'Stealers' Are an Increasingly Common Mac Malware

macOS stealers are becoming an increasingly common type of malware on the Mac, according to the 2025 State of Malware report that Malwarebytes shared this week.

macos stealer market share
Most Mac malware has historically been VSearch adware or the Genieo browser hijacker, but more malicious malware is on the rise, and 2024 saw a new wave of information stealing malware hit the Mac.

Stealers are designed to locate credit card information, authentication cookies, cryptocurrency, passwords, and other valuable data that criminals can use to make money.

Malicious apps that steal information are typically installed when a Mac user searches for a legitimate software product and then uses a malicious Google or Bing search ad to download an infested replica version of the software they sought. Attackers are able to deliver targeted ads for malicious software based on location, operating system, software, and search terms.

Atomic Stealer (AMOS), an information stealer that surfaced in 2023, is used regularly, and a version of AMOS referred to as Poseidon has becoming increasingly popular with criminals. Poseidon is advertised as being able to steal cryptocurrency from more than 160 wallets as well as passwords from web browsers and select password managers. Poseidon downloads have masqueraded as legitimate Mac apps like the Arc Browser, tricking unsuspecting Mac users into installing the malware.

Malwarebytes warns that macOS stealers like Poseidon allow criminals to access sensitive resources, steal credentials, and create convincing social engineering attacks.

To avoid this kind of attack, it is important to verify where software is being downloaded from, ensuring that it comes from a legitimate developer and not an imitation website.

Popular Stories

iPadOS 26 App Windowing

Apple Explains Why iPads Don't Just Run macOS

Friday June 13, 2025 7:46 am PDT by
iPadOS 26 allows iPads to function much more like Macs, with a new app windowing system, a swipe-down menu bar at the top of the screen, and more. However, Apple has stopped short of allowing iPads to run macOS, and it has now explained why. In an interview this week with Swiss tech journalist Rafael Zeier, Apple's software engineering chief Craig Federighi said that iPadOS 26's new Mac-like ...
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday June 12, 2025 8:58 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Logitech Logo Feature

Logitech Announces Two New Accessories for WWDC

Friday June 13, 2025 7:22 am PDT by
Alongside WWDC this week, Logitech announced notable new accessories for the iPad and Apple Vision Pro. The Logitech Muse is a spatially-tracked stylus developed for use with the Apple Vision Pro. Introduced during the WWDC 2025 keynote address, Muse is intended to support the next generation of spatial computing workflows enabled by visionOS 26. The device incorporates six degrees of...
iOS 26 Screens

Here Are All the iOS 26 Features That Require iPhone 15 Pro or Newer

Thursday June 12, 2025 4:53 am PDT by
With iOS 26, Apple has introduced some major changes to the iPhone experience, headlined by the new Liquid Glass redesign that's available across all compatible devices. However, several of the update's features are exclusive to iPhone 15 Pro and iPhone 16 models, since they rely on Apple Intelligence. The following features are powered by on-device large language models and machine...
apple beta 26 lineup

Apple 'Sherlocked' These Apps at WWDC 2025

Wednesday June 11, 2025 7:14 am PDT by
Apple at WWDC previewed a bunch of new features coming in its updated operating systems, but certain changes will have been met with dismay by third-party developers who already offer apps with equivalent or similar features. In other words, their product has been "sherlocked" by Apple. When Apple creates an app or a feature that has functionality found in a third-party app, it is referred...
iOS 26 on Three iPhones

Hate iOS 26's Liquid Glass Design? Here's How to Tone It Down

Wednesday June 11, 2025 4:22 pm PDT by
iOS 26 features a whole new design material that Apple calls Liquid Glass, with a focus on transparency that lets the content on your display shine through the controls. If you're not a fan of the look, or are having trouble with readability, there is a step that you can take to make things more opaque without entirely losing out on the new look. Apple has multiple Accessibility options that ...
maxresdefault

Everything Apple Announced at WWDC 2025 in 10 Minutes

Monday June 9, 2025 5:21 pm PDT by
At today's WWDC 2025 keynote event, Apple unveiled a new design that will inform the next decade of iOS, iPadOS, and macOS development, so needless to say, it was a busy day. Apple also unveiled a ton of new features for the iPhone, an overhauled Spotlight interface for the Mac, and a ton of updates that make the iPad more like a Mac than ever before. Subscribe to the MacRumors YouTube channel ...
CarPlay Liquid Glass Dark

Apple to Let iPhone Users Watch Videos on CarPlay Screen While Parked

Thursday June 12, 2025 6:16 am PDT by
Apple this week announced that iPhone users will soon be able to watch videos right on the CarPlay screen in supported vehicles. iPhone users will be able to wirelessly stream videos to the CarPlay screen using AirPlay, according to Apple. For safety reasons, video playback will only be available when the vehicle is parked, to prevent distracted driving. The connected iPhone will be able to...

Top Rated Comments

Pakaku Avatar
18 weeks ago

Malicious apps that steal information are typically installed when a Mac user searches for a legitimate software product and then uses a malicious Google or Bing search ad to download an infested replica version of the software they sought. Attackers are able to deliver targeted ads for malicious software based on location, operating system, software, and search terms.
So... just more reasons to use an adblocker. Especially if ad providers aren't going to be responsible about what they show, which has been a problem for far longer.
Score: 21 Votes (Like | Disagree)
Arislan Avatar
18 weeks ago
So still a social engineered lack of knowledge attack. Got it.
Score: 13 Votes (Like | Disagree)
icanhazmac Avatar
18 weeks ago

are typically installed when a Mac user searches for a legitimate software product and then uses a malicious Google or Bing search ad to download an infested replica version of the software they sought
Ain't "side loading" grand?
Score: 12 Votes (Like | Disagree)
JitteryJimmy Avatar
18 weeks ago

This *just* happened to my mom. <facepalm>
My mom doesn’t get admin rights.
Score: 11 Votes (Like | Disagree)
jimscard Avatar
18 weeks ago

This is why non-nerds should replace their devices when they cease receiving OS version or security updates.

If you're on a Mac that cannot run 2022 macOS 13 Ventura or newer then replace it with any Mac with Apple Silicon.

In 2025 Intel Macs are only suitable for export to poor countries where data security is as valuable as their bank accounts.
Don’t disagree with the first point - non-nerds should definitely replace devices when they cease receiving security updates.

But in 2025, many Intel Macs are still as secure as ever - they still receive OS version and security updates, etc.
Score: 10 Votes (Like | Disagree)
fathergll Avatar
18 weeks ago

Macs dont get virus
Correct.

Source; Apple


Score: 9 Votes (Like | Disagree)