Is Mac malware on the rise?

Is Mac malware on the rise?

Last week, Bit9 + Carbon Black released a paper stating that five times more malware for OS X has appeared in 2015 than during the previous five years combined.

Their findings are interesting, but are not well understood by many Mac users. Some have reacted with disbelief, others with great fear for this dangerous new future.

It turns out that the findings are completely true, but depend entirely on your definition of the word “malware.”

Malware is a general term for any kind of malicious software. Viruses, trojans, worms, spyware, and illicit keyloggers and remote access software all fall under the umbrella of malware. Differences in function and installation methods are irrelevant; if it’s malicious, it’s malware, and thus illegal.

There are also some classes of software that live in more of a gray area. PUPs – Potentially Unwanted Programs – are applications whose behavior is questionable, but not actually crossing the line into illegality. Adware is a particular kind of PUP, whose purpose is to push ads of some kind at the user.

PUPs, including adware, are not actually malicious. If an app displays malicious behavior, it would be called malware, rather than a PUP. This doesn’t mean such apps are worth having, of course!

These programs may harass you, degrade your system’s performance and stability, and even get you to spend money on something that you didn’t really need, but by definition, they’re not doing anything outright malicious.

This is where Bit9 + Carbon Black’s findings need some clarification. By my definition of the term “malware,” I’d say that the appearance of new malware in 2015 has fallen still further from its peak in 2012.

By my counts, six new malware families appeared in 2014, and that number has been lower each year since 2012.

So far, 2015 has yet to rival that, with only three new malware threats: OceanLotus, malware that only affected a few users in China, an unnamed piece of malware that only affected a very small number of people with MacKeeper installed, and the recent XcodeGhost malware, which involved an infected copy of Xcode and in turn infected many iOS apps in the App Store (mostly in China).

However, as Bit9 + Carbon Black has observed, there has been a very steep rise in PUPs – specifically, adware – on the Mac in the last year. Adware on the Mac is multiplying like the proverbial rabbits. Back in 2012, when malware on the Mac was hitting its peak, Mac adware was still mostly unheard of. Today, countless Mac users are being affected by a wide variety of different adware programs.

Fortunately, adware isn’t stealing from the users of the infected systems. Instead, it’s going after much more meaty targets: advertising networks and search engines, who foot the bill for the misbehavior of adware creators by actually paying them for their harassment.

Still, adware is a serious problem, causing major inconveniences for end users. Adware, beyond simply being annoying, can ruin the performance of the system, cause crashes and result in security vulnerabilities that could be utilized by something far less benign.

Yet, in a way, adware may actually be a good thing for the Mac community. Adware helps to make Mac users more aware of online threats through harassment, rather than true danger. This can help them develop the good security habits that, before now, they have been frequently told are not needed, since “Macs don’t get viruses.” And those good habits can make all the difference when, in the future, something truly malicious appears again.


Thomas Reed

Director of Mac & Mobile

Had a Mac before it was cool to have Macs. Self-trained Apple security expert. Amateur photographer.