Written by Tampere University
The SafeHorizon project is actively analyzing large-scale malware infections and confirms that macOS devices worldwide have fallen victim to infostealers. For years, macOS users have enjoyed a reputation for being safer than their Windows counterparts. However, cybercriminals have shifted their focus, and macOS devices are now increasingly targeted by a specific type of malware known as infostealers. These malicious programs are designed to silently extract sensitive data from infected systems, including passwords, browser cookies, VPN configurations, SSH keys, and even cryptocurrency wallet credentials.
Infostealers are often spread through phishing emails, fake application installers, malicious browser extensions, or poisoned search results leading to trojanized downloads. Once executed, the malware scans your system for stored secrets, collects files containing sensitive information, and transmits everything to attacker-controlled servers. This stolen data can then be used to bypass two-factor authentication, gain unauthorized access to company networks, or even steal money from online accounts.
While studying the spread of infostealers, we, the SafeHorizon project, suspect these malware traits are infecting devices in major organizations, including macOS devices. Combined with the fact that the infostealer malware is collecting VPN and other security configurations, these characteristics may lead to full access to organizations internal resources. This scenario is especially concerning for professionals handling sensitive information. Yet many macOS users either do not run endpoint protection tools or rely solely on the operating system’s default defenses, which are insufficient against advanced threats like infostealers.
We recommend three main ways to protect your macOS:
- Avoid downloading apps or updates from unofficial sources.
- Use reputable antivirus or endpoint detection software on macOS.
- Enable hardware security keys.
