Should You Worry About macOS Malware and Viruses?

It’s been a common myth for many years that Apple Macs don’t get viruses or malware, and the owners of such computers have no need to worry about such things. However, those myths are quite wrong. Apple Macs can get viruses, and you need to ensure you’re doing everything possible to stop them.

Around 2012, Apple featured a webpage that proclaimed, among many other things, that a Mac doesn’t get PC viruses; further adding that Macs aren’t susceptible to the thousands of viruses that plague Windows-based computers.

While, for the most part, that’s true, since a virus or malware designed for Windows won’t necessarily work on a non-Windows system, no system is 100% virus-safe. macOS users have previously enjoyed being reasonably virus and malware free thanks to the way the system was designed, and that Windows was the more dominant operating system on the market – which is why it’s usually always the first point of malware targeting.

Windows machines do still top the malware charts, however, Malwarebytes, a cybersecurity company, recently said that there was a 400 percent increase in Mac-designed threats in 2019 to 2020, and that within the coming years we could see such an increase on the Mac platform that will eventually outstrip Windows. But why?

Macs don’t get viruses!

Many security experts believe that the old slogan of macOS devices being virus-proof is still being bandied about by many users. This breeds a fertile environment for hackers and developers of malware to inject their code into the seemingly bulletproof Mac userbase.

It’s more common for a Windows user to install an anti-malware product, even if the user leaves the built-in Windows 10 Security tool installed and relies on the frequent updates from Microsoft. In fact, it’s thought that one of the first items of software installed on any Windows PC, after a fresh installation of Windows, is antivirus software. As for Mac owners, though? Again, security experts think that less than 15% of all Mac owners bother installing any security software at all. Which inevitably leaves their Mac computer open to some extremely nasty code.

Adware Rules

One of the biggest malware problems for Mac users are adware threats. Adware is basically an unwanted program that’s usually installed alongside a legitimate app, and will hijack your web browsing experience; pointing Safari to websites the user hasn’t requested, or even including pop-up adverts.

For the most part, adware isn’t dangerous, it’s more of a nuisance threat. But, it can quickly become dangerous. Most adware will display and push unwanted websites in your direction. These sites, or pop-up ads, can be for anything from third-party software to gardening equipment. However, from time to time they can be used to push political agendas, spread false news, and propagate fear. Leading on, they are also used to deliver a payload of pornographic material, from pharmaceutical enhancements to the more nasty kinds of content.

Ironically, one of the most popular forms of adware injection to macOS computers comes in the form of system optimisers and adware removal software. These products, once installed, will grind away at your system, looking like they’re busy detecting malware and organising your Mac so it’s faster. In reality, of course, they’re doing no such thing. And once they’re complete they’ll announce that they can remove any detected malware for a price. In most cases, they’re the ones that put the malware there in the first place.

Chiefly among the adware threats is a piece of code called NewTab. NewTab is advertised as a browser extension or application that pretends to be a tracker for packages or flights, but instead displays adverts. According to Mac experts, there were an estimated thirty million downloads of NewTab to macOS computers in 2019 alone. There are also many nefarious forms of Adobe Flash Players available for Mac users, that don’t have anything to do with Adobe and will instead install adware or even backdoor malware into your system.

Get Protected

While the modern macOS is a relatively secure and solid environment, there are always dangers lurking beyond the OS. The best advice any security expert can offer to a Mac user is to be wary of what you click on when browsing, double-check any software you’re planning on installing, be aware that your Mac isn’t invulnerable to malware, and install a reputable security solution.

The Most Common macOS Malware

While there are numerous instances of malware for macOS machines, there have been several popular cases that appear to have plagued Mac users over the last year or so. Here, then, is a rundown of some of the more renown malware available for the Mac.

It’s not all doom and gloom for the Mac user. By remaining vigilant, ensuring you have adequate security software in place, and watching where you visit and click on the internet, you should remain malware free for many years. But, as with anything connected to wider world, there exists a number of threats that can be injected into the Mac operating system.

We’ve put together some of the more popular miscreants of malware that may get their hooks into your Mac; consider it a Most Wanted of Mac Malware.


GravityRat is one of the nastier of the bunch, and after having ‘fun’ on the Windows platform, and even being used in attacks against the US military, it’s now found its way on to macOS.

