macOS malware includes
viruses
A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea.
Since Dmitri Ivanovsky's ...
,
trojan horses
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
,
worms Worms may refer to:
*Worm, an invertebrate animal with a tube-like body and no limbs
Places
*Worms, Germany
Worms () is a city in Rhineland-Palatinate, Germany, situated on the Upper Rhine about south-southwest of Frankfurt am Main. It had ...
and other types of
malware that affect
macOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
,
Apple
An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, where its wild ancestor, ' ...
's current
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also i ...
for
Macintosh
The Mac (known as Macintosh until 1999) is a family of personal computers designed and marketed by Apple Inc. Macs are known for their ease of use and minimalist designs, and are popular among students, creative professionals, and software en ...
computers. macOS (previously Mac OS X and OS X) is said to rarely suffer malware or virus attacks,
[ and has been considered less vulnerable than ]Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ser ...
.[ There is a frequent release of system software updates to resolve vulnerabilities. Utilities are also available to find and remove malware.]
History
Early examples of macOS malware include MP3Concept (discovered 2004, a benign proof of concept for a trojan horse), Leap (discovered in 2006, also known as Oompa-Loompa) and RSPlug
The RSPlug Trojan horse, a form of DNSChanger, is malware targeting the Mac OS X operating system. The first incarnation of the trojan, OSX.RSPlug.A, was discovered on October 30, 2007 by Mac security researchers at Intego.
Variants
Several varia ...
(discovered in 2007).
An application called MacSweeper (2009) misled users about malware threats in order to take their credit card details.
The trojan MacDefender (2011) used a similar tactic, combined with displaying popups.
In 2012, a worm
Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always).
Worms vary in size from microscopic to over in length for marine polychaete wo ...
known as Flashback appeared. Initially, it infected computers through fake Adobe Flash Player
Adobe Flash Player (known in Internet Explorer, Firefox, and Google Chrome as Shockwave Flash) is computer software for viewing multimedia contents, executing rich Internet applications, and streaming audio and video content created on the ...
install prompts, but it later exploited a vulnerability in Java
Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mos ...
to install itself without user intervention. The malware forced Oracle and Apple to release bug fixes for Java to remove the vulnerability.
Bit9 and Carbon Black
Carbon black (subtypes are acetylene black, channel black, furnace black, lamp black and thermal black) is a material produced by the incomplete combustion of coal and coal tar, vegetable matter, or petroleum products, including fuel oil, fluid ...
reported at the end of 2015 that Mac malware had been more prolific that year than ever before, including:Angry Birds
''Angry Birds'' is a Finnish action-based media franchise created by Rovio Entertainment. The game series focuses on the eponymous flock of angry birds who try to save their eggs from green-colored pigs. Inspired by the game ''Crush the Castl ...
applications
A trojan known as Keydnap first appeared in 2016, which placed a backdoor on victims' computers.
Adware is also a problem on the Mac, with software like Genieo, which was released in 2009, inserting ads into webpages and changing users' homepage and search engine.
Malware has also been spread on Macs through Microsoft Word
Microsoft Word is a word processor, word processing software developed by Microsoft. It was first released on October 25, 1983, under the name ''Multi-Tool Word'' for Xenix systems. Subsequent versions were later written for several other pla ...
macros.
MacOS, known for its robust security, has faced evolving challenges regarding malware over time. In the early years, macOS remained relatively immune compared to other operating systems due to its Unix-based architecture and lower market share. However, as its popularity grew, so did the interest of cybercriminals. In 2006, the first significant macOS malware, the Leap-A (also known as Oompa-Loompa) worm, emerged, spreading through instant messaging. Subsequent years saw sporadic instances of malware targeting Macs, including fake antivirus software like MacDefender in 2011 and the Flashback trojan in 2012, which infected hundreds of thousands of Macs by exploiting vulnerabilities in Java. These events marked a shift, prompting Apple to enhance its security measures and introduce features like Gatekeeper, XProtect, and the App Store, aiming to protect users from potential threats in the evolving landscape of macOS malware.
macOS includes built-in security features designed to protect users from various threats, including ransomware attacks. Features such as Gatekeeper, which verifies the legitimacy of downloaded applications, and FileVault, which encrypts data on the hard drive, contribute to enhancing the overall security of the system. Additionally, Apple regularly releases security updates and patches to address vulnerabilities and known exploits that ransomware may target. However, while macOS incorporates robust security measures, no system is completely immune to evolving cyber threats. Users must practice caution by regularly updating their operating system, installing software only from trusted sources, and maintaining backups of their important data to mitigate the risk of falling victim to ransomware attacks.
Ransomware
In March 2016 Apple shut down the first ransomware attack targeted against Mac users, encrypting the users' confidential information. It was known as KeRanger KeRanger (also known as OSX.KeRanger.A) is a ransomware trojan horse targeting computers running macOS. Discovered on March 4, 2016, by Palo Alto Networks, it affected more than 7,000 Mac users.
KeRanger is remotely executed on the victim's comput ...
. After completing the encryption process, KeRanger demanded that victims pay one bitcoin (about at the time, about as of December 25, 2022) for the user to recover their credentials.
Mitigation
Gatekeeper
A gatekeeper is a person who controls access to something, for example via a city gate or bouncer, or more abstractly, controls who is granted access to a category or status. Gatekeepers assess who is "in or out", in the classic words of manage ...
is a built-in security feature of macOS meant to reduce malware execution by verifiying downloaded applications before they are launched for the first time.
MacOS 12.3 introduced XProtect Remediator,
References
Malware by platform
{{malware-stub