Mac Malware Stats and Facts

Apple users often believe that their MacBook is safe against malware. The reality is that hackers are concentrating their efforts on developing malware for Mac at an alarming rate.  The latest research shows that Mac malware is rising quickly, which is why we’ve compiled this list of Mac malware stats and facts.

Whether you have an expensive PowerMac, or a cheaper Mac Mini – Mac malware could affect you. Knowing about the latest Mac malware statistics keeps you informed so you can better protect your Apple devices against threats.

1. Mac computers suffer from all variants of malware

Despite cultivating a reputation for being safer against malware, Malwarebytes found that Mac computers suffered from all malware variants, including ransomware, trojans, info stealers, worms, viruses, and others. This is a reminder that Macs are being targeted with a wide variety of exploits in the wild, with new malware variants and families appearing constantly.

2. 6% of all malware infections were on Mac

Although hackers develop malware for Mac, the prevalence of this malware is still very low compared to other platforms. The latest research from Elastic Security Labs reveals that 54% of malware is distributed on Linux endpoints, 39% on Windows, and just 6% on Mac. This makes Linux the most targeted OS in 2023 and means Mac is still safer than other operating systems in 2024.

3. Mac malware dates back to 2004

Malware for Mac has been around longer than most people think. The first malware variant was Renopo (Opener), discovered in 2004. This malicious tool gave hackers backdoor access and spyware capabilities. Despite being 20 years old, the infection was very sophisticated. It could disable Mac OS X’s built-in firewall and copy itself to the system’s startup directory.

Perhaps most striking is that, even way back in 2004, users were not only told to install an antivirus for Mac – but also to ensure it was up to date with the latest patches to ensure it would protect against Renopo.

4. The first Trojan for Mac was discovered in 2011

Trojans are widely considered some of the scariest and most dangerous types of malware. They can allow hackers to gain remote access to a Mac, sending data back to a Control and Command server, which the hacker can use to install secondary payloads such as spyware and keyloggers. The first Trojan for Mac was discovered in 2011. The Flashback trojan was disseminated via social media and was used to gain backdoor access to Macs, which were then leveraged to create the largest Mac botnet ever recorded.

5. The first ransomware for Mac was discovered in 2016

In 2026, cybersecurity researchers at Palo Alto discovered the KeRanger ransomware trojan for Mac. The tool allowed hackers to remotely lock up a Mac computer with encryption to demand a ransom – usually in the form of Bitcoin. When it was discovered, the malware variant had affected over 7,000 Mac users and was spreading via a compromised torrent client.

6. Mac adoption went up 40% in 2022

While most of the top 5 computer brands reported a decline in sales, Apple reported a 40% increase. This is a considerable rise in macOS adoption, which will, unfortunately, probably result in an influx of malware being created for Mac.

If we have learned anything from the massive rise in Linux malware since 2021, we know that hackers gravitate to the most used systems. Therefore, a trend towards Mac adoption should be seen as the first sign that malware rates will increase.

Patrick Wardle, a researcher who specializes in Apple security, has confirmed this suspicion. Wardle suggests that alongside increasing Mac adoption, malware for Mac increased by more than 50% between 2022 and 2023.

7. 22.4% of Mac devices are enterprise

One reason hackers are increasingly interested in developing malware for Mac is its widespread use by organizations. Hackers understand that targeting enterprise systems is more lucrative. They are slowly turning their attention away from Windows and towards alternatives like Linux and macOS. The latest stats show that 22.4% of all Mac computers are used for enterprise.

8. Serious cybercriminal gangs like BlackBasta and BlackCat set sights on Mac

According to Bitdefender, some of the world’s most notorious hacking groups focus on developing exploits for Macs. These efforts could result in significant new Mac malware threats in the future, reminding us to protect Macs with up-to-date antivirus.

9. From August 2023 to February 2024, Apple released over 60 security updates

Apple had to release over 60 security updates for macOS, iOS, and Apple Watch in six months. This is a strong indicator that the company is dealing with a growing number of threats. Many of those updates were released to patch previously unknown critical security vulnerabilities (zero days) that were either exploited or at risk of being exploited in the wild.

