Not with tempered glass, but with religious cyber diligence, if one cybersecurity firm’s telemetry is an accurate portrayal of Apple users.
According to one cybersecurity firm’s own 12-month running telemetry, Mac users are mainly targeted by three key threats: trojans, adware and potentially unwanted applications (PUAs), in order of severity.
While named differently, these hazards share one trait: they require victims to manually run the threat, meaning their authors try hard to make their malware look like legitimate applications.
The following conclusions, drawn by Bitdefender, summarize the three threats:
-
Trojans
Trojans accounted for more than half of the threats detected, involving socially engineered communications (e.g., spam, phishing, social media); rigged advertisements (malvertising); and tainted file downloads via websites offering pirated software.
While some trojans can be considered legacy malware, threat actors still use them, with some degree of success, as many users do not configure proper security settings and/or deploy a dedicated security solution.
-
Potentially Unwanted Applications
Constituting more than a quarter of detections, PUAs are commonly found as freeware, repackaged applications or utility apps (i.e., system cleaners) with hidden functionality like data tracking and coin mining
Some PUAs hijack the users’ browser, changing the default search engine and installing plugins without consent. Highly aggressive PUAs can modify third-party apps, download additional (unsolicited) software, and alter system settings. Some slip through App Store vigilance and are persuasive enough to get users to disable restrictions and run apps from any source.
While most PUA detections are generic in nature, common names still crop up in Bitdefender’s telemetry.
-
Adware
At just over a fifth of threats targeting Mac computers, adware ends up on computers after users willfully run freeware programs, installers and dubious software downloaded from a wide range of sources.
Apple has issued a multitude of security patches to address critical weaknesses that were said to be ‘actively exploited’ by threat actors. Many of those flaws were common in key components of both Macs and iPhones.
Given that many (if not most) Apple users procrastinate updating software and deploying security fixes, and that many Mac owners use older generations of machines that no longer qualify for the newer versions of macOS, the security of the ecosystem may get increasingly eroded.