Malware targeting Mac users has been on the rise over the past year, and the McAfee June 2017 Threat Report [PDF] indicates that the trend in Mac malware isn’t slowing down. There were nearly 250,000 new instances of macOS malware in the first quarter of 2017, bringing the total for the quarter to just over 700,000.
Apple has a long history of touting the security advantages of Macs as compared to their Windows-based counterparts. Although Macs were never fully immune from viruses and malicious exploits, they generally weren’t susceptible to the types of viruses that devastated the PC ecosystem in the first decade of the 2000s. As new viruses and malware have grown more sophisticated in recent years, however, Apple has backed off from the “Macs don’t get viruses” marketing claim.
The good news is that traditional PC-like viruses are still relatively rare on the Mac, but the rise in adware, typically delivered via hijacked websites or user carelessness, is of growing concern for Mac and Windows users alike. In fact, McAfee attributes much of the rise in macOS malware specifically to a “glut of adware.”
These types of attacks are often executed via exploits in browser security, Web plugin vulnerabilities, or social engineering, which tricks users into downloading, running, and authorizing malware with admin privileges. Depending on the malware and its attack vector, the users of infected Macs encounter everything from browser takeovers, to pop-up ads, to unwanted toolbars and browser plugins, to even things like keyloggers and botnet hijacks in the worst cases.
But while concerning, the malware situation on the Mac is nothing compared to Windows-based PCs. Even though Macs represent about 4 percent of the overall computer market, they account for less than 1 percent of all identified malware. That’s right, McAfee measured almost 700 million instances of total malware, with the vast majority discovered on Windows, although mobile malware instances, almost all on Android, surpassed 16 million.
While zero-day exploits may be impossible to defend against, concerned Mac users can still take certain steps to protect themselves. These include always keeping your Mac’s operating system and Web browser of choice up-to-date, using Gatekeeper to protect yourself from uncertified apps, keeping an offline backup of your data, and never downloading or running applications (especially those that require admin rights) from unknown or sketchy sources. Oh, and if you have a PC, get a good antivirus.