contact remote servers that produce pop up ads for various offers, add surreptitious cryptocurrency miners, and add unwanted browser extensions. They could, of course, easily be retooled to be much more harmful, which is ultimately why Apple made the decision to update XProtect to better guard against these emerging threats.
Aside from making sure you’ve got the latest version of XProtect installed, there’s nothing to do really. It’s more a matter of being aware of the changing threat landscape.
What we’re seeing right now is a kind of half step. The current Windows based malware files automatically attempt to run Mac’s Mono framework libraries, which means that these files won’t impact a Windows-based machine. There are easy fixes for that and future iterations of code like this will no doubt be smarter and fully cross-platform capable.