The Malware attack increase on MacOS: From ransomware, trojans, and backdoors

Maryan Duritan
Maryan Duritan
IT Writer
Last updated: May 15, 2024
Why Trust Us
Our editorial policy emphasizes accuracy, relevance, and impartiality, with content crafted by experts and rigorously reviewed by seasoned editors for top-notch reporting and publishing standards.
Purchases via our affiliate links may earn us a commission at no extra cost to you, and by using this site, you agree to our terms and privacy policy.

Mac users used to think their systems were super safe. But times have changed, and now there’s a lot more malware out there targeting MacOS. Patrick Wardle, an expert in Apple’s security, has found that the number of new malware cases for MacOS doubled in just one year, from 2022 to 2023. He said the biggest problems are now ransomware, trojans, and backdoors, which are kinds of bad software that can really mess up your computer.

Bitdefender, a security company, recently found a new kind of bad software called Trojan.MAC.RustDoor. It’s similar to the stuff used by known criminal groups BlackBasta and ALPHV/BlackCat. This malware has been quietly attacking Macs for the past three months, according to Bitdefender.

Bogdan Botezatu from Bitdefender explained why Macs are being targeted more by cybercriminals. He said, “Macs have unfortunately become valuable targets because of their increased use in businesses. Some cybercrime groups are now trying to get into the Mac world to find new opportunities because the competition is so tough in the Windows world.”

This means that as more businesses use Macs, the more these cybercriminals want to break into them. It’s a big change from when Mac users thought they were pretty safe from this kind of trouble. Now, everyone with a Mac needs to be more careful and make sure their computers are protected against these threats.


  • Malware targeting MacOS is transitioning from adware to more harmful forms like trojans, backdoors, and information stealers.
  • Groups like Lazarus, BlackBasta, and BlackCat are behind these sophisticated attacks on MacOS.
  • Cybercriminals disguise malware as official software updates, exploiting user trust.
  • Zero-day vulnerabilities offer attackers entry points before fixes are available.
  • Mac users’ lack of awareness about these threats makes systems more vulnerable.

Why cybercriminals are targeting Mac users now

For a long time, most malware was made to attack Windows computers because Windows was everywhere. As Statista reports, Windows has become the most used system around the world, with more than 70% of all computers running it since 2013. But things are changing. MacOS, the system that runs on Macs, is becoming more popular, especially in big companies. Now, about 22.4% of all the computers in these companies are Macs.

There are a couple of reasons why bad guys are starting to look at Mac users. First, more people are using Macs in important places, like at work. This makes them a bigger target than before. Plus, there’s something special about Apple products that make people think they’re really valuable. A lot of folks believe Apple devices are worth the extra money. Research from Business Live found that over half of the people they asked think Apple devices are “more expensive but worth the value.”

This idea that Mac users might have more money or important information is making them attractive to cybercriminals. So, as more people and businesses start using Macs, these criminals are thinking they might hit a jackpot by going after Mac users instead of just sticking to Windows.

New malware threats targeting MacOS users

The cybersecurity landscape for MacOS users is getting more challenging, with new threats popping up regularly. One notable group behind these threats is the Lazarus Group, which is linked to North Korea. Last year, they introduced a malware named KandyKorn aimed at MacOS users involved in the cryptocurrency and blockchain sectors. Since the launch of KandyKorn, several other Mac malware threats have emerged, showing that the issue is growing.

Bitdefender has recently found evidence suggesting that criminal groups known for targeting other systems, like BlackBasta and BlackCat, are now focusing on Mac users too. Bitdefender’s Bogdan Botezatu shares some insight into why we’re seeing more malware aimed at MacOS.

He mentioned, “As MacOS has steadily gained ground in market share over the past few years, it has become much more attractive for cybercrime groups.”

Botezatu highlighted a shift in the type of threats Mac users face, saying, “‘Traditional’ MacOS threats such as potentially unwanted apps (PUA) or aggressive adware have been surpassed in numbers by more devastating Trojans.”

This shift indicates that as more people and businesses choose Macs, the types of malware targeting these systems are becoming more serious and harmful. Cybercriminals are adapting their strategies and creating malware that can cause more damage than the simpler unwanted apps and adware previously seen on MacOS.

