Malware on Mac is still a small threat — but growing

Macs are anecdotally considered to be a safer computing platform than Windows and Android, in part due to how Apple handles applications and security. In a report by Malwarebytes into malware threats that were detected by users in 2020, it seems that the point is justified.

According to the report, the number of detected threats by Mac users dropped overall from over 120 million in 2019 to over 75 million in 2020, representing a 38% reduction year-on-year. Consumer detections made up the lion's share of what was observed and had dropped 40% annually, while detections by business users grew 31% over the same timeframe.

By comparison, Windows users of Malwarebytes detected threats 111 million times in 2020. This too is a reduction from over 125 million in 2019, representing a drop of 12%.

While the millions of detections sounds scary, only a very small proportion of Mac detections are for malware. For US Mac users, malware represented just 1 percent of the total, rising to less than 5 percent in countries like Australia, the UK, and Canada.

Bigger percentages of malware were detected more often in countries including South Korea (18.1%), the Ukraine (16.3%,) and Norway (15%.)

The vast majority of the threat detections stemmed from "Potentially Unwanted Programs" (PUPs) and adware, though there were no discernible patterns. Overall, PUPs made up more than 76% of Mac detections in 2020, with Adware making up about 22%.

Malware only made up 1.5% of total Mac detections. While small, Malwarebytes claims malware detections on Mac grew by more than 61% in 2020.

The majority of these detections were deemed to be "suspicious behaviors," such as attempts to run obfuscated Python or a shell code as a persistent process. This occurred in over 80% of detections.

Second place was the OSX.FakeFileOpener, a series of malicious apps that hijacks macOS' system to determine which app should open a file.

Third place, OSX.ThiefQuest or EvilQuest, was interesting for Malwarebytes, as it spread through seemingly legitimate installers found on software piracy repositories. Once installed, the malware would start encrypting files and work like ransomware, but in reality it was a data exfiltration scheme.