Mac malware is growing, but there are three important riders
For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]
In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.
That’s getting a lot of headlines today, but there are three key things that need to be understood…
Most Mac malware is more nuisance than danger
First, Macs are not generally vulnerable to what we traditionally classify as malware: that is, code which can do nasty things like delete files, or encrypt your drive for a ransomware attack. Apple’s protections against this type of attack are extremely strong.
Macs are mostly only vulnerable to so-called adware. This does things like redirect searches or load tabs automatically to earn ad revenue for the attacker.
This is something Malwarebytes itself acknowledges when you get into the detail.
Macs differ drastically from Windows in terms of the types of threats seen. Where we found several different categories and families in our top detections of Windows threats that classify as traditional malware , especially those aimed at businesses, most Mac threats, and certainly the most prevalent ones of 2019, are families of adware and potentially unwanted programs (PUPs) […]
Among the top 10 Mac threats (for both consumers and businesses) are a mix of PUPs and adware. The PUPs are a variety of mostly “cleaning” apps that have been determined as unwanted not just by Malwarebytes, but by the Mac user community at large, [two of the best-known examples being] MacKeeper and MacBooster.
Mac malware is growing mostly due to one app
Until last year, the top two Mac adware apps had detected installations numbered in the low hundreds of thousands. In 2019, however, one new piece of adware was detected 30 million times! That’s your dramatic growth right there: one app.
NewTab, at the top of the list, only appeared on the scene in December 2018, but rapidly rose to the top of our detections in 2019. NewTab is an adware family that attempts to redirect searches in the web browser for the purpose of earning illicit affiliate revenue, and it is mostly delivered in the form of apps with embedded Safari extensions.
NewTab apps are often spread through fake flight or package tracking pages, fake maps, or fake directions pages. In one early example, a fake package tracking page would accept any number entered, and regardless of the number, clicking the Track button would download a “PackagesTracker” app, with some instructions on how to open it. The app did not actually provide any tracking functionality.
You have to install Mac malware yourself!
Third, and most crucially of all, Mac malware is not a virus. These are not apps that can spread from machine to machine, installing themselves. macOS doesn’t allow unsigned apps to be installed without user permission.
The way Mac malware gets installed is by fooling users into doing it. In the case of what Malwarebytes calls PUPS – potentially unwanted programs – and what I would call scamware, this is by advertising junk apps as if they do something useful. Naive users are tricked into installing them and sometimes even paying for them. MacKeeper is perhaps the best-known example of scamware.
Much adware is installed via sketchy browser extensions. These then hijack the browser to generate traffic for websites that pay the adware companies to receive it.
That’s not to say the risk of other types of malware is zero. Sketchy apps do occasionally make it through App Store review (iPhone apps in that case), and some have eluded Gatekeeper. But the risks are incredibly low.
It’s easy to protect yourself
You can protect yourself by only ever installing apps from the Mac App Store, or from trusted developers, and only installing browser extensions recommended by trustworthy sources.
If you think you may have been careless regarding app security in the past, we do recommend Malwarebytes as a scanner and cleaner tool. In most cases, however, the free version is all you need. The premium versions continue to monitor and block malware, but if you follow the advice above, that’s not something you’re ever going to need.
FTC: We use income earning auto affiliate links. More.