The macOS operating system is under increasing threat from cybercriminals, according to a new report from Intel471. Threat actors are developing specific malware for macOS or utilizing cross-platform languages to target macOS computers. Additionally, there has been a surge in the exploitation of macOS vulnerabilities, posing risks for both cybercrime and cyberespionage.
## More Malware Than Ever on macOS
Between January 2023 and July 2024, over 40 threat actors have been observed targeting macOS systems with various types of malware, with infostealers and trojans being the most prevalent. Infostealers, such as Atomic Stealer, are designed to steal credentials and cryptocurrency wallet data from macOS devices. Cybersecurity companies have reported a significant rise in underground sales related to macOS infostealers, highlighting the increasing threat landscape.
### Infostealers
Infostealers, like ShadowVault and Quark Lab, are increasingly targeting macOS to steal sensitive data. These malware tools are used by cybercriminals to extract login credentials, session cookies, credit card information, and more. They pose a significant risk to individuals and companies, as they are often used to gather valuable information for illicit activities.
### Trojans
Remote access trojans like RustDoor, developed in RUST, provide cybercriminals with versatile functionalities for executing remote commands, manipulating files, adding payloads, and collecting system information. The use of Rust as a cross-platform language enables the easy porting of malicious code to macOS systems, enhancing the capabilities of trojans for cybercrime and cyberespionage.
### Ransomware
The emergence of macOS ransomware, including variants like LockBit and Turtle, further raises concerns for Apple users. These ransomware strains target macOS devices, including those running on Apple Silicon, showcasing threat actors’ endeavors to compromise macOS systems using sophisticated encryption techniques.
## Vulnerabilities Exploited
The exploitation of macOS vulnerabilities has surged, with a notable increase in incidents reported by patch management software companies like Action1. Intel471 identified 69 vulnerabilities impacting multiple macOS versions, some of which have been leveraged by cyberespionage threat actors to deploy spyware and other malicious tools.
State-sponsored threat actors are a significant concern, with groups like BlueNoroff, APT28, APT29, and APT32 developing macOS-specific malware to target financial institutions, individuals holding cryptocurrency assets, and organizations. These threat actors employ sophisticated tactics to infiltrate macOS systems and steal valuable data, posing a severe threat to cybersecurity.
## How to Guard Against This Threat
To mitigate the risks posed by macOS-targeted malware and vulnerabilities, it is crucial to keep macOS systems up to date with the latest security patches. Deploying robust security software to detect and prevent malware attacks is essential. Additionally, employing email security solutions to thwart phishing attempts and providing comprehensive training for employees to recognize social engineering tactics are vital steps in safeguarding against cybersecurity threats.
For more information on macOS security and threat prevention, visit [Trend Micro](https://www.trendmicro.com).
*Disclosure: The views expressed in this article are personal and do not represent Trend Micro.*