The Apple macOS Blog

macOS Malware Trends in 2024: comprehensive analysis

Published: 31st of December, 2024 at 07:14pm (AEST)
Updated: 03rd of January, 2025

Authored by Simeon
Charlie Simeon
Your friendly Mac guide & technician

macOS malware trends image

macOS Malware Trends in 2024

In 2024 the threat landscape of macOS has seen some concerning shifts. New threats are emerging and familiar threats are evolving. This report provides valuable insights into the macOS malware we observed throughout the year.

Top 10 macOS Malware Infections in 2024

  1. PUP.MacKeeper
  2. Adware.Pirrit
  3. Trojan.SpyAgent
  4. Adware.AdLoad
  5. PUP.Generic-ZH2: our catch-all term for potentially unwanted or misleading apps of Chinese origin
  6. PUP.Generic (ditto, except all other origins)
  7. Adware.Genieo
  8. Adware.Generic: generic adware also includes browser extensions that display ads, popups or manipulate search results.
  9. PUP.AdvancedMacCleaner
  10. PUP.MacBooster

This list shows a trend in the proliferation of Potentially Unwanted Programs (PUPs) and adware on macOS systems. The continued presence of Trojan.SpyAgent in the third position is of particular concern. Malicious actors continue to target Mac users' personal information.


Geographic Distribution of Infected Macs

macOS malware map image

Our analysis revealed that Mac infections were most prevalent in the following countries:

  1. United States
  2. United Kingdom
  3. South Korea
  4. Jamaica
  5. Malaysia
  6. Spain
  7. Greece
  8. Australia
  9. Portugal
  10. Saudi Arabia


Potentially Problematic Code Attributes

A pie chart showing the distribution of potentially problematic code attribute

Our heuristic analysis of both malware and non-malware samples uncovered several concerning code attributes:

  1. Analytics capabilities (11.5%)
  2. Screenshot capture (11.05%)
  3. System-wide keystroke logging (9.39%)
  4. Email mailbox access (4.97%)
  5. Browser bookmark reading (4.23%)
  6. Static private system information access, for example hardware serial numbers (3.33%)
  7. iMessage reading capability (0.51%)
  8. Invalid code-signing signatures (0.5%)
  9. Modified/patched binaries (0.35%)

These findings highlight the diverse range of privacy and security risks posed by modern macOS applications. While there are legitimate uses for most of these capabilites, it is concerning to see apps containing code capable of capturing screenshots and logging keystrokes. Misuse of these capabilities could lead to severe breaches of user privacy and data theft.


The Threat Landscape

Data anonymously collected by Spyware Doctor cloud paints a picture of the current macOS threat landscape. The prevalence of PUPs and adware suggests that many users are unknowingly installing software that compromises their system's performance & privacy. The prevalance of threats like Trojan.SpyAgent indicates cybercriminals are targeting Mac users with malware capable of stealing sensitive information.


Protect Your Mac

Always exercise caution before installing new apps.Your first line of defense is cautious behavior. Follow these tips to keep your Mac secure:

  • Only download and install software from the App Store or directly from verified developers.
  • Do not disable macOS's built-in security features like gatekeeper.
  • Keep the OS up-to-date by running 'System Preferences' → 'Software Update'. Always run the latest versions from Apple as they regularly patch security vulnerabilities.
  • Be skeptical. If some app sounds too good to be true, it probably is.
  • It is good practice to scan apps before launching them for the first time, for example with Spyware Doctor.


Conclusion

Not even macOS is immune to cyber threats. As malware tactics evolve, Mac users need to stay informed and protected. Follow our advice above for a robust defense against these and other emerging threats.

Happy new year!

— Charlie

 

Share this article:

Facebook share button Twitter/X share button

Comments

Charlie says:
2025-01-03 19:37:07
Bradley, patched binaries are usually cracked mac apps. They are a fairly common infection vector.
Bradley says:
2025-01-03 17:45:41
What do you mean by modified/patched binaries?
Rudy says:
2025-01-02 20:45:34
Jamaica has the 4th most infected Macs? Who would've thunk it...
Charlie says:
2025-01-02 18:51:52
Hi Simone thanks for your comment.

Notice how PUP.Generic-ZH2 is at #4 and PUP.Generic is at #5?

This means we detected more PUP.Generic-ZH2 than PUPs from all other origins combined.

That is the only reason why it warrants it's own designation.
Simone says:
2025-01-02 18:46:11
Why single out a whole country with a PUP.Generic-ZH2 classification?
bobby says:
2025-01-02 18:09:42
Geez MacKeeper still around?



Leave a comment

Please enter your name.
Please enter a valid email address.
Please enter your comment.

Your email is for verification only and will not be published. Comments are your own responsibility.




Recent articles:
Understanding Relocated Items on a Mac: What They Are and How to Handle ThemHow to Save Battery on Your Mac: 7 Simple TipsHow to Fix Common Mac Startup ProblemsMacBook Wi-Fi Connection TroubleshootingSpeeding Up Your Mac: Chrome and BeyondApple Silicon Performance GuideHow to Fix MacBook USB Accessories Disabled ErrorsHow to Clean Your Mac Keyboard Like a ProHow to Manage System Data on Your iPhone: A Friendly GuideHow to Run .exe Files on your MacTop 40 Most Uninstalled Mac Apps of 2024How to Securely Erase Your Mac's Hard Drive: A Friendly GuideMac running slow? How to speed up a slow MacAll blog articles

iBoostUp icon

iBoostUp

Reclaim gigabytes of space and protect your Mac against malware.
iBoostUp is the #1 utility to keep your Mac happy and good as new.
Created by security experts. Made in Australia. Established 2009.

Download FREE!
macOS 10.11+, Sequoia supported.