Despite Apple ’s best effort , Mac malware does exist , we name some typesetter’s case below . However , before you panic , Mac malware and computer virus are very rarely found “ in the state of nature ” .
From time to prison term you will discover of big visibility Dardan , malware , and ransomware that is targeting the Windows world , very rarely is this a threat to Macs . For illustration , the worldwide WannaCry / WannaCrypt ransomware approach that hit back in May 2017 was only targeting Windows machines and therefore no threat to Macs .
Luckily Apple has various measuring stick in billet to ward against such threats . For example , macOS should n’t allow the installation of third - political party software unless it ’s from the App Store or identify developers . you’re able to stop these configurations in System configurations > Privacy & Security and roll to the Security segment , or , if you are using Monterey or older , go to System Preferences > Security & Privacy > General . you’re able to narrow down whether only apps from the Mac App Store can be installed , or if you are glad to allow apps from identified developer too . If you were to put in something from an unidentified developer Apple would monish you to check out its legitimacy .
In addition , Apple has its own build up - in anti - malware tool . Apple has all the malware definition in its XProtect file which sits on your Mac , and every time you download a raw program it checks that none of those definition are present . This is part of Apple ’s Gatekeeper software that blocks apps created by malware developers and verifies that apps have n’t been tampered with . For more data read : How Apple protects you from malware . We also discusswhether Macs ask antivirus softwareseparately .
While it ’s dependable to say thatMacs are safer than Windows political machine , Macs are not completely safe from flack . Even Apple ’s Craig Federighi has admitted there is a problem , saying in May 2021 that : “ We have a level of malware on the Mac that we do n’t find acceptable . ” To stay on safe , we recommend you read ourbest Mac security tipsand our stave - up of thebest Mac antivirus apps , in which we highlightIntego as our top pick .
Another thing to note is that Apple ’s own M - series chips that it has been using in Macs since November 2020 are consideredmore inviolable than Intel processors . However , malware , dubbedSilver Sparrow , was discover on the M1 Mac soon after launching so even Apple ’s own chips are not resistant .
Curious to recognise what Mac computer virus are out there , perhaps because you were reckon you might spy some suspicious processes or malware public figure in Activity Monitor on your Mac ? In this clause , we will endeavor to give you a thoroughgoing list .
PROMOTION
Antivirus Deal : Intego Mac Premium Bundle
Get Intego ’s Mac Premium Bundle X9 with antivirus , firewall , backup and organisation execution tools for just $ 29.99 ( down from $ 84.99 ) for the first year .
Can Macs get viruses?
Before we run through the malware that ’s been spotted on Macs we need to address this question . The word computer virus gets used a lot more than it should be – a more exact word would be malware . A figurer virus is so - called because it is capable of replicating itself and spreading . A virus is only one type of malware of which there are many , and regrettably there have been cases on the Mac .
Malware admit the chase :
Cryptocurrency miners : crook have attempted to use Macs to mine bitcoin and the like as in the lawsuit of LoudMiner ( aka Bird Miner ) .
macOS Stealers : This is a increasingly vulgar variety of malware which Malwarebytes highlighted in its2025 State of Malware reportand security expertPatrick Wardlehas written about in his Mac Malware of 2024 round up . macOS Stealers , or Info thief are a sort of malware that is designed to find data such as certification cookies , reference card phone number , watchword , and more . One deterrent example of this is Atomic Stealer , which has been used in several attacks .
Phishing : We ’ve all receive phishing emails and we all do it the dangers , but as felon get more sophisticated ( and maybe even see to import ) can we be trusted we wo n’t go down for a phishing attempt to gain our data or login contingent ? You may think that you will never fall for a phishing attempt , but could you be as confident about your parent ?
Potentially Unwanted Programs ( or whelp ): noted deterrent example admit Advanced Mac Cleaner , Mac Adware Remover , and Mac Space Reviver . These apps tend to hound users , which is part of their precipitation , as due to the bad reputations of some of these apps the issue of Macs affected has fallen , grant to Malwarebytes . So it seems that mass are at least wising up to these dodgy political program .
Ransomware : Ransomware has been notice on Macs but the Mac has never face any widespread ransomware threats . To day of the month , ransomware on the Mac users has n’t been quick for “ prime clip , ” as Patrick Waddle place it , but we should still be concerned .
