If the ransomware incident involving the tampered Transmission app in late 2016 started something, it’s that threat actors are now getting interested in compromising Mac OS users.
Recent events involving the Proton remote access Trojan (RAT distributed through the popular Elmedia media player software) show cybercriminals are actively targeting highly popular applications – an app with more than 1 million downloads in this case – to maximize their chances of infection.
There’s no reason to assume Mac malware will fade away. If anything, we’ve learned that attackers are active in their use of popular applications to smuggle data-stealing malware. Supply chain attacks that involve compromising the app vendor’s website and replacing the legitimate app with a tampered one are now a fact, as compromising websites is usually just a matter of persistence. Finding and exploiting vulnerabilities in webpages to allow unauthorized access can be more effective than finding a zero-day vulnerability in Mac OS.