Mac threat detections on the rise in 2019

Mac threat detections on the rise in 2019

Conventional wisdom has been that, although not invulnerable to cyberthreats (as some old Apple ads would have you believe), Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed, the times, they are a-changin’.

To get a sense of how Mac malware performed against all other threats in 2019, we looked at the top detections across all platforms: Windows PCs, Macs, and Android. Of the top 25 detections, six of them were Mac threats. Overall, Mac threats accounted for more than 16 percent of total detections.

Perhaps 16 percent doesn’t sound impressive, but when you consider the number of devices on which these threats were detected, the results become extremely interesting. Although the total number of Mac threats is smaller than the total number of PC threats, so is the total number of Macs. Considering that our Mac user base is about 1/12 the size of our Windows user base, that 16 percent figure becomes more significant.

Detections per device

The most interesting statistic that emerged from our data was how many Mac detections we saw per machine in 2019. On Windows, we saw 4.2 detections per device this year. Our Mac users, on the other hand, saw 9.8 detections per device—more than double the amount of detections than Windows users.

Of course, there are obviously biases in this data. For example, these machines are all devices with Malwarebytes installed, and many Mac users still believe antivirus software is not needed. This means the Macs represented by the data may be machines that already had some kind of suspected infection, which is why Malwarebytes was installed in the first place.

However, the same could be said for PC users, who often believe that free Windows Defender is adequate protection, but then download Malwarebytes for Windows when their computer begins demonstrating signs of infection. Still, the overall threat detection rate for all Macs (and not just those with Malwarebytes installed) is likely not as high as this data sample.

Top five global threats

For the first time ever, Mac malware broke into the top five most-detected threats in the world. In fact, Mac malware represented the second- and fifth-most detected threats.

The Malwarebytes detection ranked as the second-highest of 2019 is a Mac adware family known as NewTab, clocking in at around 4 percent of our overall detections across all platforms.

NewTab is adware that uses browser extensions to modify the content of web pages. It can be found in the form of Chrome extensions, with some older versions available as outdated Safari extensions. However, due to Apple phasing out support for these older Safari extensions in favor of extensions bundled inside apps, NewTab often poses as apps, such as flight trackers, maps/navigation, email access, or tax forms.

Recently, NewTab has proliferated and is using a variety of seemingly randomly-chosen names. Although some earlier variants tricked users into downloading an app from something like a fake flight or package tracking website, more recently these have been bundled into more widely-distributed adware bundle installers.

In fifth place, at 3 percent of the total detections, we see a detection named PUP.PCVARK. These are a variety of potentially unwanted programs from a particular developer, most of them clones of Advanced MacKeeper. (This app was so notorious that its site was eventually blacklisted by Google Safe Browsing, which is not something that typically happens for PUPs.)

PUP (n): abbreviation for potentially unwanted program

PUPs are programs that are generally not installed intentionally by the user, or that may use a variety of scare tactics or other unethical techniques to trick the user into installing or purchasing.

Growing Mac threat

If we delve further into our data, we see that Mac detections primarily consist of adware and PUPs. Traditional, “full” malware does exist for the Mac, of course, but it tends to be more targeted or otherwise limited in scope. For example, the Mokes and Wirenet malware targeted Mac users through a Firefox vulnerability this year, but only users at certain cryptocurrency companies were targeted, so infections were not widespread.

We’ve known for a long time that the “Macs don’t get viruses” wives’ tale was completely wrong. As time goes on, though, we’re seeing that Macs are increasingly popular targets, and the bad guys are ramping up their efforts to get a piece of the Mac market. If you use a Mac, stay alert, use antivirus software, and don’t allow yourself to be lulled into a false sense of security.


Thomas Reed

Director of Mac & Mobile

Had a Mac before it was cool to have Macs. Self-trained Apple security expert. Amateur photographer.