The latest report from Moonlock Lab draws an alarming observation on the security of macOS in 2024. While Apple’s market share has increased by 60% over the last three years, Macs have become a favored target for cybercriminals who are developing increasingly sophisticated techniques to bypass system protections.
AI and malware-as-a-service are changing the game
The threat landscape has changed dramatically with the emergence of artificial intelligence in malware creation. Tools like ChatGPT are now used by cybercriminals to generate malicious code, even without prior programming experience. A Russian actor known under the pseudonym “barboris” notably demonstrated how to create a stealer for macOS using AI alone, without any programming knowledge.
Even more worrying, the malware-as-a-service (MaaS) model has democratized access to malicious tools. A service that previously cost tens of thousands of dollars is now available for around $1,500 per month. Hackers even provide detailed guides for bypassing macOS’s Gatekeeper via social engineering, making the need to purchase expensive Apple certificates obsolete.
The evolution of threats in 2024
If adware remains predominant with 73.37% of detections in 2024, we observe a significant increase in backdoors and exploits, particularly in April 2024. Stealers, this software designed to steal sensitive data, is also experiencing rapid evolution thanks to their increased accessibility. Examples like Cthulhu Stealer, marketed at $500 per month, or Banshee Stealer, sold at $3,000 per month, illustrate this trend.
Ransomware, meanwhile, primarily targets businesses rather than individuals, accounting for just 0.011% of detections among individual users. A new type of threat, the HZ Remote Access Tool (HZ RAT), emerged in September 2024, allowing attackers to take full control of infected systems via compromised versions of popular applications like OpenVPN Connect.
Attack techniques are becoming more sophisticated
Analysis of malware samples between the end of 2023 and the end of 2024 reveals a significant evolution of obfuscation techniques. Malware developers have moved from unobfuscated code to sophisticated techniques using multiple layers of protection to complicate analysis and detection. Malicious code is now fragmented and processed dynamically, making static detection more difficult.
Faced with these growing threats, Apple is increasing security updates. In particular, the company corrected two zero-day flaws in November 2024 (CVE-2024-44308 and CVE-2024-44309) in JavaScriptCore and WebKit. However, user vigilance remains the best defense: avoiding suspicious downloads, questioning unusual system prompts and keeping your system up to date are essential reflexes to protect yourself from these new threats. Not forgetting, if your Mac is essential to your daily life, the possibility of installing a specialized antivirus like Intego X9.
One thing is certain, MacOS remains less vulnerable to attacks than Windows and is, in fact, subject to less sophisticated malware.