The new Rust-based Mac backdoor threat

Bitdefender recently discovered a sophisticated Mac backdoor malware coded in Rust, a programming language known to be used by the BlackCat group. This malware masquerades as a Visual Studio update, enticing users to download it from fraudulent websites. Upon installation, it stealthily creates a backdoor on the user’s system without their knowledge.

This malware specifically targets and steals files from the Documents and Desktop folders, and Notes, based on certain extensions and sizes. It then hides these files in a concealed folder, compresses them into a ZIP file, and uploads them to the attacker’s command and control (C2) server.

Additionally, the malware executes commands to collect system information, which it sends to the C2 server to register the compromised system and assign it a Victim ID. Attackers leverage this ID to remotely control the Mac, allowing them to send commands, receive payloads, execute tasks, and steal further information.

This discovery highlights the increasing sophistication of malware targeting Mac users, underscoring the need for vigilance and robust cybersecurity measures.

The role of user error in hacking tactics

Hackers are capitalizing on the common belief among some Mac users that they don’t need antivirus software or that their systems are naturally immune to malware attacks. This misconception is a significant advantage for cybercriminals, especially in the context of sophisticated threats like the new Mac Rust backdoor.

This type of attack, along with others targeting Macs, relies heavily on user actions such as visiting harmful websites, failing to verify URLs, and downloading software, files, or apps from untrustworthy sources. Once the user makes this mistake, the malware can infiltrate and operate on the system without encountering any additional security measures, like a professional anti-malware program running in the background.

Even tech-savvy individuals are not immune to these tactics. For instance, the Mac AMOS stealer recently masqueraded as a Slack update, and the Trojan.MAC.RustDoor malware posed as a Visual Studio update. These deceptive strategies are effective because they prey on trust and routine behaviors, leading users to inadvertently download and execute malicious files.

Cybercriminals will likely continue employing these tactics as long as they remain successful. Therefore, the level of security awareness among Mac users plays a crucial role in mitigating these threats. Understanding the importance of cybersecurity measures, such as using trusted antivirus software and being cautious about the sources of downloads, can significantly reduce the risk of falling victim to these attacks.

How the new backdoor might be connected to BlackCat

Bitdefender’s analysis of the Trojan.MAC.RustDoor, an uncharted malware strain, uncovers possible ties to the notorious BlackCat group. The choice of Rust for the malware’s development is pivotal, as BlackCat is known for its preference for this programming language, enhancing the malware’s stealth by exploiting Rust’s complexity and the scarcity of Rust-dedicated security tools.

The connection is further supported by the history of the command and control servers used in these attacks. Bitdefender found that a majority of these servers were previously implicated in ransomware attacks typical of BlackCat’s operations against Windows users, suggesting a strategic pivot or expansion to target MacOS environments.

Rust’s ability to compile directly to machine code, as opposed to languages like Python which use interpreters, adds another layer of obscurity to the malware’s operations, making detection and analysis more challenging.

Through ongoing research, Bitdefender has identified various iterations of this backdoor, indicating a continuous effort by its developers to refine its evasion techniques and operational efficiency.

Bogdan Botezatu, sharing insights from Bitdefender’s latest macOS Threat Landscape Report, highlighted the continuous battle Apple faces in securing its platform.

He noted, “Apple finds itself consistently having to patch actively exploited vulnerabilities as threat actors employ social engineering vectors and spray-and-pray techniques.”

This observation underscores the evolving challenge of cybersecurity, with attackers continuously innovating and adapting their strategies to exploit new vulnerabilities, necessitating vigilant and adaptive defense strategies from organizations and individuals alike.

Exploring common Mac trojans

Mac Trojans are deceptive software that sneak into macOS, often posing as harmless applications. Here’s a brief overview of some widespread Mac Trojans:

  • EvilQuest : More than just ransomware, EvilQuest also records keystrokes and opens a backdoor for attackers, making it a versatile threat.
  • Generic Trojans : A catch-all category for Trojans with various malicious functions, including downloading more malware and capturing user input.
  • Exploit Trojans : These exploit system or software vulnerabilities to install other harmful software, often without detection.
  • Flashback : Famous for pretending to be a Flash Player installer, Flashback stole personal info from over 600,000 Macs.
  • Empire : Utilizes the Empire framework for advanced network infiltration, allowing attackers to execute commands remotely.
  • Shellcode : Executes direct shellcode to take control of the infected Mac, exploiting software vulnerabilities for unauthorized access.
  • Shlayer : A Trojan downloader that primarily spreads adware by masquerading as a legitimate update or app.

