Malware on Apple Mac, Android, and IoT

Posted by Timothy Platt on Aug 19, 2017

Malware on Android, MacOS, and IoT

In the news recently, we learned of new variants of malware on Apple Mac computers, Android phones and IoT (“Internet of Things”) devices. While malware and related security threats on these devices are not quite as numerous as on Windows devices – they exist – and we believe this represents a growing threat. In this article, we’ll discuss what can be done about this by the average small business.

What is Malware?

Malware is any sort of malicious, unwanted program. They are typically surreptitiously installed via computer security vulnerabilities, or user trickery, also known as social engineering. Typical examples include: viruses, worms, remote access toolkits, ransomware, etc. It’s also important to understand that it’s possible for a user to accidentally or unknowingly install a malware program – no security vulnerability needed.

All Computers Are Susceptible to Malware

Malware Warning Symbol
It’s often stated that there are far more malware threats for Microsoft Windows devices than other computers, and that’s probably true. But what is most important is to understand that any computer device is potentially susceptible to malware. And we are seeing trends in some platforms that historically weren’t targeted (as much) being targeted more. There is nothing inherently in Android OS or MacOS that make them invulnerable to malware.

Secondly, understand that a smartphone, a tablet, or an IoT Device – all are just another computer. It may not have a physical keyboard, or a mouse, or a monitor, but all those devices are computers. And therefore susceptible to malware.

Why is Android Malware a Threat?

Perhaps you aren’t concerned, because your small business doesn’t use Android phones. But do your employees? Are these Android phones on the Wi-Fi network (perhaps as a convenience, or to avoid chewing up cellular data plans)? Does this Wi-Fi network have access to internal servers and resources? These are all things that need to be considered. It’s theoretically possible that a Android malware could be written that could traverse and further exploit Windows machines and other servers on a corporate network. It can happen, it will happen.

Especially concerning is that some of this Android malware was installed via the Google Play Store. This is not the first time this has happened.

Why is Mac Malware a Threat?

Apple Logo
A few years ago Apple ran an extensive ad campaign that compared their products to Microsoft Windows. One of the key campaign points was that Apple Mac was less susceptible to malware. It’s hard to explain why Mac has been targeted less for malware, but that doesn’t matter. We can tell you there does exist Mac malware. And it can be used to exploit other Macs, Windows machines, servers, network shares, and potentially anything else on the network. Therefore, if you have Mac machines connected to the network, you need to have some assurance that these machines are not a potential security issue.

Need proof? Here’s a recent example of a Mac spyware named “Fruitfly”. If this was on a Mac, connected to a corporate network, and windows AD credentials were being entered into the computer to access a file share, the credentials could have been compromised. This is just one example, there’s many, many other things that could happen.

The Rise of BYOD

We see Mac and Android devices in nearly every company. In some cases they are company provided devices, in others it’s a case of BYOD – Bring Your Own Device. In either case, they often have unrestricted network access. It’s also bad if they are completely unmanaged – you have no idea what’s running on them, or how they are being used. You cannot assume the average employee is a cyber-security expert (and they shouldn’t have to be). And that’s where the problems arise.

The Internet of Things (IoT)

Here’s another similar, but different threat. The Internet of Things (IoT) is the hot buzzword of 2017. There’s a lot of hype surrounding it, but it’s a trend that is here to stay. IoT is the practice of network enabling and connecting devices that previously weren’t capable of this. Put your security camera on the Internet – sure. Refrigerator? Thermostat? TV? Yep – you can do all those things now. Cool stuff, but here’s the warning.

Any device that can communicate over the network is a computer. And what do we know about computers? They are susceptible to malware. IoT is a particular concern because so many of the devices are cheaply made – it’s a new field, and the devices are being churned out with no thought or consideration to real security, in many cases. Some have hardcoded admin passwords that are now well known by hackers – and what’s worse is that some of these devices can never be upgrade or patched. They are now a permanent security threat on your network.

What’s the takeaway? Be very careful about what IoT devices you allow on your network – and change any default administrative passwords immediately

What Your Small Business Can Do About This

We have an extensive list of recommendations for small business computer and cyber-security.
But the specific actions for this particular issue:

Get Help from the Security Experts

We hope this information has been helpful. Your situation and unique requirements will need specific assessment. And remember, we’re here to help. If you’ve got a security related challenge, reach out to us – we’d love to help.

Contact VO for security help now

IT Support by Virtual Operations

Virtual Operations provides IT support for small businesses in the Orlando and Central Florida area. Our managed IT services offering provides the expertise and quality care your small business needs. Please contact us today to find out how we can help with your computer support and network support needs.

Like To Learn More? Send Us A Message or call direct 407.268.6626

Back to Blog

Sign up for free and be the first to know about updates

Subscribe to Email Updates

It appears you are viewing this site through an obsolete web browser.

This site was built to comply with modern web standards and relies on features unavailable in browsers that are out of date.

You can learn more about your browser here. And you can learn more about modern web browsers here.

To hide this notice, click here.