Apple users are facing a significant increase in cyber-attacks, with infostealer malware campaigns targeting macOS devices surging by 101% in the last two quarters of 2024. Palo Alto Networks has reported this notable rise in attacks, which exploit the native AppleScript framework to steal sensitive user data. These attacks often use sophisticated social engineering tactics, tricking victims into entering their credentials or disabling security controls.
Malware variants like Atomic Stealer, Poseidon Stealer, and Cthulhu Stealer showcase the growing complexity of threats facing macOS users. Eric Schwake, director of cybersecurity strategy at Salt Security, emphasized the need for vigilance, stating, “Security teams must stay alert and take a proactive stance against these dangers, understanding that no operating system is completely safe from attacks.
To mitigate risks, Apple advises users to install software only from reliable sources and utilize the Privacy & Security settings to specify trusted sources for software installations on Macs. In 2024, security researcher Patrick Wardle observed 22 new macOS malware families, including stealers, backdoors, downloaders, and ransomware.
This number is similar to the previous year but significantly higher than earlier years.
Macos malware attacks surge exponentially
New macOS stealers like CloudChat, Poseidon, Cthulhu, BeaverTail, and PyStealer target cryptocurrency wallets, keys, and other browser data.
BeaverTail, used by North Korean hackers, steals data and deploys additional malicious payloads. The ransomware category saw the emergence of MacRansom, which encrypts victims’ files and has basic stealer functionality. Backdoors like SpectralBlur and Zuru, linked to North Korean and Chinese threat actors, enable complete control over infected macOS devices.
Malwarebytes highlights the growing threat of information stealers, which employ sophisticated techniques to acquire and monetize valuable information on infected machines, such as credit card details, passwords, and cryptocurrency data. Poseidon, for example, can steal cryptocurrency from over 160 different wallets and extract passwords from web browsers, password managers, file transfer apps, and VPN configurations. Looking ahead to 2025, AI agents are expected to play a substantial role in facilitating these attacks, potentially escalating them to an unprecedented scale.
To mitigate risks, Mac users should be vigilant about sourcing software from trusted sources like the Mac App Store or official developer websites.
