Breaking
March 17, 2025

Why betting on Mac security could put your organization at risk | usagoldmines.com

The growing popularity of Macs and MacBooks in enterprises can in part be attributed to their “secure by design” reputation. And generally, macOS is considered a safe platform, a view widely shared across the tech community.

Although macOS is widely perceived as more secure than Windows, 2024 revealed a worrying trend – a notable increase in Mac-targeted threats. From infostealers like Amos Atomic and Poseidon to advanced nation-state campaigns like BeaverTail and RustBucket, threat actors are exploiting macOS design elements to compromise corporate environments.

An over-reliance on the security mechanisms built-in to macOS can leave organizations vulnerable to attacks, so it’s key for organizations to recognize these risks and understand how to mitigate them effectively.

The Rise of macOS crimeware

There is a growing concern about the presence of malware on macOS, a problem that was relatively minor ten years ago. One contributing factor is the increased prevalence of Macs in business environments, a significant shift from the late 2010s, that has made them more attractive to attackers.

Threat actors have realized there is money to be made from Mac users. As a result, cybercriminals are increasingly targeting them, recognizing the value of these devices for conducting malicious activities.

Additionally, there are more targeted attacks in business environments. Beyond general attacks, Mac users in business environments face targeted attacks from sophisticated threat actors who aim to steal sensitive company data or disrupt operations.

Today, there are more threats to Macs than ever before, but awareness of these threats remains low. In contrast, most Windows users are generally aware of the need for the best antivirus software. However, Mac users often believe their devices are safe by design, a misconception that needs to be reconsidered given the current threat landscape.

Mac myth-busting

While the myth that “Macs don’t get malware” has been thoroughly debunked, a lingering perception persists that macOS is inherently safer than other OSes. This belief stems from comparisons to Windows, which faces a staggering volume of malware, but it doesn’t mean that threat actors aren’t actively targeting Macs, too.

2024 saw a significant uptick in macOS-focused crimeware. Infostealers-as-a-service, such as Amos Atomic, Banshee Stealer, Cuckoo Stealer, Poseidon and others, represent a significant portion of these threats. These tools are designed for quick, opportunistic attacks, aiming to steal credentials, financial data, and other sensitive information in one fell swoop.

Amos Atomic, which reportedly began as a ChatGPT project in April 2023, has quickly evolved into one of the most prominent Malware-as-a-Service (MaaS) platforms targeting Mac users. Initially a standalone offering, Amos Atomic has splintered into multiple variants, including Banshee, Cthulu, Poseidon, and RodrigoStealer. These versions are now developed and marketed by competing crimeware groups, spreading rapidly and affecting businesses throughout 2024.

What sets this malware family apart is its shift in distribution tactics. Instead of focusing on cracked games or user productivity apps, it now spoofs a wide range of enterprise applications, significantly broadening its reach and posing a greater threat to corporate environments.

Safe – or unsafe – by design?

For convenience, Apple designed Macs so that a single password could be used to unlock the device and allow administrator functions. This means that by default, the same password is used for logging in, installing software, and unlocking the Keychain – the database built into macOS that stores other passwords, including online credentials saved in the browser, application certificates, and more.

In addition, a built-in AppleScript mechanism makes it easy for attackers to fake a legitimate-looking password dialog box. Malware that successfully spoofs a password dialog box to install a fake program is then able to access all the sensitive data stored in the Keychain.

This straightforward yet effective approach is widely adopted by the rash of infostealers currently plaguing macOS businesses and home users. Given how deeply these features are integrated into the system itself, this technique is unlikely to be mitigated by Apple any time soon.

Advanced adversaries: Staying hidden in plain sight

Rather than the quick-hit tactics of smash-and-grab infostealers, advanced adversaries such as nation-state actors also aim to persist on the device over time. Their goal is to maintain long-term access to compromised devices, often for espionage or other high-value objectives. With Apple introducing user notifications for background login items in macOS Ventura, attackers have adapted by exploring new ways to remain undetected.

Common techniques include trojanizing software, which consists of compromising popular or frequently used applications to ensure the malicious code runs regularly. This can involve infecting development environments such as Visual Studio and Xcode with malicious payloads.

Additionally, leveraging Unix components, threat actors are exploiting overlooked command line elements like zsh environment files (“.zshenv” and “.zshrc”), which execute whenever the user opens a new terminal session, granting the attacker persistent access to the system.

Such tactics underscore the importance of scrutinizing trusted applications, development tools, and the underlying command line environment.

Defensive strategies for organizations

To protect against the rising tide of macOS threats, organizations should implement proactive and comprehensive security measures. Key defensive strategies include:

  • Control user actions: Recognize that most malware on Macs comes through user interaction. Use device management to control what users can change and do on their devices and limit admin privileges to reduce the risk of malware installation.
  • User education: Educate employees on the risks of using Apple’s built-in Passwords app and Keychain for storing corporate credentials. Instead, mandate the use of trusted third-party password managers that provide stronger security and compartmentalization.
  • Ensure visibility: Implement software that provides visibility into the system to monitor changes and detect suspicious activities. Understand how to check for malware and what tools to use for confidence in the system’s security.
  • Adopt robust security solutions: macOS’s built-in XProtect malware detection is updated infrequently and offers limited coverage. Organizations should deploy an advanced security solution that provides real-time threat detection and prevention.

