Computer security is science, yet it sure seems to traffic in enough beliefs to make it seem like a collection of warring cults. And no matter which infosec church you’re most swayed by, you’re probably one of the many who believe that Macs don’t get malware. Even if you’re not totally on board with this, chances are good you at least behave like Macs are immune.
In fact, the number of malware attacks on Apple’s operating system skyrocketed by 744 percent in 2016. Despite this, most people still believe that Macs don’t get viruses. Add to this the fact that, despite the seeming ubiquity of Apple’s products, the company’s user base is still growing. There are nearly 100 million Apple users worldwide, myself included.
It makes sense that a large user base equals a larger target. To cybercrime rings, Apple users are a beggar’s banquet of trusting, sitting ducks. But McAfee Labs found something really interesting about the malware Mac users are ending up with. It’s coming from the other Mafia of nonconsensual tracking, recording, and surveilling innocent users: the ad industry.
In the security firm’s most recent Threats Report, its researchers identified around 460,000 malware instances designed for MacOS in 2016. And they found that adware companies were behind most of them. (McAfee attributes the sharp increase in Q4 to the recent rise of “adware bundling” on Macs, where adware is bundled with things like Java for Mac and downloading services like SourceForge.)
Adware is software that displays ads on your computer, collects marketing data about you (like what websites you visit), and can redirect your search requests to ad websites, among other things. Most adware is supposed to do this with your consent, though gaining consent is hazily defined these days—and it’s the nature of adware that users don’t typically know it’s on their computer because the files don’t readily appear in their system. Malicious adware operates without your consent, and in this context it’s considered a “Trojan spyware” kind of infection.
I’d argue that adware and spyware are indistinguishable and both are equally harmful, though the online advertising industry would insist otherwise. Because, you know, what they’re doing isn’t technically illegal.
Adware lands on your Mac by way of free software and your visits to tainted websites. An adware infection might appear in the form of an app you don’t remember installing, or weird activity when you browse the internet, such as pop-up windows going nuts telling you that you’ve been infected with a virus. You can clean your Mac with an app such as Malwarebytes Anti-Malware for Mac, or do it manually. Using a robust ad blocker (like uBlock Origin) and enabling a pop-up blocker on whichever browser you use can serve as safeguards.
Infosec cultists can still gloat that Macs are generally safer, even if they’re not at a price point everyone can access. We still want our less tech-savvy friends and family using Apple products for security reasons.
But Apple’s defenses clearly aren’t catching everything, and pretending like nothing can happen is going to harm more than it will help. Of the 630 million total instances of malware that McAfee found last year, only 460,000 of them were Mac. Still, there have been some grave attacks on Macs recently, like ransomware, password-stealers, infections that steal iPhone backups, and more.
So yes, we need to kill the myth of the perfect, impenetrable Mac. Even if McAfee’s findings show that the amount of malware designed for Mac is still small(er) potatoes by comparison.
We don’t need to worry that much.