Among it’s arsenal of nefarious tools, GravityRat is capable of uploading any Office files it finds, take hidden screenshots, and even record keystrokes. These it uploads to a specified, depending on which hacker group released the particular variant of the malware, server for the hackers to view at their leisure.

It works by bypassing the security Gatekeeper with stolen developer, legitimate, certificates, tricking the users into thinking they are installing clean software. Like any Trojan, GravityRat is hidden within the code of an app, and activated once the app is installed and has full use of the system it’s now inhabiting.


Discovered in May 2019, OSX/Linker exploited a zero-day vulnerability in the macOS Gatekeeper tool to install further malware.

Despite the exploit, Apple has since managed to secure the vulnerability, but it was open for ninety days after it was widely reported, leaving enough time for a number of Macs to be infected.

Thankfully, OSX/Linker didn’t become the big problem that it could have. But for those Macs that aren’t updated, it can still exploit and install malicious malware. Another good reason to ensure your Mac is up to date.


This malware falls under the adware banner. It uses digitally signed extensions to insert adverts and hijack your web browser under the guise of a free-to-install package or flight tool for browsers.

The end result is a host of unwanted sites being opened in new tabs, and even pop-up adverts appearing when you don’t want them to.


This particular piece of malware is designed to gain access to information through the Safari browser, specifically login details for Apple, Paypal, Google and Tandex services. It can also obtain information stored in notes and Messages sent via Skype, Telegram and Wechat.

It’s delivered through Xcode projects posted on Github, and exploits vulnerabilities found in Webkit and the Data Vault.

It’s a new form of malware, and it’s spreading throughout the Mac community fast.


Discovered in June 2019, CrescentCore is often disguised as an Adobe Flash Installer, which will then, upon being executed, check to see if the Mac has any security software installed, and if not will proceed to install a number of malware items.

It can do this by using developer signed certificates, which Apple has now stopped, but the malware can leave the door open for further code to be injected into the OS.

Bird Mine (or LoudMiner)

This is a cryptocurrency miner that was hidden in a number of cracked legitimate installers. It’s used to turn your Mac’s processing power into mining operation for cryptocurrencies, where the hackers can then forward any money they’ve made on to a specified server of their creation.

With a single Bitcoin being worth $50,000 (at the time of writing), mining for cryptocurrencies has become a big business. If hackers manage to get hold of the processing power of a few million Macs, then they could potentially have enough distributed computing power to rival a supercomputer.


NetWire belongs to a family of malware that installs backdoor features to your Mac. They are capable of exploiting vulnerabilities in browsers and the core OS, and installing keystroke loggers, screenshot takers and other forms of remote monitoring toolkits.

When active, they will record everything and send it to a hacker’s server for reading at a later date. The hacker can then use the password themselves, or put the information to auction on the Dark Web.


A slightly different take on a cryptocurrency miner. CookieMiner doesn’t utilise any of the processing power of your Mac to drill away for Bitcoins and the like, instead it provides a backdoor for hackers to steal information regarding any cryptocurrency exchanges you have on your Mac.

The information can then be used to steal cryptocurrency from your digital wallet.


This is a reoccurring adware type of malware that’s cleverly designed to seem almost near legitimate in every way.

Shlayer is often bundled with a fake Adobe Flash Installer, and when it’s in your system it will inform you, using Siri’s voice, that your Mac has some problems that need fixing. This will then prompt you to install other fake software which in turn adds more malware to your system.

Eventually, your system will become infected with multiple types of malware, but mostly it’ll be adware.


One of the rising stars in the malware charts are the instances of cryptocurrency miners. This one, discovered in 2018, will utilise any available resource the system has to offer in the attempt to mine as much cryptocurrency as possible.

Find more guides like this in…

David Hayward

David has spent most of his life tinkering with technology, from the ZX Spectrum, getting his hands on a Fujitsu VPP5000/100 supercomputer, and coding on an overheating Raspberry Pi. He's written for the likes of Micro Mart, Den of Geek, and countless retro sites and publications, covering reviews, creating code and bench testing the latest tech. He also has a huge collection of cables.

Related Articles

Back to top button