Apple Malware is On the Rise: How to Combat It on Your Mac?

Iam Waqas

By Iam Waqas . 23 April 2023

Cybersecurity specialist

Miklos Zoltan

Fact-Checked this

Apple users live under the notion that their device is secure from malware attacks. It is primarily because the band markets itself as one of the most secure devices and has often even called its products virus-free.

This ultimately explains the healthy debate and contemplation on whether Apple users need anti-malware protection or not.

However, recent developments within the cyber threat landscape paint a completely different picture regarding Apple devices, targeting Mac in particular.

2020 alone has been particularly rough, and various studies such as the one conducted by AV-Test reveal how Mac faced an increase of more than 670,000 malware within the year.

The situation does seem particularly dire since even Apple now acknowledges how Malware is increasingly becoming a problem for Mac.

That leaves little room to question whether your Mac is prone to a malware infection or not. However, this situation does bring about a hoard of several different, frantic queries.

Summary: In this guide I delved into the growing concern of malware attacks targeting Apple’s Mac devices.

Despite the popular belief that Macs are immune to malware, recent events have proven otherwise. In 2020, Mac faced over 670,000 new malware threats.

Examples of prevalent malware attacks targeting Macs include XLoader, Silver Sparrow, Xcode Spy, OSX/CrescentCore, and Watering Hole Vulnerability.

Mac users can detect malware infections by observing unusual device behavior, such as slower performance or unrequested browser changes.

To combat Mac malware, users should disconnect from the internet, enable Safe Mode, monitor suspicious activity, and run an anti-malware scan.

Apple Malware

How Bad is Apple's Mac Malware Situation?

While putting things most straightforwardly, the Mac malware situation is nothing less than worse.

Mac devices that have long since been labeled as “malware-free” are now heavily under the scrutiny of several threat actors and are unfortunately facing a rising influx of malware attacks.

Various security researchers have long since been continually pointing out flaws, such as the independent researcher and owner of the book “The Art of Mac Malware” Patrick Wardle.

According to Wardle, Apple’s marketing claims that “Macs don’t get malware” has been nothing less than downright dishonesty on the tech giant’s part.

Although the majority does not realize this just now, Mac has never been immune to Malware. The better way to frame the situation is that for a very long time, despite its growing popularity, Mac was not one of the most common devices to use.

In contrast, Windows PC and Android devices have been widespread, explaining how these devices have been subjected to several malware attacks.

Since Windows PC dominates the market share, they have been subjected to more malware attacks. Similar is the case now with Mac.

With the steady increase in the device’s popularity, it is somewhat understandable how it falls victim to malware attacks. And what makes things notably worse is the widespread belief that Macs don’t need antivirus protection.

Even though there have been several antivirus protection methods available for Mac, many people consider them useless. With many vulnerable devices present, threat actors have a sufficiently fertile area to sow malicious roots within Macs.

Some of the prevalent malware attacks targeting Macs are as follows:


Previously a Windows malware, the notorious XLoader is infecting macOS, as discovered by CheckPoint security researchers.

This XLoader malware is a relatively new variant of the formerly notorious Formbook malicious software used to steal login credentials, record keystrokes, and download and execute files within the victim device.

Silver Sparrow

The security firm Red Canary came across this Silver Sparrow malware within Mac running on the M1 processor. The Malware exploits the macOS Installer Javascript API to execute commands.

The activity cluster was a large-scale spread infecting Macs through malicious advertisements or seemingly legitimate Adobe Flash Player updates.

Xcode Spy

The Xcode SPy is a particularly sneaky trojan hidden within GitHub files found to infect Mac devices potentially.

Once embedded within the system, the Malware installs an “EggShell backdoor,” which opens Mac microphones and cameras and hijacks the keyboard to send files to the threat actor.


This notorious mac malware was found on several websites disguised as a DMG of the Adobe Flash Player installer. Before running its malicious scripts, the Malware scanned the device for any antivirus tools.

Once it confirmed that the device was vulnerable, the malicious software installed a file called LunchAgent, a Safari extension, or an Advanced Mac Cleaner app.

Watering Hole Vulnerability

Google’s Threat Analysis Group (TAG) has recently encountered a zero-day flaw in macOS used to spy on its users. The malicious watering hole attacks spread through selected websites to compromise visitors, mainly targeting Mac and iPhone users.

The watering hole exploited the already present XNU privilege escalation vulnerability to install a backdoor and gave them root access within the device.

The Malware then was used to spy on the target through device fingerprints, Screen capture, file downloads, and uploads, along with executing terminal commands.

How to Detect a Malware Infection on Mac?

Admittedly, malware infections can be sneaky and can live within your system without you having a single clue about their presence. However, with a few telltale signs, you can detect if Malware infects your Mac or not, such as:

  • Your device will get slower than usual. As the Malware runs in the background, it hogs up device speeds, and you notice a significant lag.
  • You might notice a new homepage or extension that you haven’t added yourself when you open the browser. It is a sign that some third-party malicious sites hijack your browser.
  • One definite sign is that you might not access files on your Mac and instead come across ransoms, fines, or warning notes. This is a sign of ransomware or a Trojan horse.
  • A classical indication of adware, if you have such infection within your Mac, you will be bombarded with ads that exploit your privacy and are plain annoying.
  • In case of a scareware infection, you might receive security alerts without scanning your Mac, compelling you to download more Malware within your device.

If you are someone who has come across any of such telltale signs within your Mac, then it is about time that you start recovering your device. While malware infections are scary, fortunately, there are ways to combat them.

How to Combat Mac Malware?

Combating Mac malware is somewhat of an easy process. By following these simple steps, you can quite easily get rid of Malware within your Mac:

Step 1: Disable internet connection within your device

Malware software functions by communicating to a Malware server. Therefore, if you are suspicious that Malware is infecting your Mac, it is best to remain offline and prevent further infections.

Step 2: Enable Safe Mode

The built-in Mac safe mode ensures that your Mac runs on minimal load and launches only the necessary software for the boot process.

While launching the Safe Mode, the OS also blocks any additional software trying to run in the background, stopping the virus from running if it is designed to boot automatically.

With the Malware disabled from the background, you might find it easy to remove it. You can enter the safe mode by:

  • Fire up your Mac and immediately press and hold the Shift key
  • Release the key as soon as you see the login windows

Even within the safe mode, make sure not to login into accounts or reveal any other sensitive information until you are sure you have gotten rid of the Malware.

Step 3: look into the activity monitor for suspicious activity.

Since Malware runs in the background, it overloads your CPU and unnecessarily slows it down. You can, however, check your activity monitor for any suspicious heavy apps hogging up your CPU. You can open your activity monitor in the following method:

  • Press Cmd + Space
  • Start typing “Activity Monitor in the search field
  • Click on Activity Monitor

If you find any suspicious applications within your Mac hogging your SPU, you can close it through the monitor and delete them through the Finder menu.

Step 4: Run an antimalware scan

Antimalware and antivirus software is your best friend against such malicious activity. In case of malware infection, you can easily install antimalware software within your Mac and run a scan. The software will run a complete scan and remove any signs of Malware within your device.

Final Words

Malware is sneaky and dangerous; at times, it can expose you to dire threats that might even render your device completely useless for future use.

This Malware is also a threat to your privacy and security, which is why it’s best to remain secure and practice cyber hygiene.

An excellent way to start is to have your choice of antimalware protecting your device at all times, steering clear of suspicious websites, and downloading files only from reputable sources.

Leave a Comment