macOS Under Siege: 40+ Hacker Groups Target Apple Devices
macOS devices are increasingly becoming targets for cybercriminals. Intel 471, a company specializing in cyber intelligence, has identified over 40 hacker groups showing a keen interest in malware and exploits for Apple’s platform.
Since last year, at least 21 threat actors have sought to acquire macOS malware, with some expressing interest in services to distribute existing malicious software. An equal number of hackers are already actively attacking the system.
According to Intel 471 experts, the growing interest among criminals is attributed to Apple’s expanding market share, particularly among small and medium-sized businesses.
“Despite the high quality of Apple products, they are not infallible. Mac users should stay vigilant for a variety of threats as actors increasingly explore new and more sophisticated ways to infiltrate their systems,” warn the researchers.
Patrick Wardle, the creator of Objective-See, a website and suite of tools dedicated to Mac security, also noted that the amount of new malware targeting Apple systems doubled in 2023 compared to 2022. Additionally, Group-IB reported a fivefold increase in underground sales related to macOS infostealers.
The most prevalent type of malware on Macs is infostealers—programs designed to steal credentials, session cookies, and other confidential information. Criminals sell the harvested data in batches on illegal forums.
“We observed some cybercriminals conducting market research on the demand for macOS-specific infostealers,” states the Intel 471 report. In May 2023, they documented a hacker using the pseudonym “Callisto” inquiring within the community if there was interest in a “stealer with RedLine functionality, targeting macOS systems.” He also sought opinions on possible features and pricing. RedLine gathers information from browsers, including credentials, autofill forms, and credit card data.
Other popular malware families offered as a service, such as Atomic Stealer and ShadowVault, were also advertised on forums by various hacker groups. Their functionality primarily includes emptying cryptocurrency wallets.
Although ransomware on macOS is not as widespread as other types of malware, cybercriminals are gradually recognizing its potential. According to Moonlock, a division of MacPaw, in 2023, ransomware and remote access trojans (RATs) accounted for approximately 15% of all malicious tools targeting macOS users.
In 2023, attackers actively exploited numerous vulnerabilities in real-world attacks. For instance, spyware operators, including Cytrox and Pegasus, took advantage of several high-risk vulnerabilities. One hacker even offered an exploit for sale for $2.7 million.
Although macOS still lags behind Windows in overall operating system market share, which remains a major deterrent for cybercriminals, the situation could change. “For cybercriminals, macOS presents a promising opportunity to capitalize on the lack of competition, and given Apple’s upward trajectory, it’s a chance to establish themselves in the market during a period of relative freedom,” Intel 471 cautions.