Spyware : Our datum is incredibly worthful to criminals and spyware is designed to obtain this info . One example of this would be the Pegasus spyware that was known to haveinfected some iPhones . This was enough of an issue for Apple to announce that they will warn users of spyware attacks like Pegasus ( more on that below ) .
Trojan Horse : A Trojan is a kind of malware that is hidden , or mask in software . There are various variety of Trojans . A Trojan could , for example , give hackers admission to our computers via a ‘ backdoor ’ so that they can access filing cabinet and steal your datum . Essentially the name Trojan describes the method by which the malware receive onto your computer .
USB / bolt of lightning taxi : There have also been cases where malware has been installed on Macs via a modified USB cable system . There have even been security fault assort with Thunderbolt which are discussed in this clause : How to protect your Mac from the Thunderbolt security defect . Also read : Can Macs be hacked ?
It ’s clear from these case that there is a threat from malware on the Mac , and there are probable to be more case in the futurity . Even the M1 Macs were point shortly after they were introduced in November 2020 : theSilver Sparrowmalware targeted both M1 Macs and Macs that use Intel processors .
One full thing is thatAdobe end accompaniment for Adobe Flashon 31 December 2020 . At least this should keep down the number of cases of Mac malware mask as the Flash Player arrive on the Mac .
Mac malware in 2024
Before you get to upset , many of these attack are not going to concern to you , unless you survive in China , North Korea , or have a lot of money tied up in cryptocurrency . But they do emphasise the growing numbers of malware target Macs .
Patrick Wardle has write information about all themalware cite here .
Unnamed Downloader
When : December 2024 . This one was discovered by the Moonlock Lab . It ’s not sign so it should n’t run on macOS .
HiddenRisk
When : November 2024 . More North Korean malware , this one is used in cryptocurrency attacks .
RustyAttr
When : November 2024 . macOS downloader using a new way to hide malicious shell script . connect to North Korea .
DPRK Downlader
When : November 2024 . macOS downloader built using Flutter ( the open source computer software growing outfit from Google ) and discovered by Jamf Threat Labs .
VShell Downloader
When : October 2024 . A fake Cloudflare authenticator from China .
InletDrift
When : October 2024 . This macOS downloader was used in the Radiant Capital hack which lead to the theft of $ 50 million digital coin and was link to North Korea .
Cthulhu
When : August 2024 . A macOS thief that can steal credentials tie in to cryptocurrency pocketbook and secret plan .
ToDoSwift
When : August 2024 . A macOS downloader that is disguised as a PDF . It ’s a Swift - found malware and is linked to North Korea .
BeaverTail
When : July 2024 . This macOS stealer targets drug user via a trojanized confluence app and is used by North Korean hacker to steal data point and deploy extra lading .
Banshee
When : July 2024 . Another macOS stealer that targets cryptocurrency pocketbook was key in July 2024 . The Banshee Mac malware that attacker use to gain access to web internet browser data , such as login selective information and web internet browser history . A new version known as Banshee Stealer arrive in January 2025 and this had encryption that allowed it to pilfer past Apple ’s XProtect . Read : New Mac malware can bypass Apple ’s XProtect surety scanner .
Poseidon (aka Rodrigo)
When : May 2024 . Another macOS stealers that targets cryptocurrency pocketbook . Discovered by researchers at MacPaw ’s Moonlock Lab .
CloudChat
When : April 2024 . This is a macOS stealers that targets cryptocurrency billfold and keys . Known to monitor the clipboard .
SnowLight
When : April 2024 . Another macOS downloader linked to China .
LightSpy
When April 2024 : This feat thought to get from China targets macOS , but also iOS , Android and Windows . It can exfiltrate browsing account , SMS messages and more and is used for espionage . ( April 2024 )
HZ Rat
Another back door targeting users in China . This one gives attackers complete control over the infected macOS machine . It originated as a Windows malware .
EvasivePanda
When : March 2024 . unwrap by ESET this macOS downloader targeted Tibetans and was linked to China .
Activator
When : February 2024 . This is a downloader that installs a backdoor and crypto - stealer . Discovered by Kaspersky .
RustDoor (aka ThiefBucket)
When : February 2024 . macOS backdoor with potential ties to a Windows ransomware grouping . identify by Bitdefender .
