Making Cybersecurity Accessible for All: My Exclusive Interview with MacPaw from Kyiv

Making Cybersecurity Accessible for All: My Exclusive Interview with MacPaw from Kyiv

The Security Bite series is proudly presented by Mosyle, the sole Apple Unified Platform. Our mission is to ensure Apple devices are not only work-ready but also secure. By integrating state-of-the-art security solutions specifically designed for Apple, we provide comprehensive Hardening & Compliance, Next Generation EDR, AI-driven Zero Trust, and exclusive Privilege Management alongside the most robust Apple MDM available. This has resulted in a fully automated Apple Unified Platform that over 45,000 organizations trust to effortlessly prepare millions of Apple devices at an affordable price. Request your EXTENDED TRIAL today to discover why Mosyle is your ideal solution for Apple management.


As a long-time CleanMyMac subscriber, I have been consistently impressed by the app’s dedicated focus on offering Mac users straightforward yet powerful tools for malware detection and prevention. So, when MacPaw invited me to Kyiv, Ukraine, for an interview with the team behind Moonlock, their cybersecurity division, I eagerly accepted the chance.

This interview is structured into three segments: an introduction to Moonlock, insights into the technology powering the Moonlock Engine, and a look at future developments.

Disclosure: Ukraine is currently facing a wartime situation. Some members of the Moonlock team contribute to their country’s defense, so pseudonyms may be employed to safeguard their identities. Portions of the transcript may have been adjusted for clarity.

You are engaged in Security Bite, a column devoted to security matters on DMN. Each week, Arin Waichulis presents insights and interviews covering data privacy, the evolving threat landscape of malware, and emerging risks within Apple’s vast ecosystem of over 2 billion active devices.

As I write this, MacPaw’s headquarters, where this interview took place weeks ago, has just suffered significant damage from a ballistic missile strike. My thoughts are with the team. Please consider contributing to MacPaw’s relief efforts here.

Now, let’s dive into the full interview. In attendance were Oleg (head of product for Moonlock), Borys (head of Moonlock Lab, the research division), Anastasiia (senior PR specialist at Moonlock), and myself.

Q: What inspired MacPaw to establish a cybersecurity division?

Oleg, head of product for MacPaw’s Moonlock:

After integrating the initial malware detection modules into CleanMyMacX, we quickly realized this issue was far more extensive than we initially recognized; we had only begun to tap into the possibilities.

That led us to consider: why not create something more advanced and comprehensive? This vision eventually manifested into Moonlock. While other cybersecurity firms tend to focus on businesses or Windows platforms, we have been dedicated to the Mac environment for years, making this a logical expansion. Additionally, the common belief among many Mac users that they are immune to viruses and malware is a misconception we aim to correct.

The next step for MacPaw was to address this glaring gap. Since we were already removing harmful files, it made sense to also work on preventing them from causing damage in the first place.

Q: Understood. What is the mission of Moonlock, and what are your main objectives?

Oleg:

The mission of Moonlock is to democratize access to cybersecurity for all users. Many people express awareness and concern regarding cybersecurity, but few take proactive measures until after they experience a security incident.

Typically, an incident serves as a catalyst for action. Prior to such events, even those who are aware of the potential threats often adopt a passive stance due to uncertainty about where to start or lack of time to educate themselves.

This is where Moonlock steps in. Our goal is to close that gap. Though cybersecurity can seem overwhelmingly complex, we believe we can offer tools that provide protection without requiring users to become cybersecurity experts.

We aim to replicate the straightforward yet effective user experience of CleanMyMac with Moonlock, emphasizing user-friendly solutions that require minimal effort—perhaps just a few clicks—while effectively safeguarding users.

Q: Can you elaborate on the technology behind the Moonlock Engine?

Oleg:

The Moonlock engine has been specifically engineered for Macs. It is developed by engineers well-versed in macOS and aware of how malware can infiltrate and persist in systems. This understanding enables us to customize the engine to tackle Mac-specific threats effectively.

A key benefit is its integration with CleanMyMac. Any user that installs CleanMyMac for cleaning will automatically gain access to its security features.

From a technical standpoint, the engine leverages both static and dynamic analysis. Static analysis scrutinizes the code, while dynamic analysis executes the code within a virtual environment to monitor its behavior. This dual methodology is essential since some malware can lay dormant for extended periods, complicating detection efforts.

