Someone Is Selling Mac Malware on the Dark Web

Mac users beware: two pieces of dark web malware have been spotted on the dark web that target Macs. Their names? MacSpy and MacRansom. These two pieces of software were made by an unknown person who is marketing them as services. This means that the malware can be sold and then continuously supported and updated.

Security companies like Fortinet and AlienVault have analyzed samples of the malware, and report that they aren’t that sophisticated, although MacSpy is being marketed as “the most sophisticated Mac spyware ever.” Even so, it gives the impression that cybercriminals are eyeing Macs as viable targets more and more, instead of sticking to Windows.

Screenshot of dark web spyware MacSpy.


The creator of MacSpy claims that it can capture screenshots every 30 seconds once it has been installed on your system. It can log all of your keystrokes, access your synced iPhone photos, record sounds even if your microphone isn’t turned on, and get your history and download data from Safari and Chrome.

Once installed, there will be no digital trace that can be associated with you.


As for MacRansom, it works similarly to other ransomware products. This software is for “people who want to earn easy money from unsuspecting family members, friends, colleagues, and classmates.” MacRansom appears to demand a payment of 0.25 Bitcoin (roughly US$670 currently) to decrypt your data. However, Fortinet discovered it might not fulfill that promise.

So should you worry? Not really. Both malware products can be easily identified by most antivirus programs. Although many Mac users have the impression that they don’t need an antivirus program, the reality is that Mac malware is on the rise. As Patrick Wardle told Motherboard,

Apple continues to improve the security of [its systems]…But Mac users should just be cautious, should not be not be overconfident, and should not assume that just because they’re using a Mac they’re inherently safe.

3 thoughts on “Someone Is Selling Mac Malware on the Dark Web

  • Someday I am going to take out the code I wrote as part of a research project that really messes with the browser. It was a proof-of-concept and doesn’t do much damage, but it really looks nasty. It’s all based on polluting the Document Object Model (DOM) and really messing with what the user sees. From the DOM, I can even change the links you click on to send you to a malware site–or a site that would allow you to click on something nafarious.

    The real solution is not to run around with your hair on fire but to fix the browser model. However, that woudl break a lot of things and the owners of the internet (Google, Facebook and Amazon) wouldn’t go for it. So sit back and enjoy the show while the owners keep screwing you!

  • Here’s an optimistic thought:
    It would be a great way for law enforcement to catch the bad guys. Put out malware as a service so they can stay in contact with the Black Hat’s system and track them down.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.