PyStealer
When : February 2024 . A macOS stealers that place cryptocurrency wallet . Discovered by MacPaw ’s Moonlock Lab .
NotLockBit
Ramsonware that encrypts victims ’ files while also follow through some canonic stealer functionality . discover by TrendMicro .
SpectralBlur
When : January 2024 . North Korean backdoor that could do canonical functions such as download , upload and action capabilities .
Zuru
When : January 2024 . Jamf unwrap this backdoor malware disguised as democratic macOS apps in January 2024 . It was thought that it may be a new version of malware from 2021 . Distributed through pirated software host in China . More here : Jamf discovers new malware disguised as democratic macOS apps .
Mac malware in 2023
WSClient
When December 2023 : Found inside collapse software package .
KandyKorn
When December 2023 : direct blockchain engineers on a crypto central platform .
JaskaGO
When : December 2023 . Cross - platform stealer .
Turtle
Ramsomware . It direct macOS but is n’t much of a threat .
MetaStealer
When : September 2023 . target line of work . After keychain and business - concern data . find by SetinelOne
Downfall vulnerability
When : August 2023 . What : While not malware , this is a serious vulnerability affecting Intel central processing unit , so if you have an Intel - based Mac from 2015 or later ( or the iMac expel in previous 2015 ) , your CPU is almost sure touch on by Downfall , a exposure that can exploit a defect in the AVX vector extension service of every Intel CPU . It is likely that Apple will advertize out a macOS update to update the processor microcode . M - serial Macs are unaffected . Read more here : Are Macs affected by that scary Intel ‘ Downfall ’ vulnerability ?
Exploit HVNC
When : August 2023 : What : New malware that can be used by hackers to remotely hit control of an insecure Mac . The malware expend HVNC ( Hidden Virtual web Computing ) to gain access to and remotely moderate a Mac , without the target user being mindful . Reported by Security firm Guards . More here : New malware can give a hacker control of your Mac .
ShadowVault
When : July 2023 . What : ShadowVault can take hold of usernames and password , credit card information , information from cypto wallet , and more . cover by Security firm guard . More here : New ‘ ShadowVault ’ macOS malware steals passwords , crypto , credit board information .
NokNok
When : July 2023 . Persian cyber - espionage grouping targeted US - base think tank and it was seen port a backdoor to macOS .
Realst
When : July 2023 : Focused on steal cryptocurrency notecase .
JokerSpy
When : June 2023 . An aggressor can take in mastery of the system and , via a backdoor , can run further exploits , monitor users ’ doings , steal login credentials or cryptocurrency wallets , according toIntego .
AtomicStealer (AMOS or Atomic MacOS Stealer)
When : April 2023 . What : targets macOS and steal important , private information , such as keychain and macOS user write up countersign , organization information , and filing cabinet on the Desktop and Documents folder . AMOS is spread through unsigned disk figure of speech file ( .dmg ) . Reported by Cyble Research and Intelligence Labs ( CRIL ) . More here : New AMOS Mac malware aim watchword , personal files , crypto wallets .
RustBucket
When : April 2023 . What : An AppleScript file that masquerade as a PDF Viewer program , activate if you reckon a particular PDF file with the app . Can only be activated if Gatekeeper is overridden . report by Jamf Threat Labs .
SparkRAT
crossbreeding - platform and full - featured Remote Administration Tool , but it ’s not clear if it was targeting macOS .
GoSorry
Stealer that taste to get web browser data and cryptocurrency pocketbook .
Geacon
When : March 2023 . Seen being deployed against macOS objective .
LockBit
When : April 2023 . Cross - platform ransomware .
PureLand
When : March 2023 . macOS Stealer that endeavor to access cryptocurrency wallet .
MacStealer
When : March 2023 . What : The MacStealer malware can get passwords , cookie , and acknowledgment card data from Firefox , Google Chrome , and Brave web browser , including being able to express the KeyChain database . Who : Macs running macOS Catalina or later on , with either Intel or Apple M - serial publication chip . For more entropy read : Scary ‘ MacStealer ’ malware kick the bucket after iCloud passwords and credit card data .
