Despite Apple's best attempts, Mac malware exists to keep in mind that Mac malware and viruses are quite rare in the wild. Apple has a number of safeguards in place to protect against such attacks. For example, according to the Security & Privacy settings in System Preferences > Security & Privacy > General, macOS should only allow the installation of third-party applications from the App Store or identified developers. If you were to install something from an unknown developer, Apple would prompt you to verify its legitimacy.
Apple also has its own built-in anti-malware program and keeps all of the malware definitions in its XProtect file on your Mac, and whenever you download a new app, it checks to see whether any of them are there. This is a feature of Apple's Gatekeeper software, which prevents malware developers from creating apps and certifies that they haven't been changed.
For the sixth year in a row, security researcher Patrick Wardle has compiled a list of all new Mac malware threats discovered during the previous year:
- ElectroRAT, a cross-platform remote access trojan that first appeared in January.
- Silver Sparrow, a malware tool designed specifically for Apple's M1 chip that was released last year.
- XLoader, a cross-platform password stealer. It was identified by XLoader to be a rebuilt version of a well-known information stealer named Formbook.
- When analyzing sophisticated watering hole assaults targeting users to the Hong Kong websites of a media outlet and a pro-democracy organization, MacMa (OSX.CDDS) came up with a solution. To install the MacMa backdoor, the attackers used a zero-day privilege escalation vulnerability (CVE-2021-30869) in macOS Catalina.
- XcodeSpy, a data-stealing malware tool that spread via sponsored search results on Baidu and installed the Cobalt Strike agent on compromised systems.
- ElectrumStealer, a cryptocurrency mining tool that Apple inadvertently signed digitally; WildPressure, a cross-platform Python backdoor that Kaspersky discovered targeting industrial companies in the Middle East.
- ZuRu, a data-stealing malware tool that spread via sponsored search results on Baidu and installed the Cobalt Strike.
Cryptominers like ElectroRAT and OSAMiner, adware loaders like Silver Sparrow, information stealers like Xloader and Macma, and cross-platform Trojans like WildPressure were among the most dangerous Mac malware threats last year, according to Willy Leichter, CMO of LogicHub.
