Apple’s malware problem is getting worse

Macs aren’t as safe as they used to be. Here’s how to protect yourself.

Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy.

“People need to understand that they’re not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director of Mac and mobile and contributor to the report, told Recode.

Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple’s computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

“There is a rising tide of Mac threats hitting a population that still believes that ‘Macs don’t get viruses,’” Reed said. “I still frequently encounter people who firmly believe this, and who believe that using any kind of security software is not necessary, or even harmful. This makes macOS a fertile ground for the influx of new threats, whereas it’s common knowledge that Windows PCs need security software.”

Now, this isn’t quite as bad as it may appear. First of all, as Malwarebytes notes, the increase in threats could be attributable to an increase in Mac devices running its software. That makes the per-device statistic a better barometer. In 2018, there were 4.8 threats per Mac device, which means the per-device number has more than doubled. That’s not great, but it’s not as bad as that 400 percent increase.

Also, the report says, the types of threats differ between operating systems. While Windows devices were more prone to “traditional” malware, the top 10 Mac threats were adware and what are known as “potentially unwanted programs.”

Adware typically redirects users to websites with ads on them or throws pop-up ads in front of their intended internet destination. Those may not be as “dangerous,” as the report says. They are becoming a “noticeable nuisance,” and some of them are able to track your activity, making them a privacy issue as well.

Potentially unwanted programs are apps that are often downloaded along with software you actually want or come pre-installed on your device. The most frequently detected of these came in the form of “system optimizers” that, ironically enough, often pitch themselves to Mac users as adware removers (for a price).

Even though Google is a relative newcomer in the operating system business, it has its own set of problems. Malwarebytes found malware pre-installed on some phones running its Android operating system as well as third-party apps that came infected with adware. This is a known issue with Android phones, although as we’ve pointed out before, the security of these devices isn’t always entirely in Google’s control, since Android is an open source platform.

As for Apple’s iOS platform, which is used in its mobile devices, the new Malwarebytes report noted that there is currently “no way” to scan for malware but that it is known to exist — mostly in targeted attacks by nation-states, which is not something the average user has to worry about.

What can you do about malware if you’re a Mac user? A few things.

“People need to understand that they’re not safe just because they’re using a Mac,” Reed said. “They need to exercise care about what they click on, what apps they download — and from where — and who they allow to have access to their computers.”

A big factor in the Mac malware increase might be down to one piece of adware called NewTab. As 9to5 Mac pointed out, there were almost 30 million downloads of the NewTab adware app on Mac devices in 2019 alone. This is typically downloaded onto devices by posing as an app or browser extension that will track package deliveries or flights. Reed also recommended against installing Adobe Flash Player. “Fake Flash installers are one of the top methods for getting malware installed on a Mac,” he said.

In general, if you’ve downloaded malware, you can try removing it manually or, if you’re less comfortable messing around with your computer’s settings, get a security program that will do it for you.

As always, practice good password hygiene, as one machine was infected because the hacker gained remote access by using a password that was exposed in a password breach. That’s one of many reasons to use different passwords for your accounts and change them on a regular basis.

Of course, downloading anti-virus software never hurts. Malwarebytes will sell you some of that, as will many other companies. Just make sure the one you choose is a trusted source. And always be wary of free software — it’s never really free.

Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.