It is a long-standing misconception that Macs are impervious to malware. This has never been the case. And while Apple might secretly hope people continue the preconceived notion, Mac users continue to be caught off guard by cybercriminals whose attack methods are becoming increasingly sophisticated. Below, you’ll find the most common macOS malware strains in 2024…
9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.
It’s increasingly clear that 2024 could prove to be an even more challenging year for Mac security. Looking back at 2023, at least 21 new Mac malware families were detected in the wild, a 50% increase year over year. Moreover, Patrick Wardle, founder of Objective-See, told Moonlock Labs that the number of new macOS malware specimens increased by about 100% in 2023 with no signs of a slowdown.
Phil Stokes, security researcher and blogger at leading cybersecurity firm Sentinal One, recently shared a ranking of the popularity of common macOS malware in 2024. From the chart below, ransomware, trojans, and backdoors continue to dominate.
Atomic Stealer (AMOS) is a widespread infostealer malware discovered in early 2023. Once installed, it quietly targets iCloud Keychain passwords, a user’s system password, cookies, and credit card details from various browsers. It can also compromise crypto wallets, including Atomic, Binance, Exodus, Electrum, MetaMask, and more, as reported by my colleague Michael Potuck.
Phil Stokes’s Twitter/X thread links to deeper dives into each of the top 10. I highly encourage you to check that out!
Rising Mac malware attacks, what gives?
It’s no secret that malware specifically designed and made for Mac is growing exponentially, and Apple is aware of this. Last month, the company added 74 new Yara detection rules to macOS, the most I’ve ever seen. These help prevent malware from executing or spreading by checking for specific patterns that match known malware signatures or behaviors.
So, why is Mac becoming more targeted? Here’s what I’m gathering.
Macs are rising in popularity, both for personal and business use. With this, they’re losing their strength in low numbers and becoming a more attractive target for cybercriminals.
Moreover, the rise in malware-as-a-service (MaaS) is also a big contributor. For the first time in the history of the Internet, any Joe Shmoe can download and launch different types of attacks aimed at individuals and/or companies. MaaS platforms make it easier for attackers to target macOS users without needing programming knowledge. These attacks are also scary inexpensive to carry out.
Ways to protect yourself in 2024
- Keep your device up-to-date: Whether it’s an iPhone, Mac, or iPad, everyone should first keep macOS up-to-date with the latest security patch goodness. This will address known vulnerabilities that malware can exploit. Note: Apple will push new Yara rules automatically. More on that here.
- Use antivirus software: This is important for scans and prevention. I recommend using Malwarebytes, which provides a free app for individuals that can detect and remove possible threats. Additionally, there’s Intego and CleanMyMac X, which now includes a malware removal tool powered by its MoonLock service.
- Exercise caution when clicking: Don’t be stupid, stupid. Email continues to be the most popular vertical for malware. Minimal effort for criminals, maximum success. 9% of phishing attacks were successful in 2023, up 1% in 2022, according to Jamf. As you know, exercise caution when clicking any links and opening attachments.
- Enable firewall: Enabling your Mac’s firewall is the best way to prevent the acceptance of unauthorized applications and services. You should configure this accordingly.
- Use strong (unique) passwords: Your name twice, followed by an exclamation, is not okay.
- Enable disk encryption: On Mac, this is called FileVault and will encrypt all user data saved to disk on the fly. This will keep sensitive information safe in case your device is lost or stolen. According to Jamf’s report, this was disabled on 36% of client devices.
- Limit user privileges: It is important to restrict user privileges to prevent unauthorized installation of software and to limit the potential impact of malware infections. See how to limit privileges on Mac here.
More in this series
Follow Arin: Twitter/X, LinkedIn, Threads
Read more: Security Bite: Mac Malware wreaking the most havoc in 2024
FTC: We use income earning auto affiliate links. More.