XMRig
When : February 2023 . What : Crypto - mining software attached to pirated copies of Final Cut Pro that are downloaded from unauthorised statistical distribution point on the internet . XMRig is actually a legitimate , loose - author utility , but in this illegitimate usage it is running in the background mining , which affects the performance of the Mac . Mined cryptocurrency is beam to the attacker ’s wallet . The malware can avoid detection by Activity Monitor app by stopping running when Activity Monitor launch and relaunching when the user quits Activity Monitor . Apple says it has update macOS ’s Xprotect to catch this malware . Who : People who download pirated versions of Final Cut Pro using a violent stream client . More here : Pirated copies of Final Cut Pro may infect your Mac .
Mac malware in 2022
Alchimist
When : October 2022 . What : Provides a backdoor onto the aim system . Targeting a vulnerability in a 3rd party Unix tool . Who : Very specific target as pkexec is seldom find on Macs .
Lazarus
When : August 2022 . What : Malware disguised as job postings . Who : Targeting Coinbase substance abuser and Crypto.com .
VPN Trojan
When : July 2022 . What : VPN app with two malicious binaries : ‘ softwareupdated ’ and ‘ covid ’ .
CloudMensis/BadRAT
When : July 2022 . What : Spyware downloader that uses public cloud storage services such as Dropbox , Yandex Disk and pCloud . Exploited CVE-2020 - 9934 which was close down macOS Catalina 10.5.6 in August 2020 .
CrateDepression
When : May 2022 . What : Supply Ernst Boris Chain attack with screencapture , keylogging , remote file retrieval . Who : Targeted the Rust development community .
Pymafka
When : May 2022 . What : hop that drug user might mistype and download the malware or else of legitimate pykafka . Who : Targeting PyPI registry .
oRAT
When : April 2022 . What : Distributed via a Disk simulacrum masquerade as a solicitation of Bitget Apps . Who : aim gambling websites .
Gimmick
When : March 2022 . What : Distributed as a CorelDraw filing cabinet that was hosted on a Google Drive . Who : Targeting protest groups in Asia .
DazzleSpy
When : January 2022 . What : Included codification for searching and writing data file , deck the keychain , run a remote screen background and more . study more here : Patched Mac malware sheds light on scary back entrance for hacker . Who : Targeting helper of commonwealth in Hong Kong .
ChromeLoader
When : January 2022 . What : chromium-plate internet browser extension that could steal information , pirate the search engine interrogation , and serve adware .
Mac malware in 2021
macOS.Macma
When : November 2021 . What : Keylogger , filmdom captor , screen captor and backdoor . Who : Targetting supporters of pro - democracy activism in Hong Kong .
OSX.Zuru
XCSSET Updated
When : May 2021 ( earlier from August 2020 ) . What : Used a zero - day exposure in Safari . See : macOS 11.4 speckle defect exploited by XCSSET malware . Who : Aimed at Chinese play sites .
XLoader
When : July 2021 . What : TheXLoader malwarewas one of the most prevalent pieces of Windows malware to have been confirmed to be given on macOS . XLoader is a discrepancy of Formbook , a program used to slip login credentials , record keystrokes , and download and execute data file .
WildPressure
When : July 2021 . What : newfangled multi - platform version of Milum Trojan plant in a Python filing cabinet . Who : Targeting Middle East activists .
XcodeSpy
When : March 2021 . What : A Trojan hide in Xcode projects in GitHub had the potential to open among the Macs of iOS developer . Once set up a malicious script runs that installs an “ EggShell back door ” . Once start the Mac ’s microphone , television camera and keyboard can be hyjacked and files can be charge to the attacker . The malware was found in a ripped version of TabBarInteraction . study more here : New Mac malware targets iOS developers . Who : assail on iOS developer using Apple ’s Xcode .
Silver Toucan/WizardUpdate/UpdateAgent
When : February 2021 . What : Adload eye dropper that was notarise by Apple and used a Gatekeeper bypass .
Pirri/GoSearch22
When : February 2021 . What : Based on Pirri and make out as GoSearch22 infected Macs would see unwanted adverts . More information here : M1 Macs confront first tape malware .
Silver Sparrow
When : January 2021 . What : Malware targeting Macs equip with the M1 C.P.U. . Used the macOS Installer Javascript API to execute command . According to Malwarebytes , by February 2021 Silver Sparrow had already taint 29,139 macOS system in 153 countries , most of the infected Macs being in the US , UK , Canada , France and Germany . More details here : What you want to eff about Silver Sparrow Mac malware .
metalworks
OSAMiner
When : January 2021 ( but first detected in 2015 ) . What : Cryptocurrency miner distributed via pirate copies of popular apps including League of Legends and Microsoft Office .
