Apple has told us Macs arent secure enough and it continues working toimprove their security, as it does across all of its platforms. But a newly identified malware attack confirms that third-party developers can sometimes be a weak link in the perimeter.In this case,Checkpoint securityhas identified a malware-as-a-service attack it calls Banshee macOS Stealer.This insidious attack, which has apparently now been closed down, was spread via seemingly legitimate browser downloads distributed outside of Apples Mac App Store. When installed, it was capable of exfiltrating all kinds of information, including account, banking and crypto logins, and more, and was resistant to Apples own antivirus protection system, Gatekeeper. (The malware is also available on Windows, but Im less sure of thedegree of risk users on that platform face.If its too good to be true, its too good to be trueHeres what we know:The software was distributed in infected versions of popular software (such as Chrome or Telegram) via phishing websites and fake GitHub repositories.When in the field, it targets third-party browsers such as Chrome, browser extensions, and makes use of a 2FA extension to capture sensitive information.It also tricks users into sharing their passwords with legitimate seeming system prompts, sending stolen data back via command and control servers.An attack-as-a-service malware of this kind usually relies on a command server within the exfiltration process, with legitimate-seeming but infiltrated software a method of attack ever since people used to share applications via FTP, and probably before.None of this is new. Nor is the main attacks reliance on tricking users. Everyone by now knows that computer users are now and will forever be the weakest link in platform security. Convincing people to download software that is infected is common, and recent attacks from NSO and other reprehensible companies showed that it is still possible to craft attacks that dont even require user intervention. (Though those are very, very expensive.)What is new is that those behind the attack used some of Apples own anti-virus tools, stealing, a string encryption algorithm from Apples own XProtect antivirus engine, which replaced the plain text strings used in the original version, according to Checkpoint.This is what helped the attack evade detection for two months, though it was eventually identified, mitigated, and the operation shut down. Crisis over.Prevention beats cureExcept the crisis is never really over.What this attack exposed is that platforms can be undermined, and while Macs (and Apples other products) are unlike others secure by design, that doesnt mean they are infallible.The introduction of Lockdown Mode demonstrates that Apple knows attacks happen. Within that context, it becomes super-important to ensure every user understands that if software they usually pay for is available free somewhere, they should absolutely avoid installing it. And they should always ensure that legitimate software (such as Chrome) is installed from the original source.Thats not a problem if you stay within trusted app distribution ecosystems, of course particularly Apples own heavily-policed app stores. But as the company is forced to open up to third-party distribution, that security will be eroded as, at least in some cases, some app developers insist on independent distribution of their software.That represents a golden opportunity for malware distributors to try to build legitimate-seeming download sites for these apps. Though its possible that Apples Notarization system (as it expands) might become an essential tool to protect against this.While some developers continue to complain about the cost of distribution on Apples platforms, it must be stressed that the cost of cybercrime isexpected to surpass $10 trillionthis year. That means it is in the public interest for app developers if they really want to play their part to combat cybercrime to ensure they create and protect secure software distribution systems that do not confuse consumers.We all play a partIts actually in the national (international) interest. I think some of the top people predict that the next big war is fought on cybersecurity, Apple CEO Tim Cooktold Time in 2016.Software consumers need to play their part.As cyber criminals continue to innovate, security solutions must evolve in tandem to provide comprehensive protection, Check Point Research explains. Businesses and users alike must take proactive steps to defend against threats, leveraging advanced tools and fostering a culture of caution and awareness.Despite this attack, the Mac remains theworlds most secure PC platform. One of the easiest ways for anyone to improve their own security posture is to move to Apples platforms. And one of the easiest ways to undermine that security is to install dodgy software, no matter how genuine it appears to be. If it seems too good to be true, its too good to be true. So, dont download it.You can follow me on social media! Youll find me onBlueSky, LinkedIn,Mastodon, andMeWe.