Skip to content
Thoughtful, detailed coverage of everything Apple for 31 years
and the TidBITS Content Network for Apple professionals
5 comments

Malwarebytes Reports on the State of Mac Malware in 2020

Malwarebytes Labs has published its 2021 report on malware, reflecting on the state of malware threats in 2020 based on detections in the Malwarebytes apps and services. Overall malware detections decreased 38% on the Mac, though Mac malware in businesses increased 31%. It’s worth keeping in mind that actual malware—the truly malicious stuff—accounted for just 1.5% of all Mac detections in 2020, with the rest being adware and so-called potentially unwanted programs (PUPs), which is just a nice term for crapware like browser toolbars that clutter your browser, display ads, and track you.

The Mac section of the full report contains some disturbing details, such as a description of the bizarre ThiefQuest malware, which fakes a ransomware attack while exfiltrating personal data from your Mac. Also troubling is how the report notes that Apple security measures introduced in macOS 10.15 Catalina prevent users from uninstalling some PUPs without disabling System Integrity Protection. The report concludes:

Apple’s days of sitting on the fence are now over. With the protection involved in the system extension entitlement, there is no longer any middle ground. At the time of writing, Apple is implicitly siding with the PUPs, providing them protection against removal. Time will tell if Apple decides to side with those who stand against these PUPs, by revoking their entitlements.

Read original article

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 29 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About Malwarebytes Reports on the State of Mac Malware in 2020

Notable Replies

  1. The media has made way too much of this. We should be concerned that 30K computers were infected, but the fact that it contains M1 code is not a big deal. Any developer that uses the current version of Xcode gets that capability automatically. And currently the infection does nothing malicious, just checks over the internet to see if it should be doing anything. Lastly the installer was disabled by Apple revoking the DeveloperID some time ago. At least 30 scanners have been updated to detect and disable it and I wouldn’t be surprised to see Apple update it’s Malware Removal Tool shortly to clean things up on most of the remaining 30,000 Macs that don’t run 3rd party AV software.

  2. Although those four files are common to both versions of Silver Sparrow, the original report contains a much more complete list of files installed near the end in the “Indicators of Compromise” section: https://redcanary.com/blog/clipping-silver-sparrows-wings/

  3. Is there a company named more unfortunately than Malwarebytes?

Join the discussion in the TidBITS Discourse forum

Participants