MacOS now provides lucrative new target for cybercriminals

• Threat actors have attempted to develop ransomware strains capable of affecting Apple devices.
• Report reveals over 40 threat actors are actively engaged in targeting macOS, with more than 20 actively seeking to acquire malware specifically designed for the platform, including both the purchase of pre-existing malware and the commissioning of new malware development.

The increasing adoption of Apple’s macOS devices, particularly within the small and medium-sized enterprise (SME) sector, has caught the attention of cybercriminals.

A report by cyber threat intelligence company Intel 471 highlights a concerning trend: a significant rise in threat actors targeting macOS users and seeking to exploit vulnerabilities in the Apple ecosystem.

The growing interest in macOS is fueled by several factors. Firstly, the platform’s rising market share provides a lucrative new target for cybercriminals, who are constantly seeking new avenues for financial gain.

Secondly, the perceived security of macOS, often considered more secure than Windows, creates a false sense of safety among users, making them more vulnerable to attacks.

Immediate threat

The perception is further reinforced by the relatively smaller amount of macOS-specific malware compared to Windows, which can make it seem like an easier target.

The report reveals that over 40 threat actors are actively engaged in targeting macOS, with more than 20 actively seeking to acquire malware specifically designed for the platform, including both the purchase of pre-existing malware and the commissioning of new malware development.

The focus on infostealers, which steal sensitive data like login credentials, session cookies, and credit card information, highlights the immediate threat to individual users and businesses alike.

The trend is further supported by independent research. Patrick Wardle, a renowned security researcher, observed a doubling of new macOS malware in 2023 compared to the previous year. Similarly, Group-IB, a cybersecurity firm, reported a fivefold increase in underground sales related to macOS infostealers.

Exploring avenues

The example of “Callisto,” a threat actor actively seeking to develop a macOS stealer with RedLine functionality, demonstrates the evolving nature of these threats. RedLine, known for its ability to harvest sensitive information from browsers, highlights the potential for sophisticated and damaging malware to infiltrate the macOS ecosystem.

Beyond infostealers, the report also mentions the growing presence of ransomware and Remote Access Trojans (RATs) on macOS, accounting for about 15 per cent of the total malware targeting the platform, suggesting that threat actors are increasingly exploring avenues to exploit macOS users for financial gain beyond data theft.

While the overall market share of macOS still lags behind Windows, which serves as a major deterrent for cybercriminals due to the sheer volume of users and potential targets, this situation may change rapidly.

Intel 471 warns that the rising market share of macOS represents a significant opportunity for threat actors to capitalise on the lack of competition, potentially establishing a foothold in a relatively “uncharted” territory.

Proactive security measures

In the short term, infostealers and RATs are expected to remain the most prevalent threats to macOS users. However, the increasing presence of ransomware and other malware families suggests a growing sophistication and diversification of threats.

The trend, coupled with the increasing number of threat actors targeting macOS, calls for heightened vigilance and proactive security measures.

The report concludes with a stark warning: despite the perceived security of Apple products, macOS users should remain vigilant against various threats.

The growing sophistication of malware and the increasing number of threat actors seeking to exploit vulnerabilities in the macOS ecosystem underscore the need for robust security measures, including the use of reputable antivirus software, regular software updates, and strong passwords.