Malwarebytes is out with a new report in which it states that Mac malware is growing faster than that for Windows.
That’s getting a lot of headlines today, but there are three key things that need to be understood…
For the first time ever, Macs outpaced Windows PCs in number of threats detected per endpoint […]
In total, we saw approximately 24 million Windows adware detections and 30 million Mac detections.
Most Mac malware is more nuisance than danger
First, Macs are not generally vulnerable to what we traditionally classify as malware: that is, code which can do nasty things like delete files, or encrypt your drive for a ransomware attack. Apple’s protections against this type of attack are extremely strong.
Macs are mostly only vulnerable to so-called adware. This does things like redirect searches or load tabs automatically to earn ad revenue for the attacker.
This is something Malwarebytes itself acknowledges when you get into the detail.
Mac malware is growing mostly due to one app
Until last year, the top two Mac adware apps had detected installations numbered in the low hundreds of thousands. In 2019, however, one new piece of adware was detected 30 million times! That’s your dramatic growth right there: one app.
Among the top 10 Mac threats (for both consumers and businesses) are a mix of PUPs and adware. The PUPs are a variety of mostly “cleaning” apps that have been determined as unwanted not just by Malwarebytes, but by the Mac user community at large, [two of the best-known examples being] MacKeeper and MacBooster.
You have to install Mac malware yourself!
Third, and most crucially of all, Mac malware is not a virus. These are not apps that can spread from machine to machine, installing themselves. macOS doesn’t allow unsigned apps to be installed without user permission.
NewTab apps are often spread through fake flight or package tracking pages, fake maps, or fake directions pages. In one early example, a fake package tracking page would accept any number entered, and regardless of the number, clicking the Track button would download a “PackagesTracker” app, with some instructions on how to open it. The app did not actually provide any tracking functionality.
The way Mac malware gets installed is by fooling users into doing it. In the case of what Malwarebytes calls PUPS – potentially unwanted programs – and what I would call scamware, this is by advertising junk apps as if they do something useful. Naive users are tricked into installing them and sometimes even paying for them. MacKeeper is perhaps the best-known example of scamware.
Much adware is installed via sketchy browser extensions. These then hijack the browser to generate traffic for websites that pay the adware companies to receive it.
That’s not to say the risk of other types of malware is zero. Sketchy apps do occasionally make it through App Store review (iPhone apps in that case), and some have eluded Gatekeeper. But the risks are incredibly low.
It’s easy to protect yourself
You can protect yourself by only ever installing apps from the Mac App Store, or from trusted developers, and only installing browser extensions recommended by trustworthy sources.
If you think you may have been careless regarding app security in the past, we do recommend Malwarebytes as a scanner and cleaner tool. In most cases, however, the free version is all you need. The premium versions continue to monitor and block malware, but if you follow the advice above, that’s not something you’re ever going to need.