Rethinking macOS security

The perception that macOS is inherently more secure can create a dangerous blind spot for organizations. Macs are not necessarily more “secure by design” than any other computing platform, and the evidence from 2024 demonstrates that threat actors are increasingly targeting them.

Organizations must treat macOS as a primary target in their security strategy, adopting a layered defense approach and educating users about the risks.

By recognizing and addressing these vulnerabilities, organizations can mitigate the risks of betting too heavily on macOS security – and avoid becoming sitting ducks for the next wave of attacks.

We list the best antivirus software for Mac.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

Samsung Kicks Off Fresh $300 Off No-Trade Galaxy S25 Ultra Deal, $900 Off With Trade Kellen | usagol...

Skywriter Turns Bluesky Threads Into ‘Articles’ for Easy Reading Pranay Parab | usagoldmines.com

You Can Try Notepad’s New AI Summarizer in Windows 11 Now (If You Pay) Pranay Parab | usagoldmines.c...

Snap's Camera-Equipped AR Spectacles Get GPS and Improved Hand Tracking Support Juli Clover | usagol...

This prototype mini PC demonstrates a massive leap forward for integrated graphics in a console form...

There's no need for a monitor with this Ryzen AI-powered mini PC alekshamcloughlin@outlook.com (Alek...

This fanless PC looks like a giant heatsink and has one incredible feature: five, yes five, 4K-capab...

Researchers engineer bacteria to produce plastics John Timmer | usagoldmines.com

Microsoft Just Uninstalled Copilot From Your PC Jake Peterson | usagoldmines.com

The Out-of-Touch-Adults' Guide to Kid Culture: Lady Gaga and the Death of Neo-Medievalism Stephen Jo...

Tiny Mac Mini rival can power four 8K monitors, and is the first mini PC to receive AMD's powerful R...

I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why | usagoldmines.com

The Seven Vegetables You Should Always Grow From Seeds (and Why) Amanda Blum | usagoldmines.com

My Favorite Amazon Deal of the Day: The Google Pixel 9 Pro Daniel Oropeza | usagoldmines.com

Apple Releases Safari Technology Preview 215 With Bug Fixes and Performance Improvements Juli Clover...

Review: Alogic's Ark Pro Packs a Punch With Portable Power Eric Slivka | usagoldmines.com

New Apple Store Opening in Ohio This Weekend Joe Rossignol | usagoldmines.com

Apple No Longer Hiding Apple Intelligence Storage Space Info in macOS 15.4 Juli Clover | usagoldmine...

AMD powers the world's fastest all-in-one PC, and yes, I've probably overstretched the definition of...

“Awful”: Roku tests autoplaying ads loading before the home screen Scharon Harding | usagoldmines.co...

Oops! Microsoft’s latest Windows update removes Copilot from PCs | usagoldmines.com

All the Ways I Cook With MSG on a Regular Basis Allie Chanthorn Reinmann | usagoldmines.com

Seven Home Improvement Projects to Complete Before You Move Into Your New Home Jeff Somers | usagold...

Apple's Limited-Time Mac Trade-In Offer Has a Disappointing Catch Joe Rossignol | usagoldmines.com

Western Digital introduces 26TB WD Red Pro HDDs for RAID and NAS systems at a surprisingly low price...

Save up to 65% on Microsoft Office & Windows Software | usagoldmines.com

Here are 4 Secret Android Features You May See in Android 16 or 17 Kellen | usagoldmines.com

Google Pushes Fix for Dead Chromecast Devices That Were Factory Reset Kellen | usagoldmines.com

You Can Now Use ChatGPT As Your Default Android Assistant David Nield | usagoldmines.com

The Blink Mini 2 Is at Its Lowest Price Right Now Pradershika Sharma | usagoldmines.com

Disney+ and Hulu Launch New Promo Bundle Offering Four Months for Just $11.96 Mitchel Broussard | us...

Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it ...

UK online safety law Musk hates kicks in today, and so far, Trump can’t stop it Ashley Belanger | us...

Windows 11 updates are accidentally getting rid of Copilot, at least for now Andrew Cunningham | usa...

Sobering revenue stats of 70K mobile apps show why devs beg for subscriptions Scharon Harding | usag...

Trump plan to fund Musk’s Starlink over fiber called “betrayal” of rural US Jon Brodkin | usagoldmin...

I’m a desk fidgeter. These 5 fidget toys keep me sane while I work | usagoldmines.com

Don’t be scared! Buy a cheaper laptop and upgrade the storage yourself | usagoldmines.com

Streaming Major League Baseball games: A how-to guide | usagoldmines.com

Best budget computer speakers 2025: Solid PC audio for $100 or less | usagoldmines.com

I love this Steam Sale tool that discovers hidden PC gaming gems | usagoldmines.com

Turn Spring Cleaning Into All-Year Cleaning With These Techniques Lindsey Ellefson | usagoldmines.co...

Apple Seeds Fourth Betas of visionOS 2.4, tvOS 18.4, and watchOS 11.4 Juli Clover | usagoldmines.com

Apple Seeds Fourth iOS 18.4 and iPadOS 18.4 Betas With Priority Notifications, Ambient Music and Mor...

Apple Seeds Fourth Beta of macOS Sequoia 15.4 With Mail Categorization Juli Clover | usagoldmines.co...

Apple Exclusively Selling New 4-in-1 MagSafe Charging Stand Joe Rossignol | usagoldmines.com

Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors desp...

Samsung's best Dolby Atmos soundbar is being bricked by a new update – here's what we know so far |...

Adolescence is the best show on Netflix right now, and you can watch it in one evening john-anthony....

Microsoft shot itself in the foot with its latest Windows update | usagoldmines.com

Elecom’s world-first Na-ion power bank has 10x more charging cycles than Li-ion | usagoldmines.com

This free tool cuts through Steam Sales and finds the hidden gems | usagoldmines.com

Samsung Galaxy S24 Series Grabs March Update Kellen | usagoldmines.com

Instead of Spring Cleaning, Try Spring Decluttering Lindsey Ellefson | usagoldmines.com

The Seven Deadly Sins of Spring Cleaning Stephen Johnson | usagoldmines.com

I didn't know an SSD could be cute until I saw Seagate's new Genshin Impact limited edition dash.woo...

Quordle hints and answers for Tuesday, March 18 (game #1149) | usagoldmines.com

NYT Connections hints and answers for Tuesday, March 18 (game #646) | usagoldmines.com

NYT Strands hints and answers for Tuesday, March 18 (game #380) | usagoldmines.com

I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my be...

Technology monitoring solutions are becoming obsolete | usagoldmines.com

Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues | usago...

The Samsung Galaxy S24 is getting one of the S25’s biggest video upgrades with One UI 7 – here’s why...

Nintendo Switch 2 likely to have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it ...

How Google's new anti-scraping measures are forcing an industry evolution | usagoldmines.com

“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling proj...

Infamous ransomware hackers reveal new tool to brute-force VPNs | usagoldmines.com

I've been using an Apple Watch for 10 years – here are three common mistakes even I've made stephen....

Pebble confirms its smartwatch announcement is just hours away stephen.warwick@futurenet.com (Stephe...

Security issue in open source software leaves businesses concerned for systems | usagoldmines.com

Physicists unlock another clue to brewing the perfect espresso Jennifer Ouellette | usagoldmines.com

A tough race for the rookies as F1 starts 2025 in Australia Jonathan M. Gitlin | usagoldmines.com

Why wait? Google is already dismantling Assistant as it switches to Gemini. Ryan Whitwam | usagoldmi...

This free app unlocks AMD’s FSR 4 for unsupported games | usagoldmines.com

Asus jacks up prices on Nvidia and AMD GPUs | usagoldmines.com

Microsoft’s Remote Desktop app is being killed soon | usagoldmines.com

Logitech’s MX Vertical mouse rarely goes on sale — it’s 30% off now | usagoldmines.com

7 Google Assistant features vanishing soon as Gemini transition approaches | usagoldmines.com

Put Your Kids in Charge of These Spring Cleaning Chores Meghan Moravcik Walbert | usagoldmines.com

The Best Spring Cleaning Tips, According to Pros Lindsey Ellefson | usagoldmines.com

At 50% off, the Blink Mini 2 is a great first home security camera | usagoldmines.com

Never pay full price for Amazon purchases again with this free site | usagoldmines.com

$400 Off the Pixel 9 Pro XL is Happening Right Now For Some Reason Kellen | usagoldmines.com

My Favorite Gadgets to Make Spring Cleaning Actually Kind of Fun Lindsey Ellefson | usagoldmines.com

The Specialty Spring Cleaning Tools That Are Actually Useful Lindsey Ellefson | usagoldmines.com

Mac Studio With M3 Ultra Runs Massive DeepSeek R1 AI Model Locally Tim Hardwick | usagoldmines.com

Apple's First Foldable iPhone Estimated to Cost Nearly Twice as Much as iPhone 16 Pro Max Joe Rossig...

1Password Spring Sale Features Up to 50% Off Plans for Families and Individuals Mitchel Broussard | ...

Get ready to pay $1360 more for the RTX 5090 - Asus just raised prices yet again, and AMD's RX 9070 ...

Huawei might have beaten Apple to the folding phone finish line by creating a foldable 'iPad mini' j...

Switchbot has totally redesigned its smart home hub – and it's great news for renters | usagoldmine...

It’s crunch time for Apple Intelligence as Apple execs look for a solution to the company’s AI woes ...

Circular's new smart ring is getting blood pressure and blood glucose monitoring before the Apple Wa...

Disney+ renews Percy Jackson and the Olympians for season 3, unleashing an epic new odyssey based on...

Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in...

Worryingly, Google Gemini’s new AI image generation features can be used to remove watermarks from i...

EU tech companies push for digital sovereignty, reducing reliance on US and others benedict.collins@...

Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - h...

Adobe Summit 2025 - all the news and updates as it happens | usagoldmines.com

Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical ...

Leave a Reply