To safeguard your Mac, keep your system updated, use trusted antivirus software, and be cautious with internet downloads. Awareness of these Trojans can help you recognize and avoid potential threats.

Security updates and Zero-day exploits

Over the past six months, Apple has been busy improving the security of its ecosystem, releasing more than 60 security updates across its devices, including Mac, iPhone, iPad, and Apple Watch. In just the last quarter, 28 of these updates were implemented, some of which were in response to urgent security flaws that came to light with the introduction of new operating systems.

Rapid development cycles, app launches, and frequent updates are not unique to Apple alone, but are characteristic of the technology industry as a whole. Security patches are a routine part of maintaining software integrity and user safety. However, this also provides opportunities for cybercriminals. The period immediately following the release of new software or operating systems is particularly vulnerable, as attackers attempt to exploit zero-day vulnerabilities—weaknesses that are unknown to the software vendor or unpatched.

The challenge extends beyond just the technical vulnerabilities. The latest findings indicate that attackers are exploiting not only zero-day vulnerabilities but also the general lack of rigorous cybersecurity practices among users. Whether it’s falling for a trojan, a cryptojacking scheme, a backdoor entry, or ransomware, these attacks often succeed due to user oversights.

This situation underscores the critical importance of maintaining vigilant cybersecurity hygiene alongside relying on software updates for protection. Users play a crucial role in their security posture, with the responsibility to stay informed and cautious about potential threats.

Keeping your Mac safe from trojans

Despite the rising concern over Mac-targeted malware, users can take several effective steps to bolster their security.

Bitdefender’s insights highlight the risk posed by trojans, especially those exploiting unpatched system vulnerabilities. One key defense mechanism is ensuring your Mac is always updated with the latest security patches from Apple. Delaying these updates can leave your system vulnerable to attacks.

When browsing online, especially on unfamiliar websites, vigilance is crucial. Pay close attention to the URLs to avoid deceptive sites. It’s equally important to download software only from reputable and trusted sources. Staying informed about the evolving tactics of cybercriminals can also help you stay one step ahead. They continuously devise new methods to trick users, including the use of sophisticated phishing schemes.

A notable trend is the use of misleading ads on popular search engines, designed to redirect users to harmful sites. Enhancing your browser’s security settings can offer an additional layer of protection, and heed any warnings about potentially malicious websites.

Regular scans of your Mac can detect threats early, and investing in professional-grade security software can provide comprehensive protection against a wide array of cyber threats. By adopting these practices, users can significantly reduce their risk of falling victim to trojans and other forms of malware.

Posted in :

Related terms

Related articles

About XPS's Editorial Process

XPS's editorial policy focuses on providing content that is meticulously researched, precise, and impartial. We adhere to rigorous sourcing guidelines, and every page is subject to an exhaustive review by our team of leading technology specialists and experienced editors. This method guarantees the integrity, pertinence, and utility of our content for our audience.

Maryan Duritan
Maryan Duritan
Maryan Duritan, a seasoned U.S.-based copywriter and SEO specialist, excels in making complex ideas accessible. She crafts compelling website content, blogs, articles, ebooks, press releases, and newsletters, tailoring tone and voice to match client goals and audience needs. Her creative precision transforms ideas into impactful content.

Why Trust Us

Our editorial policy emphasizes accuracy, relevance, and impartiality, with content crafted by experts and rigorously reviewed by seasoned editors for top-notch reporting and publishing standards.

Purchases via our affiliate links may earn us a commission at no extra cost to you, and by using this site, you agree to our terms and privacy policy.

Latest articles

Most popular

Latest articles

Popular categories

Artificial intelligence

Artificial Intelligence (AI) is a branch of computer science focused on creating systems that emulate human intelligence.


Cryptocurrency is a digital currency secured by cryptography and operates without a central authority.


Latest developments in technology, including new gadgets, software updates, industry trends, and breakthroughs in science and innovation.


Covers updates and developments in the video game industry, including new game releases, updates, reviews, and events.


Cybersecurity is protecting computer systems and data from digital attacks and unauthorized access.


Provides updates on financial markets, stock performances, economic trends, and investment strategies.


Updates on VPN technology, security features, service providers, privacy issues, and changes in regulations affecting VPN usage.


Networking connects computers and devices to share resources and information using hardware and software.