9to5Mac Security Bite is exclusively brought to you by Mosyle,the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.Ive been a CleanMyMac subscriber for nearly a decade, and Ive been truly impressed by the apps heavy focus on providing Mac users with remarkably simple yet effective malware detection and prevention features. So, when MacPaw offered to fly me out to Kyiv, Ukraine, to meet and interview the folks leading Moonlock, its cybersecurity division, I jumped at the opportunity.This interview is divided into three parts: About Moonlock, the technology behind the Moonlock Engine, and whats planned for the future.Disclosure: Ukraine is a country at war. Many members of the Moonlock team also aid in the defense of their country, so false names may be used below to protect their identity. Some parts of the transcript were edited for clarity.Youre reading Security Bite, a security-focused column on 9to5Mac. Each week, Arin Waichulis delivers insights and interviews on the latest in data privacy, the current malware landscape, and emerging threats within Apples vast ecosystem of over 2 billion active devices.At the time of writing, MacPaws HQ, the very place where this interview was conducted weeks prior, was just severely damaged in a ballistic missile attack. My heart goes out to the team. Please consider supporting MacPaws relief effort here.With that out of the way, heres my full interview. In the room: Oleg (head of product for Moonlock), Borys (head of Moonlock Lab, research division), Anastasiia (senior PR specialist at Moonlock), and myself. Q: Could you tell me what the inspiration was for MacPaw to open a cybersecurity division?From Oleg, head of product for MacPaws Moonlock:It became clear that after the first malware detection modules were added to CleanMyMacX, this was a much bigger topic than we initially thoughtwed only scratched the surface.We started asking ourselves: why not build something better and more comprehensive? This vision evolved into Moonlock. Unlike other cybersecurity companies focused on businesses or Windows systems, weve been working with Macs for years, so it felt like a natural fit. Additionally, many Mac users have the misconception that Macs are immune to viruses or malware, which isnt true.The next logical step for MacPaw was to address this gap. We were already cleaning machines and removing malicious files, so why not take it further and prevent them from causing harm in the first place?Q: Got it. And the mission of Moonlockwhats the focus?Oleg:The mission of Moonlock is to make cybersecurity accessible to everyone. When we talk to users, they often express awareness about cybersecurity and sometimes concerns, but they rarely take proactive steps to protect themselvesunless theyve already experienced an incident.For many users, an incident acts as a wake-up call. Before that, even if theyve heard about cybersecurity threats, they often take a passive approach because theyre unsure where to start or dont have the time to learn.Thats where Moonlock comes in. We aim to bridge that gap. Cybersecurity concepts can have a steep learning curve, but we believe we can provide tools that protect users without requiring them to become experts.CleanMyMac is perceived as a simple yet powerful tool. We want to bring the same philosophy to Moonlock. Its about creating solutions that are easy to usemaybe just a couple of clicksbut still incredibly effective.Q: Moving on to the technology, can you explain what the Moonlock Engine does?Oleg: The Moonlock engine is specifically designed for Macs. Its built by engineers who understand macOS, including how malware can persist and infect systems. This deep expertise allows us to tailor the engine to address Mac-specific threats effectively.One of its most significant advantages is that its integrated into CleanMyMac. So, any user who installs CleanMyMac, even for cleaning purposes, automatically benefits from the built-in security features.On the technical side, the engine uses a combination of static and dynamic analysis. Static analysis involves examining the code itself, while dynamic analysis involves running the code in a virtual environment to observe its behavior. This dual approach is crucial because some malware is designed to sleep for weeks or months, making it harder to detect.Weve also balanced thorough scanning with performance. For example, we have a fast scan that quickly checks the most common locations for malware and a deeper scan that examines additional areas and file types.Q: Are there any new security features in the new redesigned CleanMyMac?Oleg:Were not adding new major security features to CleanMyMac at this time, but were constantly updating the engine behind the scenes. Its not radically new, but it improves with each update. Were updating databases frequently to catch top-layer threats, adding signatures, and modifying detection methods to keep up with malware authors. Its always a cat-and-mouse game.Apple does a good job at stopping malware for the most part. They have protection tools built into the system, like XProtect and Gatekeeper. But users still click links or launch suspicious things, and thats where we try to help prevent them from doing dangerous things.Borys, head of Moonlocks research division, Moonlock Lab:In MoonLock Labs, we study not just samples or malicious code, but try to understand the intent behind malware authors. Were living in an age with technologies that can hide, obfuscate, and mutate code. If authors use ChatGPT or neural networks to mutate code, they can generate many variants no one can understand from simple observation.We focus on understanding malware behavior and improve our technology to collect and study samples through their behavior. You can study code statically by viewing it, or dynamically by running it in a virtual environment. Malware can sleep for days, weeks, or months, so even improved sandboxes cant always reveal malicious behavior.A recent trend is malware-as-a-service. Someone can write malicious code without commercial purposes and sell it on dark web marketplaces for Bitcoin. This makes it more dangerous because now people who cant write malware can purchase and execute it.Q: Are you seeing an increase in criminal activity in specific regionsmaybe Russia?Borys: Attribution is the most challenging thing. You cant always tell from the code that its Russian, Chinese, or North Korean. Through research and diving into C2 servers, comparing code elements on GitHub or the dark web, you can follow the trail to understand its origin. Its like being an investigator.IP addresses arent absolutely useful because Russia uses expansion techniques. They capture IP addresses, deface sites in any country, hack infrastructure, and convert it to proxies. Botnets created from poorly protected smart devices are common. Theres legislation coming to make manufacturers adhere to security standards, as many devices still use default admin passwords.Oleg: The Mac market seems to be going through all the same stages as Windows did, just decades later and more rapidly. Its like season two of the same series on a different platform. Windows researchers can apply their knowledge to quickly address these problems before they become as huge as on Windows.Q: Are there plans to spin MoonLock off CleanMyMac into its own product, like an EDR solution?Oleg: We are currently working on a product like that. Weve talked about it during the MoonLock launch converting our knowledge and observations into practical help for users. Our first step was improving CleanMyMacs removal into the MoonLock engine to protect millions of users immediately.Were building to execute our vision of making cybersecurity accessible to every Mac user, making it more sophisticated, capable, yet easy to understand and approachable. It takes time. The main challenge isnt just making security tools, but inspiring users to implement them and change their habits.People often treat cybersecurity as boring or too complicated. We want to make it colorful and easy to use, like CleanMyMac where users dont need to think about steps, it just works. But its more complicated because with cybersecurity, if you have a problem, its already too late. Its like vaccines you need them before problems occur.End.I want to give special thanks to Anastasiia at MacPaw for organizing a flawless and safe trip during such a tumultuous time in Ukraine. The team at MacPaw is world-class. I can best describe the company as the Google of Ukraine. Seriously.More in Apple securityA newly-released app lets you regularly scan your iPhone for Pegasus spyware which can access almost all the data on a phone for a one-off cost of just one dollar.Moonlock Lab released its 2024 Threat Report, detailing how AI tools like ChatGPT are helping to write malware scripts, the shift to Malware-as-a-Service (MaaS), and other interesting statistics its seeing through internal data.Apples Passwords app now has a Firefox extension for Mac. Interestingly, a Reddit thread reveals that this extension appears to have been created by a third-party developer. But Apple appears to have taken it over under its branding and name.Mosyle exclusively reveals to 9to5Mac details on a new family of Mac malware loaders. Mosyles Security Research team discovered these new threats are written in unconventional programming languages and use several other sneaky techniques to evade detection.Follow Arin: Twitter/X, LinkedIn, ThreadsAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel