Breaking
March 17, 2025

Why betting on Mac security could put your organization at risk | usagoldmines.com

The growing popularity of Macs and MacBooks in enterprises can in part be attributed to their “secure by design” reputation. And generally, macOS is considered a safe platform, a view widely shared across the tech community.

Although macOS is widely perceived as more secure than Windows, 2024 revealed a worrying trend – a notable increase in Mac-targeted threats. From infostealers like Amos Atomic and Poseidon to advanced nation-state campaigns like BeaverTail and RustBucket, threat actors are exploiting macOS design elements to compromise corporate environments.

An over-reliance on the security mechanisms built-in to macOS can leave organizations vulnerable to attacks, so it’s key for organizations to recognize these risks and understand how to mitigate them effectively.

The Rise of macOS crimeware

There is a growing concern about the presence of malware on macOS, a problem that was relatively minor ten years ago. One contributing factor is the increased prevalence of Macs in business environments, a significant shift from the late 2010s, that has made them more attractive to attackers.

Threat actors have realized there is money to be made from Mac users. As a result, cybercriminals are increasingly targeting them, recognizing the value of these devices for conducting malicious activities.

Additionally, there are more targeted attacks in business environments. Beyond general attacks, Mac users in business environments face targeted attacks from sophisticated threat actors who aim to steal sensitive company data or disrupt operations.

Today, there are more threats to Macs than ever before, but awareness of these threats remains low. In contrast, most Windows users are generally aware of the need for the best antivirus software. However, Mac users often believe their devices are safe by design, a misconception that needs to be reconsidered given the current threat landscape.

Mac myth-busting

While the myth that “Macs don’t get malware” has been thoroughly debunked, a lingering perception persists that macOS is inherently safer than other OSes. This belief stems from comparisons to Windows, which faces a staggering volume of malware, but it doesn’t mean that threat actors aren’t actively targeting Macs, too.

2024 saw a significant uptick in macOS-focused crimeware. Infostealers-as-a-service, such as Amos Atomic, Banshee Stealer, Cuckoo Stealer, Poseidon and others, represent a significant portion of these threats. These tools are designed for quick, opportunistic attacks, aiming to steal credentials, financial data, and other sensitive information in one fell swoop.

Amos Atomic, which reportedly began as a ChatGPT project in April 2023, has quickly evolved into one of the most prominent Malware-as-a-Service (MaaS) platforms targeting Mac users. Initially a standalone offering, Amos Atomic has splintered into multiple variants, including Banshee, Cthulu, Poseidon, and RodrigoStealer. These versions are now developed and marketed by competing crimeware groups, spreading rapidly and affecting businesses throughout 2024.

What sets this malware family apart is its shift in distribution tactics. Instead of focusing on cracked games or user productivity apps, it now spoofs a wide range of enterprise applications, significantly broadening its reach and posing a greater threat to corporate environments.

Safe – or unsafe – by design?

For convenience, Apple designed Macs so that a single password could be used to unlock the device and allow administrator functions. This means that by default, the same password is used for logging in, installing software, and unlocking the Keychain – the database built into macOS that stores other passwords, including online credentials saved in the browser, application certificates, and more.

In addition, a built-in AppleScript mechanism makes it easy for attackers to fake a legitimate-looking password dialog box. Malware that successfully spoofs a password dialog box to install a fake program is then able to access all the sensitive data stored in the Keychain.

This straightforward yet effective approach is widely adopted by the rash of infostealers currently plaguing macOS businesses and home users. Given how deeply these features are integrated into the system itself, this technique is unlikely to be mitigated by Apple any time soon.

Advanced adversaries: Staying hidden in plain sight

Rather than the quick-hit tactics of smash-and-grab infostealers, advanced adversaries such as nation-state actors also aim to persist on the device over time. Their goal is to maintain long-term access to compromised devices, often for espionage or other high-value objectives. With Apple introducing user notifications for background login items in macOS Ventura, attackers have adapted by exploring new ways to remain undetected.