ElectroRAT
When : January 2021 . What : Remote Access Trojan targeting multiple platforms including macOS . Who : Targeting cryptocurrency exploiter .
Mac malware in 2020
GravityRAT
When : October 2020 . What : GravityRAT was an ill-famed Trojan on Windows , which , among other thing , had been used in attacks on the military . It make it on Macs in 2020 . The GravityRAT Trojan can upload Office files , take automatic screenshots and record keyboard log . GravityRAT employ stolen developer credential to bypass Gatekeeper and trick user into set up legitimate software program . The Trojan is hide in copy of various legitimate programs developed with .net , Python and Electron . We have moreinformation about GravityRAT on the Mac here .
XCSSET
When : August 2020 . What : Mac malware spread through Xcode projects posted on Github . The malware – a family line of worms sleep with as XCSSET – exploited vulnerabilities in Webkit and Data Vault . Would seek to access information via the Safari web browser , including login details for Apple , Google , Paypal and Yandex service . Other types of information collected includes note and messages send via Skype , Telegram , QQ and Wechat . Moreinformation here .
ThiefQuest (aka EvilQuest)
When : June 2020 . What : ThiefQuest , which we discuss here : Mac ransomware ThiefQuest / EvilQuest could encrypt your Mac , was Ransomware diffuse on the Mac via pirated software found on a Russian torrent assembly . It was initially remember to be Mac ransomware – the first such eccentric since 2017 – except that it did n’t act like ransomware : it encrypted filing cabinet but there was no means to essay you had paid a ransom and no way to subsequently unencrypted file . It sprain out that rather than the purpose of ThiefQuest being to extort a ransom , it was actually trying to obtain the data . experience as ‘ contact arm ’ malware this was the first of its kind on the Mac .
Mac malware in 2019
NetWire and Mokes
When : July 2019 . What : These were described by Intego as “ back door malware ” with capabilites such as keystoke log and screenshot taking . They were a dyad of Firefox zero - days that targeted those using cryptocurrancies . They also bypassed Gatekeeper . backdoor ” malware
LoudMiner (aka Bird Miner)
When : June 2019 . What : This was a cryptocurrency mineworker that was distributed via a cracked installer for Ableton Live . The cryptocurrency mining computer software would set about to use your Mac ’s processing power to make money .
OSX/NewTab
When : June 2019 . What : This malware attempted to add tabs to Safari . It was also digitally signed with a registered Apple Developer ID .
OSX/Linker
When : May 2019 . What : It exploited a zero - solar day vulnerability in Gatekeeper to set up malware . The “ MacOS X GateKeeper Bypass ” vulnerability had been reported to Apple that February , and was reveal by the individual who discovered it on 24 May 2019 because Apple had failed to fix the vulnerability within 90 days . Who : OSX / Linker tried to tap this exposure , but it was never really “ in the wild ” .
CookieMiner
When : January 2019 . What : The CookieMiner malware could steal a users parole and login information for their cyberwallets from Chrome , obtain web browser hallmark cookies associated with cryptocurrency exchanges , and even entree iTunes backups containing text content in rescript to piece together the information ask to bypass two - factor authentication and gain accession to the victim ’s cryptocurrency notecase and steal their cryptocurrency . unit of measurement 42 , the security research worker who identified it , advise that Mac user should clear their web web browser caches after logging in to financial accounts . Since it ’s connected to Chrome we also urge that Mac substance abuser choose a different web web browser . determine out Mac malware here .
Mac malware in 2018
SearchAwesome
When : 2018 . What : OSX.SearchAwesome was a form of adware that targets macOS systems and could tap encrypted web traffic to throw in ads .
Mac Auto Fixer
When : August 2018 . What : Mac Auto Fixer was a PiP ( Potentially Unwanted Program ) , which piggyback on to your system via pile of other software system . determine out more about it , and how to get rid of it , inWhat is Mac Auto Fixer ?