We have also optimized scanning to balance thoroughness and performance. For instance, we offer a quick scan that assesses common malware locations and a deeper scan that investigates more obscure areas and file types.

Q: Are there new security features included in the latest version of CleanMyMac?

Oleg:

Currently, we are not introducing major new security features to CleanMyMac, but we continually enhance the underlying engine. It’s not a ground-up overhaul, but we consistently improve it with each update. Our databases are updated frequently to stay ahead of emerging threats, incorporating new signatures and adapting detection techniques in a constant battle with malware authors.

Apple generally excels in minimizing malware threats, offering built-in tools such as XProtect and Gatekeeper. Nonetheless, users may still inadvertently click on harmful links or open suspicious files, and that’s where we intervene to help them avoid risky actions.

Q: Borys, could you discuss Moonlock Lab and the research activities your team engages in?

Borys, head of Moonlock’s research division, Moonlock Lab:

At Moonlock Lab, we analyze not just malware samples, but also delve into the motivations behind malware development. In an era where technologies enable code to obfuscate and mutate, understanding the intentions of malware authors is crucial. With tools like ChatGPT or neural networks, authors can produce numerous code variants that are nearly indistinguishable at a glance.

Our focus is on comprehending malware behavior while enhancing our technology to gather and analyze samples based on their actions. Static analysis can illuminate the code’s structure, while dynamic analysis allows us to witness behavior when executed in a controlled environment. Since malware can remain silent for extended times, even advanced sandboxes can struggle to reveal harmful actions.

Another recent trend we’ve noticed is the rise of malware-as-a-service, where individuals create malicious code without profit motives and then sell it on dark web marketplaces using cryptocurrency. This trend significantly raises the threat level, as those unable to write malware can now easily purchase and deploy it.

Q: Have you observed an uptick in criminal activity in certain regions, perhaps Russia?

Borys:

Attribution is one of our biggest challenges. Identifying the origin of malware solely based on code can be difficult—deciding whether it originates from Russia, China, or North Korea often requires detailed investigation. By researching command-and-control servers and comparing code elements hosted on platforms like GitHub or the dark web, we can often trace the origins of malware.

IP addresses alone can be misleading since Russia utilizes various strategies, including IP address amplification, defacing sites globally, hacking into infrastructure, and employing them as proxies. Additionally, botnets formed from inadequately secured smart devices are increasingly common. With upcoming regulations aimed at enforcing security standards among manufacturers, we hope to combat the persistent issue of default admin passwords.

Oleg:

The Mac market appears to be experiencing similar challenges to those that Windows faced, albeit a few decades later and at a faster pace. It’s akin to the second season of a series that has now reached a different platform. The experience of Windows researchers can be instrumental in quickly addressing these issues before they escalate to the severity observed in Windows environments.

Q: Are there intentions to develop Moonlock into a standalone product, such as an EDR solution?

Oleg:

We are actively working on such a product. During the Moonlock launch, we discussed our goal of transforming our knowledge and findings into practical solutions for users. Our initial focus was on enhancing CleanMyMac’s malware removal capabilities through the Moonlock engine, which immediately protects millions of users.

Our overarching vision remains to make cybersecurity accessible to every Mac user—developing a solution that is sophisticated, capable, yet user-friendly and approachable. Achieving this goal is a gradual process. The main hurdle is not just creating security tools but motivating users to adopt them and adjust their habits.

Often, cybersecurity is perceived as tedious or overly complex. We strive to make it engaging and straightforward, akin to CleanMyMac—allowing users to benefit without the need for detailed guidance. However, this is a more intricate endeavor since, with cybersecurity, if a problem emerges, it’s typically too late. Much like vaccines, preventive measures are needed prior to an issue arising.

End.

I wish to extend my heartfelt gratitude to Anastasiia at MacPaw for facilitating a flawless and secure experience amidst such uncertainty in Ukraine. The MacPaw team exemplifies world-class professionalism. I liken the company to the Google of Ukraine—a remarkably impressive organization.

More on Apple Security

Follow Arin: Twitter/X, LinkedIn, Threads

: We utilize income-earning auto affiliate links. More.