Elastic security labs’ new ‘2023 Global Threat Report Spring’ reveals that macOS is more secure than Windows and Linux.
To analyze the state of malware, Elastic reviewed how often it affected macOS, Windows, and Linux throughout 2022.
The most common malware found on macOS is Cryptominers, especially XMRig
According to the latest research, Trojan was the most common malware found on operating systems compared to crypto-miners and ransomware – Trojans accounted for 75% of all malware.
More importantly, most instances of malware were found on Linux, and the least on Mac.
- 54% of all instances of malware were found on Linux
- 39% of all instances of malware were found on Windows
- Only 6% of all instances of malware were found on macOS
Out of the 6% of malware found on macOS, crypto-miners were the most dominant on the system. XMRig accounted for nearly 40% of instances making it the most common crypto-miner on macOS. Researchers believe that macroeconomic conditions are the cause of the XMRig explosion on Mac.
It should be noted that the distribution and victimology of macOS cryptominers could become increasingly popular and developers leverage MacOS and JavaScript for work-related tasks. Since Node Package Manager (NPM) is a common package manager for JavaScript, cryptominers could be distributed in malicious packages to macOS endpoints.
Cryptojacking, also known as cryptomining, is an online threat that hides on a computer or mobile system and uses its resources to mine different cryptocurrencies. Cryptominer malware is often installed through malicious mobile apps or web browser downloads across devices, smartphones, laptops, desktops, and even on network servers.
Recently, a cybersecurity research firm, Jamf Threat Labs found a new cryptomining malware on macOS that was injected through pirated versions of popular editing tools like Final Cut Pro, Logic Pro, and Photoshop. Researchers discovered the malware when they received an alert about XMRig usage while investigating a family of malware. It was a new iteration of an older cryptomining malware on Mac.
“As XMRig is a command-line tool for mining cryptocurrency, its open-source nature is misused by malicious attackers to inject malware.”
Previously, Electric Light revealed that Apple had strengthened macOS malware protection in the past months more than it did in the last seven years, on Macs running macOS Catalina or later. The tech giant introduced XProtect Remediator in macOS 12.3 as a new system tool to scan and remediate detected malware. The previously used XProtect and MRT had their limitations:
XProtect was mainly used to check apps and other code which had a quarantine flag set, against a list of signatures of known malware, and can only detect.
MRT ran scans to both detect and remove (‘remediate’) known malware, most noticeably shortly after startup, but infrequently.
Although the percentage of malware on macOS is significantly less, it is still prone to attacks. Therefore, users must be careful when installing or downloading new apps.