OSX/CrescentCore
When : June 2018 . What : This Mac malware was found on several websites , include a comical - book - download site in June 2019 . It even showed up in Google lookup results . CrescentCore was mask as a DMG file of the Adobe Flash Player installer . Before hightail it it would check to see if it inside a virtual car and would count for antivirus peter . If the machine was unprotected it would establish either a filing cabinet foretell LaunchAgent , an app called Advanced Mac Cleaner , or a Safari extension . CrescentCore was able to bypass Apple ’s Gatekeeper because it had a signed developer credentials designate by Apple . That theme song was finally revoked by Apple . But it demonstrate that although Gatekeeper should check malware getting through , it can be done . Again , we note thatAdobe ended keep for Adobe Flashon 31 December 2020 , so this should mean fewer vitrine of malware being disguised as the Flash Player .
Mshelper
When : May 2018 . What : Cryptominer app . Infected users noticed their fans spinning peculiarly fast and their Macs running hotter than common , an indication that a setting summons was hogging resource .
OSX/Shlayer
When : February 2018 . What : Mac adware that infected Macs via a simulated Adobe Flash Player installer . Intego identifed it as a new variant of the OSX / Shlayer Malware , while it may also be bear on to as Crossrider . In the path of installation , a fake Flash Player installer dump a transcript of Advanced Mac Cleaner which tells you in Siri ’s voice that it has found problems with your system . Even after removing Advanced Mac Cleaner and removing the various constituent of Crossrider , Safari ’s home page setting is still lock to a Crossrider - related knowledge base , and can not be alter . Since 31 December 2020Flash Player has been discontinued by Adobeand it no longer brook , so you could be sure that if you see anything recite you to install Flash Player please push aside it . You canread more about this incident here .
MaMi
When : January 2018 . What : MaMi malware route all the dealings through malicious server and intercepts sensitive information . The program installs a new root certificate to intercept write in code communications . It can also take screenshots , generate mouse events , execute commands , and download and upload files .
Meltdown & Spectre
When : January 2018 . What : Apple confirm it was one of a number of technical school caller affected , highlighting that : “ These matter apply to all innovative processors and affect nearly all calculate equipment and operating systems . ” The Meltdown and Spectre microbe could set aside hackers to slip data . Meltdown would involve a “ rogue data point cache encumbrance ” and can enable a user process to read kernel memory board , according to Apple ’s brief on the subject . Spectre could be either a “ bounds discipline bypass , ” or “ branch target injection ” according to Apple . It could potentially make item in sum memory available to exploiter processes . They can be potentially exploit in JavaScript head for the hills in a web web internet browser , according to Apple . Apple issued speckle to mitigate the Meltdown flaw , despite saying that there is no evidence that either vulnerability had been exploit . More here : Meltdown and Spectre CPU flaws : How to protect your Mac and iOS devices .
Mac malware in 2017
Dok
When : April 2017 . What : macOS Trojan sawbuck appear to be able to bypass Apple ’s protections and could commandeer all traffic embark and leave a Mac without a user ’s knowledge – even dealings on SSL - TLS encipher connections . OSX / Dok was even sign on with a valid developer security ( authenticate by Apple ) according to CheckPoint ’s web log post . It is potential that the hackers accessed a legitimate developers ’ account and used that security . Because the malware had a credentials , macOS ’s Gatekeeper would have recognized the app as legitimate , and therefore not prevent its execution . Apple revoked that developer certificate and update XProtect . OSX / Dok was point OS X users via an email phishing cause . The best elbow room to avoid falling repelling to such an attempts is not to react to e-mail that require you to get into a watchword or set up anything . Morehere .
X-agent
When : February 2017 . What : X - agent malware was capable of steal password , taking screenshots and catch iPhone backups stored on your Mac . Who : The malware apparently targeted members of the Ukrainian military andwasthoughtto be the work of the APT28 cybercrime group , consort to Bitdefender .
MacDownloader
When : February 2017 . What : MacDownloader software system found in a bastard update to Adobe Flash . When the installer was course users would get an alarum claiming that adware was notice . When asked to click to “ get rid of ” the adware the MacDownloader malware would undertake to transmit data including the users Keychain ( usernames , passwords , PINs , credit card numbers ) to a remote waiter . Who : The MacDownloader malware is thought to have been create by Persian hackers and was specifically targetted at the US defense diligence . It was turn up on a phoney site project to target the US defence manufacture .
