Despite Apple’s best efforts to shield users from malware threats, cybercriminals have never stopped trying to find a way around Cupertino’s security architecture. They have even devised a few ways to bypass Mac malware detection and get their malicious code on your computer.
Malware is a broad term that includes viruses, ransomware and spyware. Viruses, for example, hijack the resources of a device and spread to other machines and networks without the victim’s permission. Ransomware, meanwhile, locks victims’ files and demands payment in order to regain access to the data. And spyware, which can spy on browsing behavior or keystroke patterns, is another type of malware that allows hackers to steal your personal information.
Getting malware on your Mac isn’t as easy as just downloading and installing an app, either. Attackers need to craft a slithering technique in order to slip their malicious tool past macOS’ built-in software verification system called Gatekeeper. Gatekeeper tries to stop malware by inspecting the binary code of any program that runs on your Mac. If it finds something fishy, the system flags it as “untrusted” and halts its execution.
But attackers have figured out ways to thwart Apple’s gatekeeping system, and one of the more sophisticated techniques involves a clever trick known as software bundling. This tactic co-promotes several apps together, allowing a harmful program to sneak in alongside an item that would normally be benign and free of charge. This was the method employed by the Search Marquis virus, which slipped onto macOS computers through a program bundle that appeared to be a free productivity app.
Other tactics include spoofing security alerts in an attempt to steal user privileges. For example, a phony low memory alert could give hackers access to a Mac’s documents and data. Or a fake warning claiming that your hard drive is full could lead to the unintentional installation of a malware backdoor called EggShell, which can access passwords and credit card details in your browser history.
Another type of Mac malware is a rootkit, which burrows deep into a machine, granting hackers root access to the system. Rootkits are a common type of Windows malware, but they’re also a concern on the Mac thanks to flaws in macOS’ kernel. And they’re becoming more common as attackers target Apple’s M-series processors in its Macs.
But perhaps the worst form of Mac malware is one that extorts bitcoins from unsuspecting victims. A ransomware strain called Patcher, which emerged in 2023, encrypts files on the infected machine and forces users to pay 0.25 BTC in exchange for the decryption key. The pest then threatens to delete the files entirely if victims fail to comply. The good news is that some malware analysts have discovered ways to reverse the damage done by this extortion Trojan.