Mac Malware Detections Dropped 38% in 2020, Most Still Adware
Antivirus software developer Malwarebytes today shared its 2021 State of Malware Report, which found that malware threat detections on Macs fell a total of 38 percent in 2020.
In 2019 Malwarebytes detected a total of 120,855,305 threats, which dropped to 75,285,427 threats in 2020. Consumer threats were down 40 percent, but as businesses operated remotely and shifted to online work, threat detections for business users grew 31 percent.
There was a drop in detections of Adware and potentially unwanted programs (PUPs), but Malwarebytes says that malware, which includes backdoors, data stealers, and cryptocurrency stealers/miners, increased by more than 61 percent.
That number sounds high, but malware still only accounted for 1.5 percent of all threat detections on the Mac, with the rest still coming from Adware and PUPs.
Potentially unwanted software represented more than 76 percent of detection in 2020, while Adware represented approximately 22 percent. These are overall numbers, and the breakdowns varied somewhat by country, but most Malwarebytes users are in the United States. Business machines saw a bit more malware and adware, with less unwanted software.
Of malware found on Macs, the top 10 malware families accounted for more than 99 percent of the total, with more than 80 percent detected due to suspicious behaviors. OSX.FakeFileOpener, malicious apps designed to open files, accounted for the second highest number of detections.
Malwarebytes says that the most unusual Malware detected on Macs in 2020 was ThiefQuest, which spread through installers found on torrent sites. When infected, Macs would start to have files encrypted, with the malware providing ransom instructions.
These instructions went nowhere, though, and didn't provide a legitimate contact for removing the encryption. Instead, the ransomware was a cover for something more malicious.
Upon further investigation, we learned that the ransomware activity was really a cover for massive data exfiltration, including MS Office and Apple iWork documents, PDF files, images, cryptocurrency wallets, and more. This kind of malware, known in the Windows world as a "wiper," had never before been seen on Macs.
Even more interesting, the malware would inject malicious code into executable files found in the Users folder, such as components of Google Software Update, in a virus- like manner, another rarity in the Mac world. The combination of these features made ThiefQuest not only the most unusual Mac malware in 2020, but perhaps the most unusual Mac malware ever.
Sophisticated adware techniques were also spotted on Macs in 2020, including phishing for admin passwords, using synthetic clicks to automate browser extension installations, modifying the sudoers file to maintain root permissions indefinitely, and manually editing the TCC database to give the adware more system access.
On Macs, Malwarebytes says that the "business model of choice for most criminals" remains Adware, with trojans, worms, spyware, and RiskWareTools being more common on Windows machines. Still, malware is an increasing Mac problem and it's something that Mac users should be aware of.
Malwarebytes' full report can be read on the Malwarebytes website.