FireEye and OS X Support

Today, we announced support for OS X in our flagship NX product. This means we now have virtual image capabilities for Macs in an enterprise environment. This is important for several reasons:

• Mac’s footprint inside the enterprise is growing. Today, 21 percent of information workers are using one or more Apple products and a 52 percent projected increase in Apple devices to be issued according to Forrester.
• Senior level employees—i.e., targets interesting to attackers—represent 41 percent of enterprise Apple users. At a recent conference, our CTO Dave Merkel said, “We live in a fully connected world. Where information goes, spies follow. Where money goes, crime follows.” Now you can add: “Where the employee goes, malware will follow."

In fact, our product has been in beta and available to customers for several months now.  Such increased use of Apple computers has caught the attention of attackers, with FireEye Labs seeing malware callbacks from Macs increase 36 percent year-over-year between the first six months of 2013 and 2014.

More importantly, our product uncovered—within two days of deployment—an Apple-centric malware campaign which we detailed in this blog. Specifically, FireEye Labs discovered a previously unknown variant of the APT backdoor XSLCmd – OSX.XLSCmd – which is designed to compromise Apple OS X systems. This backdoor shares a significant portion of its code with the Windows-based version of the XSLCmd backdoor that has been around since at least 2009. This discovery, along with other industry findings, is a clear indicator that APT threat actors are shifting their eyes to OS X as it becomes an increasingly popular computing platform.

We hope with this release, security teams can be ready.