Bitdefender has revealed at Black Hat USA 2023 the macOS Threat Landscape Report, which looks at the top threats and trends targeting Apple’s macOS operating system over the duration of 12 months.
The report aims to dispel the myth that Apple products such as macOS and iOS are free from cybercriminal targeting and campaigns. On the contrary, although targeting is less frequent, findings show that cybercriminals will go to greater lengths to get Mac users to click malicious links to implant malware such as trojans and ransomware.
Key Findings
- Mac users are targeted by three key threats: Trojans, Adware and Potentially Unwanted Applications (PUAs)
- Trojans are the biggest single threat to Macs, accounting for more than half of threat detections followed by PUAs and Adware
- EvilQuest remains the single most common piece of malware targeting Macs at 52.7%
- Trojans designed to exploit unpatched vulnerabilities present a real danger to users who typically postpone installing the latest security patches from Apple
- With a 25.3% share, PUAs represent a quarter of ‘executable’ threats to Macs
- 8% of PUA detections on Macs are crypto miners and 1% are jailbreak utilities
- Trojans designed to exploit unpatched vulnerabilities present a real danger to users who typically postpone installing the latest security patches from Apple
- Threats designed to infect Macs typically require victims to manually run an executable
- Threat actors put effort into making malware packages look and feel like legitimate applications
Data gathered annually by Bitdefender shows that Mac users are mainly targeted by three key threats: Trojans, Adware and Potentially Unwanted Applications (PUAs). While named differently, these hazards share one trait: they require victims to manually run the threat, meaning their authors try hard to make their malware look like legitimate applications.
Trojans
Just like the years prior, Trojans remain the biggest single threat to Macs, accounting for more than half of the threats detected. Threat actors use every trick in the book to infect systems, including socially engineered communications (e.g., spam, phishing, social media); rigged advertisements (malvertising); and tainted file downloads via torrent or warez websites.
Most Trojan families listed in the report are household names in the macOS threat landscape. While some can be considered legacy malware, threat actors still use them, with some degree of success, as many users don’t configure proper security settings and/or deploy a dedicated security solution.
Potentially Unwanted Applications (PUAs)
PUAs occupy the second spot, with more than a quarter of detections. Walking the thin line between nuisance and threat, PUAs are commonly found as freeware, repackaged applications or utility apps (i.e., system cleaners) with hidden functionality like data tracking and coin mining.
Some PUAs hijack the user’s browser, changing the default search engine and installing plugins without consent. Highly aggressive PUAs can modify third-party apps, download additional (unsolicited) software, and alter system settings. With a 25.3 per cent share, PUAs represent a quarter of ‘executable’ threats to Macs.
Even with Apple keeping close tabs on the ecosystem, developers have flooded the market with ‘shady’ apps, some persuasive enough to get users to disable restrictions and run apps from any source. While most PUA detections are generic in nature, common names still crop up in Bitdefender’s telemetry.
Adware
Adware follows closely, at just over a fifth of threats targeting Mac computers. Adware enables developers to make money out of advertising other products, sometimes in an aggressive way and with spyware-like behaviour. Adware accounts for more than a fifth of threats targeting Macs. Like most file-based threats, adware ends up on computers after users wilfully run freeware programs, fake installers, software downloaded from torrents and wares sites, pirated programs, malicious links, malvertising, and others.
Report Conclusion
“It’s true that Apple’s ecosystem – often touted as a walled garden safe from malware – enjoys a narrower range of threats than Microsoft’s or Google’s ecosystems. However, our research shows that this apparent safety net isn’t impenetrable. In fact, this false sense of protection often means malware tailored to infect Macs is better suited to its goals. Threat actors have less attack surface to exploit, so they are forced to optimise their techniques and procedures to ensure better success.
“In recent years, Apple has issued a multitude of security patches to address critical weaknesses that were said to be ‘actively exploited’ by threat actors. Many of those flaws were found in key components shared by both Macs and iPhones. Many (if not most) users procrastinate updating software and deploying security fixes. And statistics show that the vast majority of Mac owners use older generations of macOS.
“Bitdefender recommends that Mac users stay up to date with the latest OS version and always apply the newest security patches. Equally important, never download software from unofficial sources, like torrents and warez sites. These hubs harbour most of the threats discussed in this report. Our findings send a clear signal that Mac users are becoming more vulnerable to online threats, making it important to deploy a dedicated security solution to keep watch over any potential malicious activity.”
You can read the full report here.
