MacPaw: the Ukrainian cybersecurity firm defying a cyberwar

ClearVPN team in the Kyiv office before the war started
ClearVPN team in the Kyiv office before the war started (Image credit: MacPaw)

As the war in Ukraine enters its 17th month of fighting, we all know by now how cyberspace is a front that cannot be overlooked. In the offline world, tanks and missiles are destroying cities and killing citizens. Cyberattacks, online censorship, propaganda and surveillance have the potential to cripple the country even further.

"I'm here by choice, not by accident. We try to use our tech capabilities as much as possible to break through the Russian truth firewall." These are the words Oleksandr Kosovan, CEO at MacPaw, spoken on March 4 last year to describe his and the Ukrainian tech communities' effort at large to fight back against Russia online.

The Kyiv-based firm—which offers a wide range of security software, including its iconic CleanMyMac and newly launched VPN service—has been putting its expertise to use in order to support civilians since the start of the invasion. We talked to some of the team to understand what it's like running a cybersecurity business in times of war—especially when your enemy is Russia, home to some of the smartest hackers in the world.

Preparing for the worst

"We started our planning around two months before the actual war outbreak," Vira Tkachenko, CTO at MacPaw, told Techradar. "And, even our worst scenario was beaten by reality."

Specifically, the firm outlined some possible scenarios of how the conflict could play out by considering factors like power outages, internet disruptions and, even more importantly, making sure their people could reach a safe place.

"When we're talking about war it's very important where you stay physically," said Tkachenko. "Our office changed dramatically because we needed to have shelters and all that stuff. We expected that Kyiv could be occupied and we wouldn't have access to our office."

About one third of MacPaw's team now works far away from the capital, either in safer places across West of Ukraine, around Europe, the UK or the US. This was the biggest change to the company's operations. This also made it necessary to move from an office-based virtual private network solution to a more flexible cloud VPN.

Once all the team was safe and sound, they had to guarantee that the security of the products wasn't compromised. They first created some emergency teams made up by employees based in safer zones, and then implemented a code-freeze regime. This meant that only the engineers from an emergency team were allowed to make or approve changes to software.

Talking about such decisions, Tkachenko said: "On February 24 it was a crazy time. The situation changed every minute and all of us became quite emotional because you needed to think about your family and what's going on. In this state of mind, it's easy to create very unsafe changes to our products."

Fighting back against Russia propaganda

MacPaw's CEO has been very involved on social media to help fight back against Russian propaganda using both his own personal platforms and the accounts linked with the company and its products.

Unsurprisingly, this was enough to quickly become a target of Russia's army of hackers. "We experienced the first DDos attack in the first week of war," said Tkachenko. 

Their website has been censored in Russia since March 2, 2022, and is still the target of attacks from time to time.

None of this discouraged MacPaw to keep going with its mission. Thanks to the team's expertise and the support of vendors like Cloudflare, which created special units to back up the Ukrainian government and businesses more broadly, the damage of these incidents remains quite limited. 

"They attack, we protect. We are always ready to react," said Tkachenko.

Once dangerously overlooked, cybersecurity has become a central concern across Ukraine in the face of the biggest cyberwar in history—especially among citizens, who are increasingly the victims of such attacks.

"The scale of these cyber attacks was like 200 times bigger," Sergii Kryvoblotskyi, Head of Technological R&D at MacPaw, told us. "Before we expected those attacks from competitors or some black marketing techniques. But, now, it's a huge country with a lot of resources and hackers. They constantly invest in these attacks."

Getting security products up for the task

MacPaw was founded in 2008 and its first release was the very successful CleanMyMac for decluttering and optimizing Apple computers. 

The company has come a long way since then, maintaining good UI and strong user-friendly design at the core of everything it does. Its product offering now counts 11 different applications across all the main operating systems, including Windows, Android and iOS. Apple devices are still the priority, though.

The team also keeps improving its most iconic tool. The latest release, CleanMyMac X, is, in fact, much more than a simple system cleaner. It now protects devices from malware, adware, and other threats.

