Skip to main content

How MacPaw is making cybersecurity accessible to everyone; my exclusive interview from Kyiv

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.


I’ve been a CleanMyMac subscriber for nearly a decade, and I’ve been truly impressed by the app’s recent focus on providing Mac users with simple yet effective malware detection and prevention features. So, when MacPaw offered to fly me out to Kyiv, Ukraine, to meet and interview the folks leading Moonlock, its cybersecurity division, I jumped at the opportunity.

This interview is divided into three parts: About Moonlock, the technology behind the Moonlock Engine, and what’s planned for the future.

Disclosure: Ukraine is a country at war. Many members of the Moonlock team also aid in the defense of their country, so false names may be used below to protect their identity. Some parts of the transcript were edited for clarity.

You’re reading Security Bite, a security-focused column on 9to5Mac. Each week, Arin Waichulis delivers insights and interviews on the latest in data privacy, the current malware landscape, and emerging threats within Apple’s vast ecosystem of over 2 billion active devices.

At the time of writing, MacPaw’s HQ, the very place where this interview was conducted weeks prior, was just severely damaged in a ballistic missile attack. My heart goes out to the team. Thankfully, no one was harmed. Please consider supporting MacPaw’s relief effort here.

With that out of the way, here’s my full interview. In the room: Oleg (head of product for Moonlock), Borys (head of Moonlock Lab, research division), Anastasiia (senior PR specialist at Moonlock), and myself.

Q: Could you tell me what the inspiration was for MacPaw to open a cybersecurity division?

From Oleg, head of product for MacPaw’s Moonlock:

It became clear that after the first malware detection modules were added to CleanMyMacX, this was a much bigger topic than we initially thought—we’d only scratched the surface.

We started asking ourselves: why not build something better and more comprehensive? This vision evolved into Moonlock. Unlike other cybersecurity companies focused on businesses or Windows systems, we’ve been working with Macs for years, so it felt like a natural fit. Additionally, many Mac users have the misconception that Macs are immune to viruses or malware, which isn’t true.

The next logical step for MacPaw was to address this gap. We were already cleaning machines and removing malicious files, so why not take it further and prevent them from causing harm in the first place?

Q: Got it. And the mission of Moonlock—what’s the focus?

Oleg:

The mission of Moonlock is to make cybersecurity accessible to everyone. When we talk to users, they often express awareness about cybersecurity and sometimes concerns, but they rarely take proactive steps to protect themselves—unless they’ve already experienced an incident.

For many users, an incident acts as a wake-up call. Before that, even if they’ve heard about cybersecurity threats, they often take a passive approach because they’re unsure where to start or don’t have the time to learn.

That’s where Moonlock comes in. We aim to bridge that gap. Cybersecurity concepts can have a steep learning curve, but we believe we can provide tools that protect users without requiring them to become experts.

CleanMyMac is perceived as a simple yet powerful tool. We want to bring the same philosophy to Moonlock. It’s about creating solutions that are easy to use—maybe just a couple of clicks—but still incredibly effective.

Q: Moving on to the technology, can you explain what the Moonlock Engine does?

Oleg:

The Moonlock engine is specifically designed for Macs. It’s built by engineers who understand macOS, including how malware can persist and infect systems. This deep expertise allows us to tailor the engine to address Mac-specific threats effectively.

One of its most significant advantages is that it’s integrated into CleanMyMac. So, any user who installs CleanMyMac, even for cleaning purposes, automatically benefits from the built-in security features.

On the technical side, the engine uses a combination of static and dynamic analysis. Static analysis involves examining the code itself, while dynamic analysis involves running the code in a virtual environment to observe its behavior. This dual approach is crucial because some malware is designed to “sleep” for weeks or months, making it harder to detect.

We’ve also balanced thorough scanning with performance. For example, we have a fast scan that quickly checks the most common locations for malware and a deeper scan that examines additional areas and file types.

Q: Are there any new security features in the new redesigned CleanMyMac?

Oleg:

We’re not adding new major security features to CleanMyMac at this time, but we’re constantly updating the engine behind the scenes. It’s not radically new, but it improves with each update. We’re updating databases frequently to catch top-layer threats, adding signatures, and modifying detection methods to keep up with malware authors. It’s always a cat-and-mouse game.

Apple does a good job at stopping malware for the most part. They have protection tools built into the system, like XProtect and Gatekeeper. But users still click links or launch suspicious things, and that’s where we try to help prevent them from doing dangerous things.

Q: Borys, could you talk about Moonlock Lab and what your team does on the research side?

Borys, head of Moonlock’s research division, Moonlock Lab:

In MoonLock Labs, we study not just samples or malicious code, but try to understand the intent behind malware authors. We’re living in an age with technologies that can hide, obfuscate, and mutate code. If authors use ChatGPT or neural networks to mutate code, they can generate many variants no one can understand from simple observation.

We focus on understanding malware behavior and improve our technology to collect and study samples through their behavior. You can study code statically by viewing it, or dynamically by running it in a virtual environment. Malware can sleep for days, weeks, or months, so even improved sandboxes can’t always reveal malicious behavior.

A recent trend is malware-as-a-service. Someone can write malicious code without commercial purposes and sell it on dark web marketplaces for Bitcoin. This makes it more dangerous because now people who can’t write malware can purchase and execute it.

Q: Are you seeing an increase in criminal activity in specific regions…maybe Russia?

Borys:

Attribution is the most challenging thing. You can’t always tell from the code that it’s Russian, Chinese, or North Korean. Through research and diving into C2 servers, comparing code elements on GitHub or the dark web, you can follow the trail to understand its origin. It’s like being an investigator.

IP addresses aren’t absolutely useful because Russia uses expansion techniques. They capture IP addresses, deface sites in any country, hack infrastructure, and convert it to proxies. Botnets created from poorly protected smart devices are common. There’s legislation coming to make manufacturers adhere to security standards, as many devices still use default admin passwords.

Oleg:

The Mac market seems to be going through all the same stages as Windows did, just decades later and more rapidly. It’s like season two of the same series on a different platform. Windows researchers can apply their knowledge to quickly address these problems before they become as huge as on Windows.

Q: Are there plans to spin MoonLock off CleanMyMac into its own product, like an EDR solution?

Oleg:

We are currently working on a product like that. We’ve talked about it during the MoonLock launch – converting our knowledge and observations into practical help for users. Our first step was improving CleanMyMac’s removal into the MoonLock engine to protect millions of users immediately.

We’re building to execute our vision of making cybersecurity accessible to every Mac user, making it more sophisticated, capable, yet easy to understand and approachable. It takes time. The main challenge isn’t just making security tools, but inspiring users to implement them and change their habits.

People often treat cybersecurity as boring or too complicated. We want to make it colorful and easy to use, like CleanMyMac – where users don’t need to think about steps, it just works. But it’s more complicated because with cybersecurity, if you have a problem, it’s already too late. It’s like vaccines – you need them before problems occur.

End.

I want to give special thanks to Anastasiia at MacPaw for organizing a flawless and safe trip during such a tumultuous time in Ukraine. The team at MacPaw is world-class. I can best describe the company as the Google of Ukraine. Seriously.

More in Apple security

Follow Arin: Twitter/X, LinkedIn, Threads

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications