Complete list of Mac viruses, malware and trojans

Regardless of Apple’s greatest efforts, Mac malware does exist, we describe some instances beneath. Nonetheless, earlier than you panic, Mac malware and viruses are very not often discovered “within the wild”.

Infrequently you’ll hear of huge profile trojans, malware, and ransomware that’s concentrating on the Home windows world, very not often is that this a risk to Macs. For instance, the worldwide WannaCry/WannaCrypt ransomware assault that hit again in Could 2017 was solely concentrating on Home windows machines and subsequently no risk to Macs.

Fortunately Apple has numerous measures in place to protect in opposition to such threats. For instance, macOS shouldn’t permit the set up of third-party software program until it’s from the App Retailer or recognized builders. You’ll be able to test these settings in macOS Ventura’s System Settings > Privateness & Safety and scroll to the Safety part, or, if you’re utilizing Monterey or older, go to System Preferences > Safety & Privateness > Basic. You’ll be able to specify whether or not solely apps from the Mac App Retailer will be put in, or if you’re completely satisfied to permit apps from recognized builders too. When you have been to put in one thing from an unknown developer Apple would warn you to test it’s authenticity.

As well as Apple has its personal built-in anti-malware software. Apple has all of the malware definitions in its XProtect file which sits in your Mac, and each time you obtain a brand new utility it checks that none of these definitions are current.  That is a part of Apple’s Gatekeeper software program that blocks apps created by malware builders and verifies that apps haven’t been tampered with. For extra info learn: how Apple protects you from malware. We additionally focus on whether Macs need antivirus software individually.

Lately malware on the Mac actually decreased, nevertheless, as you will notice for those who learn on, Macs aren’t fully protected from assaults. Even Apple’s Craig Federighi has admitted there’s a drawback, saying in Could 2021 that: “We now have a stage of malware on the Mac that we don’t discover acceptable.” To remain protected, we advocate you learn our best Mac security tips and our spherical up of the best Mac antivirus apps, during which we spotlight Intego as our top pick.

One other factor to notice is that Apple’s personal M-series chips that it has been utilizing in Macs since November 2020 are thought of more secure than Intel processors. Nonetheless, malware, dubbed Silver Sparrow, was discovered on the M1 Mac quickly after launch so even Apple’s personal chips aren’t immune.

Curious to know what Mac viruses are on the market? On this article we’ll endeavour to provide you a whole listing.

Mac malware in 2022

Alchimist

When: October 2022. What: Present a backdoor onto the goal system. Focusing on a vulnerability in a third celebration Unix software. Who: Very particular goal as pkexec is never discovered on Macs.

Lazarus

When: August 2022. What: Malware disguised as job postings. Who: Focusing on Coinbase customers and Crypto.com.

VPN Trojan

When: July 2022. What: VPN app with two malicious binaries: ‘softwareupdated’ and ‘covid’.

CloudMensis/BadRAT

When: July 2022. What: Spy ware downloader that makes use of public cloud storage providers corresponding to Dropbox, Yandex Disk and pCloud. Exploited CVE-2020-9934 which was closed macOS Catalina 10.5.6 in August 2020.

CrateDepression

When: Could 2022. What: Provide chain assault with screencapture, keylogging, distant file retrieval. Who: Focused the Rust growth neighborhood.

Pymafka

When: Could 2022. What: Hoping that customers may mistype and obtain the malware as an alternative of professional pykafka. Who: Focusing on PyPI registry.

oRAT

When: April 2022. What: Distributed by way of a Disk Picture masquerading as a set of Bitget Apps. Who: Focusing on playing web sites.

Gimmick

When: March 2022. What: Distributed as a CorelDraw file that was hosted on a Google Drive. Who: Focusing on protest teams in Asia.

DazzleSpy

When: January 2022. What: Included code for looking out and writing information, dumping the keychain, operating a distant desktop and extra. Learn extra right here: Patched Mac malware sheds light on scary backdoor for hackers. Who: Focusing on supporters of democracy in Hong Kong.

ChromeLoader

When: January 2022. What: Chrome browser extension that would steal info, hijack the search engine queries, and serve adware.

Mac malware in 2021

macOS.Macma

When: November 2021. What: Keylogger, display screen capturer, display screen capturer and backdoor. Who: Targetting supporters of pro-democracy activism in Hong Kong.

OSX.Zuru

When: September 2021. What: Trojan that unfold disguised as iTerm2 app. Microsoft’s Distant Desktop for Mac was additionally trojanized with the identical malware. Who: Unfold by way of sponsored internet hyperlinks and hyperlinks within the Baidu search engine.

XCSSET Up to date

When: Could 2021 (initially from August 2020). What: Used a zero-day vulnerability in Safari. See: macOS 11.4 patches flaws exploited by XCSSET malware. Who: Geared toward Chinese language playing websites.

XLoader

When: July 2021. What: The XLoader malware was one of the prevalent items of Home windows malware to have been confirmed to run on macOS. XLoader is a variant of Formbook, a program used to steal login credentials, file keystrokes, and obtain and execute information.

WildPressure

When: July 2021. What: New multi-platform model of Milum Trojan embedded in a Python file. Who: Focusing on Center East activists.

XcodeSpy

When: March 2021. What: A Trojan hidden in Xcode tasks in GitHub had the potential to unfold among the many Macs of iOS builders. As soon as put in a malicious script runs that installs an “EggShell backdoor”. As soon as open the Mac’s microphone, digicam and keyboard will be hyjacked and information will be ship to the attacker. The malware was present in a ripped model of TabBarInteraction. Learn extra right here: New Mac malware targets iOS developers. Who: Assault on iOS builders utilizing Apple’s Xcode.

Silver Toucan/WizardUpdate/UpdateAgent

When: February 2021. What: Adload dropper that was notarized by Apple and used a Gatekeeper bypass.

Pirri/GoSearch22 

When: February 2021. What: Based mostly on Pirri and generally known as GoSearch22 contaminated Macs would see undesirable adverts. Extra info right here: M1 Macs face first recorded malware.

Silver Sparrow

When: January 2021. What: Malware concentrating on Macs geared up with the M1 processor. Used the macOS Installer Javascript API to execute instructions. In response to Malwarebytes, by February 2021 Silver Sparrow had already contaminated 29,139 macOS techniques in 153 international locations, a lot of the contaminated Macs being within the US, UK, Canada, France and Germany. Extra particulars right here: What you need to know about Silver Sparrow Mac malware.

Foundry

OSAMiner

When: January 2021 (however first detected in 2015). What: Cryptocurrency miner distributed by way of pirated copies of widespread apps together with League of Legends and Microsoft Workplace.

ElectroRAT

When: January 2021. What: Distant Entry Trojan concentrating on a number of platforms together with macOS. Who: Focusing on cryptocurrency customers.

Mac malware in 2020

GravityRAT

When: October 2020. What: GravityRAT was an notorious Trojan on Home windows, which, amongst different issues, had been utilized in assaults on the navy. It arrived on Macs in 2020. The GravityRAT Trojan can add Workplace information, take automated screenshots and file keyboard logs. GravityRAT makes use of stolen developer certificates to bypass Gatekeeper and trick customers into putting in professional software program. The Trojan is hidden in copies of assorted professional packages developed with .web, Python and Electron. We now have extra information about GravityRAT on the Mac here.

XCSSET

When: August 2020. What: Mac malware unfold by Xcode tasks posted on Github. The malware – a household of worms generally known as XCSSET – exploited vulnerabilities in Webkit and Information Vault. Would search to entry info by way of the Safari browser, together with login particulars for Apple, Google, Paypal and Yandex providers. Different kinds of info collected contains notes and messages despatched by way of Skype, Telegram, QQ and Wechat. Extra information here.

ThiefQuest (aka EvilQuest)

When: June 2020. What: ThiefQuest, which we focus on right here: Mac ransomware ThiefQuest/EvilQuest could encrypt your Mac, was Ransomware spreading on the Mac by way of pirated software program discovered on a Russian torrent discussion board. It was initially considered Mac ransomware – the primary such case since 2017 – besides that it didn’t act like ransomware: it encrypted information however there was no solution to show you had paid a ransom and no solution to subsequently unencrypted information. It turned out that reasonably than the aim of ThiefQuest being to extort a ransom, it was really making an attempt to acquire the information. Often known as ‘Wiper’ malware this was the primary of its sort on the Mac.

Mac malware in 2019

NetWire and Mokes

When: July 2019. What: These have been described by Intego as “backdoor malware” with capabilites corresponding to keystoke logging and screenshot taking. They have been a pair of Firefox zero-days that focused these utilizing cryptocurrancies. In addition they bypassed Gatekeeper. backdoor” malware

LoudMiner (aka Chicken Miner)

When: June 2019. What: This was a cryptocurrency miner that was distributed by way of a cracked installer for Ableton Dwell. The cryptocurrency mining software program would try to make use of your Mac’s processing energy to earn a living.

OSX/NewTab

When: June 2019. What: This malware tried so as to add tabs to Safari. It was additionally digitally signed with a registered Apple Developer ID.

OSX/Linker

When: Could 2019. What: It exploited a zero-day vulnerability in Gatekeeper to put in malware. The “MacOS X GateKeeper Bypass” vulnerability had been reported to Apple that February, and was disclosed by the one that found it on 24 Could 2019 as a result of Apple had failed to repair the vulnerability inside 90 days. Who: OSX/Linker tried to take advantage of this vulnerability, however it was by no means actually “within the wild”.

CookieMiner

When: January 2019. What: The CookieMiner malware may steal a customers password and login info for his or her cyberwallets from Chrome, get hold of browser authentication cookies related to cryptocurrency exchanges, and even entry iTunes backups containing textual content messages with a purpose to piece collectively the data required to bypass two-factor authentication and acquire entry to the sufferer’s cryptocurrency pockets and steal their cryptocurrency. Unit 42, the safety researchers who recognized it, counsel that Mac customers ought to clear their browser caches after logging in to monetary accounts. Because it’s linked to Chrome we additionally advocate that Mac customers select a special browser. Discover out extra about CookieMiner Mac malware here.

Mac malware in 2018

SearchAwesome

When: 2018. What: OSX.SearchAwesome was a form of adware that targets macOS techniques and will intercept encrypted internet site visitors to inject advertisements.

Mac Auto Fixer

When: August 2018. What: Mac Auto Fixer was a PiP (Doubtlessly Undesirable Program), which piggybacks on to your system by way of bundles of different software program. Discover out extra about it, and easy methods to eliminate it, in What is Mac Auto Fixer?

OSX/CrescentCore

When: June 2018. What: This Mac malware was discovered on a number of web sites, together with a comic-book-download website in June 2019. It even confirmed up in Google search outcomes. CrescentCore was disguised as a DMG file of the Adobe Flash Participant installer. Earlier than operating it will test to see if it inside a digital machine and would seems for antivirus instruments. If the machine was unprotected it will set up both a file known as LaunchAgent, an app known as Superior Mac Cleaner, or a Safari extension. CrescentCore was in a position to bypass Apple’s Gatekeeper as a result of it had a signed developer certificates assigned by Apple. That signature was ultimately revoked by Apple. But it surely reveals that though Gatekeeper ought to cease malware getting by, it may be executed. Once more, we observe that Adobe ended support for Adobe Flash on 31 December 2020, so this could imply fewer instances of malware being disguised because the Flash Participant.

Mshelper

When: Could 2018. What: Cryptominer app. Contaminated customers seen their followers spinning notably quick and their Macs operating hotter than typical, a sign {that a} background course of was hogging assets.

OSX/Shlayer 

When: February 2018. What: Mac adware that contaminated Macs by way of a pretend Adobe Flash Participant installer. Intego identifed it as a brand new variant of the OSX/Shlayer Malware, whereas it could even be refered to as Crossrider. In the middle of set up, a pretend Flash Participant installer dumps a duplicate of Superior Mac Cleaner which tells you in Siri’s voice that it has discovered issues together with your system. Even after eradicating Superior Mac Cleaner and eradicating the varied elements of Crossrider, Safari’s homepage setting continues to be locked to a Crossrider-related area, and can’t be modified. Since 31 December 2020 Flash Player has been discontinued by Adobe and it now not supported, so you may make sure that for those who see something telling you to put in Flash Participant please ignore it. You’ll be able to read more about this incident here.

MaMi

When: January 2018. What: MaMi malware routes all of the site visitors by malicious servers and intercepts delicate info. This system installs a brand new root certificates to intercept encrypted communications. It will probably additionally take screenshots, generate mouse occasions, execute instructions, and obtain and add information.

Meltdown & Spectre

Foundry

When: January 2018. What: Apple confirmed it was certainly one of plenty of tech firms affected, highlighting that: “These points apply to all fashionable processors and have an effect on practically all computing gadgets and working techniques.” The Meltdown and Spectre bugs may permit hackers to steal knowledge. Meltdown would contain a “rogue knowledge cache load” and may allow a consumer course of to learn kernel reminiscence, in accordance with Apple’s transient on the topic. Spectre might be both a “bounds test bypass,” or “department goal injection” in accordance with Apple. It may doubtlessly make objects in kernel reminiscence out there to consumer processes. They are often doubtlessly exploited in JavaScript operating in an online browser, in accordance with Apple. Apple issued patches to mitigate the Meltdown flaw, regardless of saying that there isn’t any proof that both vulnerability had been exploited. Extra right here: Meltdown and Spectre CPU flaws: How to protect your Mac and iOS devices.

Mac malware in 2017

Dok

When: April 2017. What: macOS Malicious program appeared to have the ability to bypass Apple’s protections and will hijack all site visitors getting into and leaving a Mac with no consumer’s information – even site visitors on SSL-TLS encrypted connections. OSX/Dok was even signed with a sound developer certificates (authenticated by Apple) in accordance with CheckPoint’s weblog publish. It’s seemingly that the hackers accessed a professional builders’ account and used that certificates. As a result of the malware had a certificates, macOS’s Gatekeeper would have acknowledged the app as professional, and subsequently not prevented its execution. Apple revoked that developer certificates and up to date XProtect. OSX/Dok was concentrating on OS X customers by way of an e-mail phishing marketing campaign. The easiest way to keep away from falling foul to such an makes an attempt shouldn’t be to answer emails that require you to enter a password or set up something. Extra here.

X-agent

When: February 2017. What: X-agent malware was able to stealing passwords, taking screenshots and grabbing iPhone backups saved in your Mac. Who: The malware apparently focused members of the Ukrainian navy and was thought to be the work of the APT28 cybercrime group, in accordance with Bitdefender.

MacDownloader

When: February 2017. What: MacDownloader software program present in a pretend replace to Adobe Flash. When the installer was run customers would get an alert claiming that adware was detected. When requested to click on to “take away” the adware the MacDownloader malware would try and transmit knowledge together with the customers Keychain (usernames, passwords, PINs, bank card numbers) to a distant server. Who: The MacDownloader malware is assumed to have been created by Iranian hackers and was particularly targetted on the US defence business. It was positioned on a pretend website designed to focus on the US defence business.

Phrase macro virus

When: February 2017. What: PC customers have needed to deal with macro viruses for a very long time. Purposes, corresponding to Microsoft Workplace, Excel, and Powerpoint permit macro packages to be embedded in paperwork. When these paperwork are opened the macros are run routinely which may trigger issues. Mac variations of those packages haven’t had a problem with malware hid in macros as a result of since when Apple launched Workplace for Mac 2008 it eliminated macro help. Nonetheless, the 2011 model of Workplace reintroduced macros, and in February 2017 there was malware found in a Phrase macro inside a Phrase doc about Trump. If the file is opened with macros enabled (which doesn’t occur by default), it would try and run python code that would have theoretically carry out capabilities corresponding to keyloggers and taking screenshots. It may even entry a webcam. The prospect of you being contaminated on this manner could be very small, until you will have obtained and opened the file referred to (which might shock us), however the level is that Mac customers have been focused on this manner.

Fruitfly

When: January 2017. What: Fruitfly malware may seize screenshots and webcam photos, in addition to on the lookout for details about the gadgets linked to the identical community – after which connects to them. Malwarebytes claimed the malware may have been circulating since OS X Yosemite was launched in 2014.

Mac malware in 2016

Pirrit

When: April 2016. What: OSX/Pirrit was apparently hidden in cracked variations of Microsoft Workplace or Adobe Photoshop discovered on-line. It will acquire root privileges and create a brand new account with a purpose to set up extra software program, in accordance with Cybereason researcher Amit Serper on this report.

Safari-get

When: November 2016. What: Mac-targeted denial-of-service assaults originating from a pretend tech help web site. There have been two variations of the assault relying in your model of macOS. Both Mail was hijacked and compelled to create huge numbers of draft emails, or iTunes was compelled to open a number of occasions. Both manner, the top objective is to overload system reminiscence and pressure a shutdown or system freeze.

KeRanger

When: March 2016. What: KeRanger was ransomware (now extinct). For a very long time ransomware was an issue that Mac house owners didn’t have to fret about, however the first ever piece of Mac ransomware, KeRanger, was distributed together with a model of a bit of professional software program: the Transmission torrent shopper. Transmission was up to date to take away the malware, and Apple revoked the GateKeeper signature and up to date its XProtect system, however not earlier than plenty of unfortunate customers acquired stung. We focus on how to remove Ransomware here.

Older Mac malware

SSL, Gotofail error

When: February 2014. What: The issue stemmed from Apple’s implementation of a primary encryption function that shields knowledge from snooping. Apple’s validation of SSL encryption had a coding error that bypassed a key validation step within the internet protocol for safe communications. There was an additional Goto command that hadn’t been closed correctly within the code that validated SSL certificates, and consequently, communications despatched over unsecured Wi-Fi hotspots might be intercepted and skim whereas unencrypted. Apple shortly issued an replace to iOS 7, however took longer to issued an replace for Mac OS X, regardless of Apple confirming that the identical SSL/TSL safety flaw was additionally current in OS X. Who: To ensure that one of these assault to be potential, the attacker must be on the identical public community. Learn extra concerning the iPad and iPhone security flaw here.

OSX/Tsnunami.A

When: October 2011. What: OSX/Tsnunami.A was a brand new variant of Linux/Tsunami, a malicious piece of software program that commandeers your pc and makes use of its community connection to assault different web sites. Extra info here.

OSX.Revir.A

When: September 2011. What: Posing as a Chinese language-language PDF, the nasty piece of software program installs backdoor entry to the pc when a consumer opens the doc. Extra here.

Flashback trojan

When: September 2011. What: Flashback is assumed to have been created by the identical individuals behind the MacDefender assault and will use an unpatched Java vulnerability to put in itself. Learn extra right here: What you need to know about the Flashback trojan. Who: Apparently greater than 500,000 Macs have been contaminated by April 2012.

MacDefender

When: Could 2011. What: Trojan Horse phishing rip-off that presupposed to be a virus-scanning utility. Was unfold by way of SEO (search engine optimization) poisoning.

BlackHole RAT

When: February 2011. What: Extra of a proof-of-concept, however a prison may discover a solution to get a Mac consumer to put in it and acquire distant management of the hacked machine. BlackHole was a variant of a Home windows Trojan known as darkComet. Extra info right here: Hacker writes easy-to-use Mac Trojan.

For extra details about how Apple protects your Mac from safety vulnerabilities and malware learn:
Do Macs need antivirus software.