Word macro virus
When : February 2017 . What : microcomputer users have had to make out with macro virus for a long time . app , such as Microsoft Office , Excel , and Powerpoint appropriate macro plan to be embedded in document . When these documents are opened the macro are bleed automatically which can make problems . Mac version of these programme have n’t had an egress with malware concealed in macro because since when Apple release Office for Mac 2008 it removed macro support . However , the 2011 version of Office reintroduced macros , and in February 2017 there was malware bring out in a Word macro within a Word doc about Trump . If the file is opened with macros enabled ( which does n’t happen by default ) , it will attempt to run python code that could have theoretically perform routine such as keyloggers and taking screenshots . It could even access a webcam . The chance of you being infected in this room is very small , unless you have received and opened the single file referred to ( which would surprise us ) , but the peak is that Mac substance abuser have been targeted in this agency .
Fruitfly
When : January 2017 . What : Fruitfly malware could capture screenshots and webcam ikon , as well as reckon for entropy about the devices connected to the same web – and then connect to them . Malwarebytes claimed the malware could have been circulating since OS X Yosemite was released in 2014 .
Mac malware in 2016
Pirrit
When : April 2016 . What : OSX / Pirrit was apparently hide in crack versions of Microsoft Office or Adobe Photoshop found online . It would arrive at base privileges and make a new account in rescript to install more software , according to Cybereason researcher Amit Serper in thisreport .
Safari-get
When : November 2016 . What : Mac - direct self-denial - of - service attacks originating from a bogus tech bread and butter internet site . There were two versions of the attack depending on your variant of macOS . Either Mail was hijacked and forced to create immense numbers of draft emails , or iTunes was force to open multiple time . Either way , the end finish is to overload system memory and force a shutdown or system of rules freezing .
KeRanger
When : March 2016 . What : KeRangerwas ransomware ( now out ) . For a prospicient time ransomware was a problem that Mac owners did n’t have to worry about , but the first ever piece of Mac ransomware , KeRanger , was pass on along with a rendering of a piece of legitimate computer software : the Transmission torrent client . transmittance was updated to remove the malware , and Apple repeal the GateKeeper touch and update its XProtect system , but not before a bit of ill-omened user got stung . We discusshow to remove Ransomware here .
Older Mac malware
SSL, Gotofail error
When : February 2014 . What : The problem stemmed from Apple ’s execution of a basic encryption feature that harbour datum from snooping . Apple ’s establishment ofSSLencryption had a coding error that get around a key validation step in the web protocol for secure communication . There was an extra Goto command that had n’t been close up properly in the code that validated SSL certificate , and as a result , communication sent over unsecured Wi - Fi hotspots could be intercepted and read while unencrypted . Apple chop-chop issued an update to iOS 7 , but take longer to issued an update for Mac OS X , despite Apple confirming that the same SSL / TSL security flaw was also present in OS X. Who : In order for this case of attack to be possible , the assaulter would have to be on the same public web . Read more about theiPad and iPhone security department defect here .
OSX/Tsnunami.A
When : October 2011 . What : OSX / Tsnunami . A was a new variation of Linux / Tsunami , a malicious piece of software that hijack your estimator and employ its web connexion to assault other websites . More informationhere .
OSX.Revir.A
When : September 2011 . What : beat as a Chinese - linguistic communication PDF , the nasty piece of package instal backdoor access code to the computer when a substance abuser opens the papers . Morehere .
Flashback trojan
When : September 2011 . What : Flashback is cerebrate to have been make by the same people behind the MacDefender attack and could expend an unpatched Java vulnerability to install itself . interpret more here : What you necessitate to know about the Flashback trojan horse . Who : ostensibly more than 500,000 Macs were infect by April 2012 .
MacDefender
When : May 2011 . What : Trojan Horse phishing scam that purported to be a virus - scanning coating . Was spread via search engine optimization ( SEO ) poisoning .
BlackHole RAT
When : February 2011 . What : More of a proof - of - conception , but a criminal could detect a way to get a Mac user to install it and win remote control of the cut up machine . BlackHole was a variant of a Windows Trojan call darkComet . More information here : hack writes wanton - to - use Mac Trojan .
For more entropy about how Apple protects your Mac from security vulnerability and malware read : Do Macs need antivirus softwareandHow to protect your Mac against fire and disasterto head off getting taint .
