Report Finds Surge in Malware Aimed at MacOS

Malware targeting Apple’s macOS is on the rise—and fast—according to an investigation by Atlas VPN, which reported 674,273 new malware samples were found in 2020, up from just 56,556 samples detected in 2019.

That’s an increase of 1,092%, with malicious actors creating an average of 1,847 threats aimed at Apple’s desktop operating system every day last year.

A steady increase in Mac sales makes developing malware for macOS more lucrative for hackers, while the establishment of malware-as-a-service has made creating malicious code easier than ever before.

“Quite simply, this is directly correlated to the explosion in use of Apple’s Desktop OS. Apple has taken huge amounts of market share from Microsoft over the last few years and now accounts for close to 15% of that market,” explained Andrew Barratt, managing principal, solutions and investigations at cybersecurity advisory services firm Coalfire.

However, as there are still many more Windows PCs in the world than Macs, Windows is still a more frequent target for hackers, which was also reflected in Atlas VPN’s report; there were more than 135 times more Windows threats than macOS threats last year.

Barratt pointed out that macOS is stricter by default as to what users are allowed to install and execute, and added that macOS runs on top of Unix, which has better security and permission features than Windows, and is partially open source.

He also noted Apple tends to be a little more restrictive in terms of where it allows its users to install applications from, but Microsoft’s Windows 10 has all the same capabilities too.

Barratt said he suspects the challenge in protecting Windows desktops from malware probably starts with the way they’re sold.

“Apple products are sold directly to the consumer; most new users will follow up with the Apple Genius bar if they have technical challenges,” he explained. “Windows devices can often be significantly cheaper and sold through a channel supplier, who may even misconfigure the device from the start to make the ‘user experience’ as simple as possible and minimize any aftercare expectations. This almost always leads to a lower security bar.”

Barratt said when it comes to adding additional layers of security, many scenarios are the same for both environments– good endpoint security and well-managed endpoint security (in a corporate environment).

“For a consumer user, best practices include taking the time to understand the standard Apple security model and using the approved software sources from the app store,” he said. “Macs are only [just] becoming a large share of the desktop estate, and so it is prudent to ensure that they’re part of your defense strategy for corporate use and for home users.”

Chris Hauk, consumer privacy champion at Pixel Privacy, noted Apple recently began transitioning its Mac lineup to its own in-house Apple Silicon-based processors, making them an attractive target for hackers looking to expand their skills to attacking Apple’s latest and greatest.

He also pointed out creating malware no longer requires extensive programming knowledge, thanks to the advent of the aforementioned malware-as-a-service.

“This allows hackers to purchase ready-made malicious code, and then tailor it to their needs, almost completely creating an entirely new threat on the fly,” Hauk said.

He noted macOS is considered safer than the Windows operating system, thanks to Apple’s tighter controls on which apps are allowed to run on a Mac machine, as well as the company’s gatekeeping functions to prevent unsigned apps from running on the machine.

At the same time, much of the Mac’s “added security” has simply been safety by obscurity, which is changing as the premium PCs chart a rise in popularity.

“Hackers have always targeted the device platforms that provide the biggest return on investment, which is Windows and Android,” Hauk said. “The recent growth of the macOS platform now makes macOS a bit more of an attractive target, so we’ll continue to see a rise in Mac malware.”

He predicted a rise in malware targeted at Macs in the future, thanks to the growing popularity of the Mac platform, as well as the popularity of malware-as-a-service, making it easier than ever to target the macOS platform.

“While it has always been said that Mac users do not need to run an antivirus utility such as those run by most Windows users, I still recommend having an antivirus app installed on your Mac; perhaps not running it in the background, but keeping it handy to run hard drive scans on a regular basis,” Hauk said.

Paul Bischoff, privacy advocate at Comparitech, also noted the people who buy Macbooks, on average, have more money than Windows users, and thus are more lucrative targets.

“Most of the tools for improving Mac security are similar to Windows systems – firewall, VPN, antivirus and password manager,” he said. “Also, be sure to consider your operational security, such as not clicking on links or attachments in unsolicited email.”

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 8 posts and counting.See all posts by nathan-eddy