Common techniques include trojanizing software, which consists of compromising popular or frequently used applications to ensure the malicious code runs regularly. This can involve infecting development environments such as Visual Studio and Xcode with malicious payloads.

Additionally, leveraging Unix components, threat actors are exploiting overlooked command line elements like zsh environment files (“.zshenv” and “.zshrc”), which execute whenever the user opens a new terminal session, granting the attacker persistent access to the system.

Such tactics underscore the importance of scrutinizing trusted applications, development tools, and the underlying command line environment.

Defensive strategies for organizations

To protect against the rising tide of macOS threats, organizations should implement proactive and comprehensive security measures. Key defensive strategies include:

  • Control user actions: Recognize that most malware on Macs comes through user interaction. Use device management to control what users can change and do on their devices and limit admin privileges to reduce the risk of malware installation.
  • User education: Educate employees on the risks of using Apple’s built-in Passwords app and Keychain for storing corporate credentials. Instead, mandate the use of trusted third-party password managers that provide stronger security and compartmentalization.
  • Ensure visibility: Implement software that provides visibility into the system to monitor changes and detect suspicious activities. Understand how to check for malware and what tools to use for confidence in the system’s security.
  • Adopt robust security solutions: macOS’s built-in XProtect malware detection is updated infrequently and offers limited coverage. Organizations should deploy an advanced security solution that provides real-time threat detection and prevention.

Rethinking macOS security

The perception that macOS is inherently more secure can create a dangerous blind spot for organizations. Macs are not necessarily more “secure by design” than any other computing platform, and the evidence from 2024 demonstrates that threat actors are increasingly targeting them.

Organizations must treat macOS as a primary target in their security strategy, adopting a layered defense approach and educating users about the risks.

By recognizing and addressing these vulnerabilities, organizations can mitigate the risks of betting too heavily on macOS security – and avoid becoming sitting ducks for the next wave of attacks.

We list the best antivirus software for Mac.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

I’m a desk fidgeter. These 5 fidget toys keep me sane while I work | usagoldmines.com

Don’t be scared! Buy a cheaper laptop and upgrade the storage yourself | usagoldmines.com

Streaming Major League Baseball games: A how-to guide | usagoldmines.com

Best budget computer speakers 2025: Solid PC audio for $100 or less | usagoldmines.com

I love this Steam Sale tool that discovers hidden PC gaming gems | usagoldmines.com

Turn Spring Cleaning Into All-Year Cleaning With These Techniques Lindsey Ellefson | usagoldmines.co...

Apple Seeds Fourth Betas of visionOS 2.4, tvOS 18.4, and watchOS 11.4 Juli Clover | usagoldmines.com

Apple Seeds Fourth iOS 18.4 and iPadOS 18.4 Betas With Priority Notifications, Ambient Music and Mor...

Apple Seeds Fourth Beta of macOS Sequoia 15.4 With Mail Categorization Juli Clover | usagoldmines.co...

Apple Exclusively Selling New 4-in-1 MagSafe Charging Stand Joe Rossignol | usagoldmines.com

Intel's Panther Lake processors won't arrive until Q1 2026 - corroborates previous delay rumors desp...

Samsung's best Dolby Atmos soundbar is being bricked by a new update – here's what we know so far |...

Adolescence is the best show on Netflix right now, and you can watch it in one evening john-anthony....

Microsoft shot itself in the foot with its latest Windows update | usagoldmines.com

Elecom’s world-first Na-ion power bank has 10x more charging cycles than Li-ion | usagoldmines.com

This free tool cuts through Steam Sales and finds the hidden gems | usagoldmines.com

Samsung Galaxy S24 Series Grabs March Update Kellen | usagoldmines.com

Instead of Spring Cleaning, Try Spring Decluttering Lindsey Ellefson | usagoldmines.com

The Seven Deadly Sins of Spring Cleaning Stephen Johnson | usagoldmines.com

I didn't know an SSD could be cute until I saw Seagate's new Genshin Impact limited edition dash.woo...

