Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Mac malware jumps more than 60% in three months, massive uptick in adware

Last updated

The threat of malware has increased for Mac users in a short space of time, a report from Malwarebytes claims, with detected threats up by more than 60% from the fourth quarter of 2018 to the first quarter of 2019, and adware becoming more prevalent with an increase of over 200% for the same period.

The Cybercrime Tactics and Techniques report, a quarterly release from Malwarebytes, advises the number of overall threats against consumers are on the decline, with fewer instances of malware-based cryptomining and ransomware significantly reducing over the last quarter, and with an overall decline in the volume of malware detections in general. While consumers are seeing fewer threats, there has been an increase in attacks against infrastructure and business users, with bigger targets offering potentially larger rewards.

Though the volume of Mac-specific malware grew 62% from Q4 2018 into Q1 2019, adware's 201% growth was the biggest contributor to the overall increase in threats on macOS. The highest-ranked Mac malware was PCVARK, shifting the former top three of MacKeeper, MacBooster, and MplayerX down to second, third, and seventh place on the list, respectively. One adware family named NewTab jumped in usage, rising from 60th place to fourth overall.

Mac was also subjected to new types of attack methods in the quarter, including the use of open source code to create backdoors, cryptomining malware, and even the existence of Windows executables being discovered on the macOS desktop. For cryptocurrencies, while mining is down on Mac, theft from Bitcoin and Etherium wallets on the platform totaled an estimated $2.3 million, following criminals using a vulnerability in the wallets to create a trojan-laden version.

According to Malwarebytes, nefarious actors increasingly turn to open-source Python code to deliver their malware and adware packages. Starting with a backdoor called "Bella" in 2017, the use of open source code has increased and in 2018 included software like EvilOSX, EggShell, EmPyre and a Python reverse shell for Metasploit, the company said.

In addition to backdoors, malware and adware creators are showing an interest in Python-based program MITMProxy, which can be used in a man-in-the-middle attack to ferret out encrypted SSL and other data from monitored network traffic. The open-source XMRig cryptocurrency miner was also spotted in cryptomining malware over the trailing quarter.

The Malwarebytes report is based on data drawn from its business and consumer software products between Jan. 1 through March 31, 2019.

Looking ahead, Malwarebytes predicts SMBs to see a flood of new attacks, while the Asia-Pacific region will be forced to deal with a serious threat based on WannaCry or Backdoor.Vools. The development of ransomeware is expected to pick up this year, but attacks will likely be restricted to businesses as hackers save their most potent wares for high-yield targets.