Security Bite: Most common macOS malware in 2024 so far

Arin Waichulis | May 19 2024 - 10:50 am PT

It is a long-standing misconception that Macs are impervious to malware. Unfortunately, this has never been the case. While Apple might hope people continue to overlook the severity, Mac users continue to be caught off guard by cybercriminals’ advanced attack methods. Below, you can find the most common macOS malware in 2024 so far…

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It’s increasingly clear 2024 could prove to be even more challenging year for Mac security. Looking back at 2023, at least 21 new Mac malware families were detected in the wild, a 50% increase year over year. Moreover, Patrick Wardle, founder of Objective-See, told Moonlock Labs that the number of new macOS malware specimens increased by about 100% in 2023 with no signs of a slow down.

Now, Phil Stokes, security researcher and blogger at leading cybersecurity firm Sentinal One, recently shared a ranking of the popularity of common macOS malware in 2024. From the chart below, ransomware, trojans, and backdoors continue to dominate.

What everyone needs on a Friday is…not a new malware discovery 🙉 😂 …but this year's top 🔟 most prevalent #macOS #malware so far! 🙌
Based on submissions to VT, this is what I'm seeing from Jan – May 2024. pic.twitter.com/NpTqrXTIYE
— Phil Stokes ⫍🐠⫎ (@philofishal) May 10, 2024

Atomic Stealer (AMOS) is a widespread infostealer malware discovered in early 2023. Once installed, it quietly targets iCloud Keychain passwords, a user’s system password, cookies, and credit card details from various browsers. It can also compromise crypto wallets, including Atomic, Binance, Exodus, Electrum, MetaMask, and more, as reported by my colleague Michael Potuck.

Phil Stokes’s Twitter/X thread links to deeper dives into each of the top 10. I highly encourage you to check that out!

Rising Mac malware attacks; what gives?

It’s no secret that malware specifically designed and made for Mac is growing exponentially, and Apple is aware. Last month, the company added 74 new Yara detection rules to macOS, the most I’ve ever seen. These help prevent malware from executing or spreading by checking for specific patterns that match known malware signatures or behaviors.

So, why is Mac machine becoming more targeted? Here’s what I’m gathering.

Macs are rising in popularity. Both for personal and business use. With this, it’s losing its strength in low numbers and becoming a more attractive target for cybercriminals.

Moreover, the rise in malware-as-a-service (MaaS) is also a big contributor. For the first time in the history of the Internet, any Joe Shmoe can download and launch different type of attacks aimed individuals and/or companies. MaaS platforms make it easier for attackers to target macOS users without needing programming knowledge. These are also scary inexpensive to carry out.

How to protect yourself in 2024

Keep your device up-to-date: Whether it’s an iPhone, Mac, or iPad, everyone should first keep macOS up-to-date with the latest security patch goodness. This will address known vulnerabilities that malware can exploit. Note: Apple will push new Yara rules automatically. More on that here.
Use antivirus software: This is important for scans and prevention. I recommend using Malwarebytes, which provides a free app for individuals that can detect and remove possible threats. Additionally, there’s Intego and CleanMyMac X, which now includes a malware removal tool powered by its MoonLock service.
Exercise caution when clicking: Email continues to be the most popular vertical for malware. Minimal effort for criminals, maximum success. 9% of phishing attacks were successful in 2023, up 1% in 2022, according to Jamf. As you know, exercise caution when clicking any links and opening attachments.
Enable firewall: Enabling your Mac’s firewall is the best way to prevent the acceptance of unauthorized applications and services. You should configure this accordingly.
Use strong (unique) passwords: Your name twice, followed by an exclamation, is not okay.
Enable disk encryption: On Mac, this is called FileVault and will encrypt all user data saved to disk on the fly. This will keep sensitive information safe in case your device is lost or stolen. According to Jamf’s report, this was disabled on 36% of client devices.
Limit user privileges: It is important to restrict user privileges to prevent unauthorized installation of software and to limit the potential impact of malware infections. See how to limit privileges on Mac here.