Quordle hints and answers for Tuesday, March 18 (game #1149) | usagoldmines.com

NYT Connections hints and answers for Tuesday, March 18 (game #646) | usagoldmines.com

NYT Strands hints and answers for Tuesday, March 18 (game #380) | usagoldmines.com

I asked ChatGPT 4o, Gemini Live, and Siri what to wear, and only one could really help me look my be...

Technology monitoring solutions are becoming obsolete | usagoldmines.com

Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues | usago...

The Samsung Galaxy S24 is getting one of the S25’s biggest video upgrades with One UI 7 – here’s why...

Nintendo Switch 2 likely to have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it ...

How Google's new anti-scraping measures are forcing an industry evolution | usagoldmines.com

“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling proj...

Infamous ransomware hackers reveal new tool to brute-force VPNs | usagoldmines.com

I've been using an Apple Watch for 10 years – here are three common mistakes even I've made stephen....

Pebble confirms its smartwatch announcement is just hours away stephen.warwick@futurenet.com (Stephe...

Security issue in open source software leaves businesses concerned for systems | usagoldmines.com

Physicists unlock another clue to brewing the perfect espresso Jennifer Ouellette | usagoldmines.com

A tough race for the rookies as F1 starts 2025 in Australia Jonathan M. Gitlin | usagoldmines.com

Why wait? Google is already dismantling Assistant as it switches to Gemini. Ryan Whitwam | usagoldmi...

This free app unlocks AMD’s FSR 4 for unsupported games | usagoldmines.com

Asus jacks up prices on Nvidia and AMD GPUs | usagoldmines.com

Microsoft’s Remote Desktop app is being killed soon | usagoldmines.com

Logitech’s MX Vertical mouse rarely goes on sale — it’s 30% off now | usagoldmines.com

7 Google Assistant features vanishing soon as Gemini transition approaches | usagoldmines.com

Put Your Kids in Charge of These Spring Cleaning Chores Meghan Moravcik Walbert | usagoldmines.com

The Best Spring Cleaning Tips, According to Pros Lindsey Ellefson | usagoldmines.com

At 50% off, the Blink Mini 2 is a great first home security camera | usagoldmines.com

Never pay full price for Amazon purchases again with this free site | usagoldmines.com

$400 Off the Pixel 9 Pro XL is Happening Right Now For Some Reason Kellen | usagoldmines.com

My Favorite Gadgets to Make Spring Cleaning Actually Kind of Fun Lindsey Ellefson | usagoldmines.com

The Specialty Spring Cleaning Tools That Are Actually Useful Lindsey Ellefson | usagoldmines.com

Mac Studio With M3 Ultra Runs Massive DeepSeek R1 AI Model Locally Tim Hardwick | usagoldmines.com

Apple's First Foldable iPhone Estimated to Cost Nearly Twice as Much as iPhone 16 Pro Max Joe Rossig...

1Password Spring Sale Features Up to 50% Off Plans for Families and Individuals Mitchel Broussard | ...

Get ready to pay $1360 more for the RTX 5090 - Asus just raised prices yet again, and AMD's RX 9070 ...

Huawei might have beaten Apple to the folding phone finish line by creating a foldable 'iPad mini' j...

Switchbot has totally redesigned its smart home hub – and it's great news for renters | usagoldmine...

It’s crunch time for Apple Intelligence as Apple execs look for a solution to the company’s AI woes ...

Circular's new smart ring is getting blood pressure and blood glucose monitoring before the Apple Wa...

Disney+ renews Percy Jackson and the Olympians for season 3, unleashing an epic new odyssey based on...

Knights of the Old Republic remake developer Saber Interactive states all its projects are 'still in...

