Cyber Threats to Mac Computers on the Rise

For Mac users, a new cyber security threat is on the horizon. A tool called ‘Geacon’, used by hackers to gain unauthorised access to computers, is becoming more popular. This tool is a version of ‘Cobalt Strike’, another tool hackers have used for a long time to target Windows computers. But now, they’re using Geacon to focus on Macs.

SentinelOne, discovered this increase in threats after noticing more and more Geacon attacks appearing on a site called VirusTotal, which is used to spot and analyse suspicious files. Some of these attacks were just tests, but others were real attempts by hackers to gain access to computers. SentinelOne has found two recent examples of these Mac based attacks;

1: A file called ‘Xu Yiqing’s Resume_20230320.app’, discovered on 5th April. It looked like a simple resume, but it was actually a program designed to download a Geacon attack onto a Mac computer. Once downloaded, the Geacon attack could carry out various tasks, including accessing the internet, encrypting and decrypting data, downloading more attacks, and stealing data.

2: A file pretending to be SecureLink (a popular app for secure remote support), discovered on 11th April, was designed to ask for access to many of the computer’s features, like the camera, microphone, and other data. Once granted access, it could steal this information.

Whilst attacks on macOS based systems are less common than those on Windows, they do happen. Our Endpoint Detection & Response solution is designed to protect businesses from exactly these types of attacks and is already securing our customers from these Geacon attacks. EDR uses advanced Artificial Intelligence (AI) and Machine Learning to monitor your endpoints (including macOS devices) for unusual, suspicious or malicious files or activity and block it in its tracks, keeping your users and your business safe.

Latest News Stories