Other MacPaw products:

SetApp: Available for MacOS and iOS only, it's a curated app subscription service which provides access to a curated software library of 240+ apps for a single monthly fee.  

The Unarchiver: It's a RAR opener for Mac that supports all known archive types. 

Gemini 2: Named the best of the Mac App Store back in 2012, it finds and deletes duplicate files from Mac devices. Gemini Photos does the same with pictures on iPhones.

Russia's invasion of Ukraine provided the impetus to develop easy-to-use products that could help people, especially fellow Ukrainians, to secure their most sensitive data within a click. It was then time for a revamp to its VPN service, ClearVPN, first launched only in 2020.

"The main idea was to bring this VPN technology closer to people," explained Kryvoblotskyi. 

That goal was there from the very beginning, translating to what the company called "shortcuts". This means that, unlike competitors, users just need to press one button to use its streaming VPN function, security and so on. Put simply, the developers had already set up the service according to different use cases. Perhaps not the ideal software, though, for those looking for a more customizable experience. 

User priorities changed when the conflict began, especially as the Kremlin seized control of the internet in these areas while Russian soldiers were occupying Ukrainian territories. People living there were in danger. They needed an effective solution for accessing Western content. This is exactly where the VPN's skill of spoofing people's IP addresses comes very handy.

ClearVPN 2 was born on March 2023: an even easier solution which maintains only the most requested shortcuts. Available as both a limited free version and a full paid plan, Ukrainians can use the premium service for free with a verified national ID card. 

"There are more than 100,000 Ukrainians using it on a daily basis and we got a lot of feedback from our people in occupied territories saying that it worked well and it actually does its job," said Kryvoblotskyi.

ClearVPN 2 interface

ClearVPN uses shortcuts for a friendly user experience (Image credit: MacPaw)

Another security tool that emerged from the necessity of defending against Russia's new cyber threats is SpyBuster. Completely free to use for anyone (except people based in Russia and Belarus), it's an on-device anti-spyware app that allows users to secure their most sensitive data by weeding out apps and web connections reporting to unwanted servers.

It was first released in March 2022 on MacOS (just about a month after the war started), then debuting as a Chrome extension in June and on iOS in July.

SpyBuster does two jobs. The first, "static analysis", looks at the software installed on user devices and analyzes all their details. These include where they're built, who the developer is, hosts the app use, and so on. The goal is to notify users in case these apps send some data to Russia or Belarus while also blocking these information exchanges.

Even our worst scenario was beaten by reality

Vira Tkachenko, CTO at MacPaw

The second option, "dynamic analysis", investigates what the apps installed actually do. Again, the tool blocks the traffic when diverted to unsecure servers in Russia and Belarus. That's because, as Kryvoblotskyi explained, the Kremlin can access any server that is located in Russia's territories. 

"We have conducted some research and we realized that a lot of Ukrainian mass media sites were using scripts that send some data to Russian servers and they even didn't know about it," he said.

Despite similar software being already on the market, SpyBuster claims to be unique because it doesn't just monitor unsecure apps and connections, but it also blocks specific traffic and software. The long term plan, said Kryvoblotskyi, is adding further unsafe countries like China in this blacklist. 

What's next?

With the Russia-Ukraine conflict showing no signs of ceasing soon, MacPaw and its team must cope with the new way of running the business for a while.

As we have seen, developers have been shaping the product offerings accordingly the new cybersecurity landscape, and we can expect new releases and product updates as new cyber threats emerged. What's certain is that "all is not quiet on the cyber front" across Ukraine.

In the meantime, MacPaw is committed to supporting its team and the people of Ukraine more broadly. As mentioned, it's offering ClearVPN 2 free of charge for all Ukrainians, and people working in the media in Ukraine can also claim one year of the CleanMyMac app free of charge.

The company has been donating funds and volunteering on-site while running a series of social campaigns since the war began, too. If you wish to donate, check its MacPaw Foundation page to know more.

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com