10. EvilQuest was the most common malware affecting Macs in 2022

According to research by the security firm BitDefender, EvilQuest was responsible for 52.7% of all malware attacks on Mac in 2022. This made it by far Mac’s most prolific malware variant that year. EvilQuest is a highly sophisticated Trojan that incorporates spyware, ransomware, keylogging, and data theft into a malicious application.

11. 8% of unwanted applications detected on Mac are crypto miners

Research by Bitdefender revealed that 8% of Potentially Unwanted Applications are crypto miners that use the victim’s processing power to mine valuable cryptocurrencies in real time. This can cause the device to be slow as the hacker uses both valuable PC resources and the victim’s electricity to create revenue.

12. Adware accounted for 22.6% of malware infections on Mac in 2022

The same Bitdefender Mac Threat Report revealed adware accounts for a whopping 22.6% of malware infections for Apple Mac. These infections might not be as dangerous as spyware and trojans designed to steal data, but they can cause a lot of frustration, constant pop-ups, and a massive increase in ads. They can also potentially expose users to dangerous links to malicious websites, increasing the risk of drive-by infections.

13. In 2023, info-stealers were the most popular new malware for Mac

Although adware and trojans were Mac’s most prolific malware variants over the last couple of years, 2023 also saw a sudden explosion of Info-Stealers. According to Objective See, this was the single most popular new type of malware for Macs.

The worrying thing about info stealers is that they often do not persist. Instead, they steal data and then disappear without ever being noticed. This makes it essential for users to protect against infections with a reliable antivirus proactively.

14. 21 new Mac malware variants detected in 2023

According to the 2023 Jamf Annual Trends Report the cybersecurity company detected 21 new variants of Mac malware in 2023. Adware accounted for 36% of those programs, PuPs accounted for 35.24%, and trojans accounted for 17.96%. The company said this signals a diversification of threats away from adware.

15. Ransomware accounted for just 2% of Mac malware

According to the same Jamf report, only 2% of malware affecting Macs is ransomware, compared to 20% on Windows. The threat of ransomware on Macs is comparatively low.

16. 25% of businesses found employees failing to use the Mac lock screen

25% of businesses found employees failing to use the Mac lock screen. The prevalence of employees not using the Mac lock screen feature underscores the need for companies to educate their workforce on expected security standards better. This also reinforces the necessity for organization-implemented device security standards that individuals cannot alter. Ensuring all employees lock their Mac screens can help reduce the risk of unauthorized access.

17. HVNC exploit used to remote control Macs

In August of 2023, hackers were found using a Hidden Virtual Network Computing (HVNC) exploit to take control of Mac computers remotely. Hackers could carry out this attack without the Mac owner being aware.

This is a very severe malware variant and reminds us that new exploits may be rarer than on other platforms, but they have the potential to be just as sophisticated.

According to the cybersec firm Guardz, the malware was being offered for sale on a Russian cybercrime forum from April 2023. Once purchased, hackers could use it to take over a victim’s Mac and steal login credentials, personal data, financial information, and other valuable data.

18. JokerSpy malware discovered in June 2023

A new Mac malware variant was discovered in June, allowing hackers to take over Mac computers to exfiltrate sensitive data. According to Intego, the JokerSpy malware was found to be actively exploited in the wild. Other security companies corroborated this. The malware targeted A Japanese cryptocurrency exchange, which could install secondary payloads and steal huge amounts of data, including login credentials and the contents of cryptocurrency wallets.

19. RustBucket malware discovered in April 2023

Jamf Threat Labs reported this malware variant in April of 2023. It conceals itself as a PDF viewer and is activated when the victim opens a malicious PDF file. Once infected, the malware communicates with a Command and Control server where attackers can snoop on the device and steal data. The malware is believed to have originated from state-sponsored hackers in North Korea.

20. MacStealer malware found stealing iCloud passwords and credit card info

This scary malware variant was discovered in March 2023. The malware, dubbed “MacStealer,” could compromise Macs running macOS Catalina or later with Intel or Apple M-series chips. Once on a machine, the malware could steal passwords, cookies, and credit card data from Firefox, Google Chrome, and the Brave browser.