Is Mac malware really outpacing Windows malware?

Earlier this month, security researchers at Malwarebytes released a bombshell report which claimed that Mac malware threats were outpacing Windows threats for the first time ever. The report analyzed data taken from a variety of sources, including telemetry from the actual Mac and Windows machines of home and enterprise users. The core findings were remarkable, to say the least: a 400% year-over-year increase in Mac-specific threats and an eyebrow-raising 2:1 threat to endpoint ratio when comparing macOS and Windows platforms.

In this short article, we’ll take a closer look at the state of Mac malware, letting you know how the changing threat landscape affects you — and telling you what you can do to stay safe.

Why the increase?

Although the researchers themselves note in their report that the 400% jump in macOS malware may be attributable, in part, to growth in the Mac segment of their own userbase, the basic observation that Mac malware is increasing exponentially — and outstripping malware on the Windows side — appears to be sound. 

So what lies behind the sharp spike in Mac malware?

One explanation is that Macs themselves are simply becoming more prevalent, both among home users and in the enterprise, and are thus a more attractive (and lucrative) target for malicious actors than ever before. 

In terms of hard numbers, macOS gained around 5% of the desktop OS market share in 2019. Mac deployments in enterprise are on the rise, and with support for Windows 7 discontinued at the start of 2020, the platform has a new opportunity for continued growth.

As Mac security expert Patrick Wardle noted in an interview last year, “As Macs become more prevalent and pervasive across the enterprise and in the end user space, hackers are going to target them more and more. We’re seeing that already”.

Mac malware is different

It would be incorrect, however, to suggest that there is an apples to apples comparison (no pun intended) when talking about the prevalence of malware affecting macOS and Windows operating systems — a fact which the report’s authors specifically point out. 

This is because the majority of malware threats affecting macOS fall into the category of adware and Potentially Unwanted Programs (PUPs), which aren’t generally considered as dangerous as things like the Trojans and backdoors more common on Windows systems.

So is it just hype?

If the surge in Mac malware is largely an issue of adware and PUPs, does this mean that the danger to Mac users has been exaggerated?

In a word, no. While certain news outlets pounce on stories like this and run them with dramatic headlines to generate clicks, the research was done in a balanced way, and highlights several legitimate threats and trends affecting Mac users.

For one thing, it highlights the wider problem caused by the general public’s lack of awareness of macOS threats (and how to spot them). Far too many people still assume that Macs are somehow immune to infection by malware of any kind — and many casual users lack the know-how to detect threats that could be avoided with a modicum of caution. Case in point: Another recent study found that almost 10% of all Macs were infected by Shlayer malware in 2019. The malware is most frequently delivered by bogus Flash installers and needs users to follow a non-standard installation procedure — meaning that millions of people failed to see anything suspicious about strange websites asking them to update an obsolete technology like Flash in a weird way. In this context, a rise in Mac malware will likely impact large numbers of users, and disproportionately affect those least able to deal with these new threats.

Secondly, it’s worth noting that while adware and PUPs are considered “less dangerous” than other forms of malware, they’re much more than just simple annoyances. As Thomas Reed, one of the researchers behind the report, remarked:

“Adware and PUPs are not harmless. They engage in scams, intercept network traffic, exfiltrate sensitive user data (like browser history), and open all kinds of security holes that could be taken advantage of by more malicious software”.

In addition to security and privacy threats, these programs also degrade a Mac user’s experience and can lead to system slowdowns. 

Finally, while last year’s increase in macOS malware was mostly confined to lower-risk malware variants, the general trend of bad actors creating macOS malware means that worse threats are likely on the way. We’ve already seen ransomware, remote access backdoors, and nation-state malware aimed at macOS. Mac malware is also getting more sophisticated, with examples of malware employing advanced tactics like fileless attacks and code obfuscation seen in the wild. There’s no reason to think that these more serious dangers won’t be part of the future threat landscape. 

How to stay safe

With Mac malware becoming more prevalent each year, there is definitely cause for concern — but not panic. The good news is that it’s still fairly straightforward to keep yourself safe on a macOS machine, as long as you take a few basic precautions:

1. 1

   Follow best practices

   Most Mac malware makes its way onto a user’s system after a serious security lapse. If you’re following basic best practices for cybersecurity, though, you should have little to worry about.

   Enable automatic updates for macOS and all applications to make sure any vulnerabilities are patched. Don’t click on links in unsolicited emails or on shady websites. Only download apps from the Mac App Store or from a third-party developer you know and trust.

2. 2

   Keep up to speed

   The security landscape changes rapidly, with new threats emerging all the time and malicious actors doing their best to keep one step ahead of the information security community.

   That’s why it’s important to take steps to stay aware of news and alerts related to privacy and security issues. Take a moment to read computer security news a few times a week, follow a couple of relevant Twitter accounts, or listen to a cybersecurity podcast like our very own Checklist.

3. 3

   Install a malware detection tool

   Apple’s native security tools for macOS are very good, but they don’t catch everything — which is why a third-party malware detection and removal tool is recommended.

The most important thing to remember is that this kind of software can only protect you if a.) it’s regularly updated to include the latest malware definitions and b.) you actually use it to run routine system scans. So once you’ve found a reliable tool that you like, make sure to set it up to receive automatic updates and then schedule regular scans to keep your Mac safe.