One of the biggest misconceptions often heard by information security experts is related to Apple products, particularly those that run on the macOS platform formerly known as OS X. Quite a few Mac users in the High Desert and across the world somehow believe that they are impervious to malware attacks, and this is a dangerous urban legend that has emanated from incorrect persuasions such as:
- Mac desktops and MacBooks are more secure than Windows devices.
- Cybercrime groups do not focus on macOS because it is not as popular as Windows.
- XProtect, an antivirus feature introduced with OS X Snow Leopard a few years ago, is good enough to protect Macs and MacBooks.
- Apple developers are constantly updating XProtect for the purpose of keeping macOS devices safe.
Aside from the assertion that macOS is not as popular as Windows, the assumptions listed above were proven to be false by Windshift, an advanced persistent threat that has quietly infected an unknown number of macOS devices over the last two years. Windshift is believed to have been developed by a shadowy hacking group in the Middle East; it is mostly an espionage operation that uses a combination of email, text messages and URL redirects to keep track of victims. The level of sophistication observed by information security experts suggests that the group responsible for Windshift may be linked to government operations.
The Dangers of Windshift & Other macOS Viruses
The problem with Windshift is that it routinely goes undetected by most antivirus software, including Apple’s own XProtect. In a recent analysis conducted by cybercrime researchers, a Windshift file titled Meeting_Agenda.zip was found to be detected only by the ZoneAlarm and Kaspersky antivirus software products. What is even more alarming about Windshift is that Apple security experts seem to be aware of it but have not shared their findings with major antivirus software developers.
What is known about Windshift is that it attempts to spy on all the digital activity of infected devices, and this may extend to synchronized iPads and iPhones. Documents are being copied, messages are being read, and screenshots are being taken by Windshift’s targets, typically users with Middle Eastern backgrounds or whose online activity links them to people from that geographic region.