Worryingly, Google Gemini’s new AI image generation features can be used to remove watermarks from i...

EU tech companies push for digital sovereignty, reducing reliance on US and others benedict.collins@...

Google is slowly phasing out its Assistant helper to make room for Gemini's reign in smartphones - h...

Adobe Summit 2025 - all the news and updates as it happens | usagoldmines.com

Renault unveils its wildest EV to date and it comes with in-wheel motors and a rally-style vertical ...

Latest Snap Spectacles update teases an exciting AR future that I can't wait for hamish.hector@futur...

Microsoft 365 accounts are under attack from new malware spoofing popular work apps | usagoldmines....

One of the most powerful ransomware hacks around has been cracked using some serious GPU power | us...

Demon City on Netflix is Japan's answer to John Wick with a dash of Oldboy, and it rocks | usagoldm...

How to use a virtual number to stay safe from scammers | usagoldmines.com

How to check if your data has already leaked | usagoldmines.com

The rise of AI voice cloning: A new era of phone scams begins | usagoldmines.com

“They knew everything about me”–How modern identity thieves profile victims | usagoldmines.com

How to take back control after your data was breached | usagoldmines.com

How Surfshark VPN can help you watch content while travelling as if you were still at home | usagol...

Make Chrome secure and private by using the Surfshark VPN extension | usagoldmines.com

Surfshark Antivirus: all-around antivirus protection and more | usagoldmines.com

The digital footprint you leave online & how can Surfshark Antivirus protect it | usagoldmines....

How to delete yourself from the internet | usagoldmines.com

Today’s best laptop deals: Save big on work, school, home use, and gaming | usagoldmines.com

Only $329 for this Ryzen 7 mini PC with 32GB RAM right now | usagoldmines.com

Lenovo ThinkPad X9 14 Aura Edition review: Say goodbye to TrackPoint | usagoldmines.com

Save $560 on HP’s RTX 4070 laptop with 32GB RAM today | usagoldmines.com

Refresh rate vs. frame rate: Why they matter for gaming performance | usagoldmines.com

Use These Room-by-Room Checklists to Spring Clean Your Entire Home Lindsey Ellefson | usagoldmines.c...

Seven Ways to Spring Clean When You're Feeling Lazy Lindsey Ellefson | usagoldmines.com

Alphabet spins off laser-based Internet backbone provider Taara Stephen Morris, Financial Times | us...

The 2025 Cadillac Escalade IQ first drive: 460 miles on a single charge Michael Teo Van Runkle | usa...

Apple Canned Larger iPhone 17 Air Model Over Fears of Bendgate 2.0 Tim Hardwick | usagoldmines.com

Samsung's latest software upgrade could mean Galaxy phones beat iPhones for gaming – but you can't g...

Windows 11 bug deletes Copilot from the OS – is this the first glitch ever some users will be happy ...

'It's a new beginning': Avengers 5 and 6 directors tease what Marvel fans can expect from Doomsday a...

Sony has unveiled some goodies to celebrate God of War’s 20th anniversary, but it's not the remaster...

The iPhone 17 Air could have an affordable price, and better battery life than you might have expect...

The Huawei Watch 3 is a decent Apple Watch alternative, and its successor could be close at hand ste...

Multiple hands-on Google Pixel 9a videos have emerged, days ahead of the likely launch | usagoldmin...

iOS 19 is set to usher in a major redesign – here are 4 things being tipped for the upcoming overhau...

Microsoft Teams has a whole new way for you to talk to (or annoy) your co-workers | usagoldmines.co...

Old Bolt, new tricks: Making an EV into a backup power station with an inverter Kevin Purdy | usagol...

Audi A6 Avant e-tron Supports Apple Car Keys, Porsche Likely to Follow Tim Hardwick | usagoldmines.c...

Laying the foundations for successful GenAI adoption | usagoldmines.com

Leave a Reply