Potent Trojans Targeting MacOS Users

Written by

Threat actors are becoming more efficient at targeting Mac users through MacOS tailored malware, according to Bitdefender’s macOS Threat Landscape Report.

While Apple’s ecosystem still experiences a narrower range of threats than other popular operating systems like Microsoft’s Windows and Google’s ChromeOS, the researchers warned that “this false sense of protection often means malware tailored to infect Macs is better suited to its goals.”

Speaking to Infosecurity, Bogdan Botezatu, Director of Threat Research at Bitdefender, noted: “Threat actors are now building much more sophisticated malware creations, and many times target multiple OS platforms and architectures in the same attack. We expect the existing threats to evolve and become more refined with time.”

The report found that Mac users were mainly targeted by three key threats in 2022 – Trojans, Potentially Unwanted Applications (PUAs) and Adware – with Trojans making up over half (51.8%) of threat detections.


Threat actors use a range of techniques to infect macOS with Trojans, according to the Bitdefender researchers. This includes:

  • Socially engineered communications, such as spam, phishing and social media
  • Malvertising served via social media or websites
  • Tainted file downloads via torrent or warez websites

The most common Trojan families used to target MacOS in 2022 were EvilQuest (52.7%), followed by Generic Trojan (22.4%), Exploit (8.2%), Flashback (2.7%) and Empire (2.6%).

While the report noted some of these can be considered “legacy malware,” they are still proving effective due to many users failing to configure proper security settings and/or deploying a dedicated security solution.

Botezatu told Infosecurity that the macOS landscape is undergoing significant changes regarding the quantity and quality of malware.

“While the bulk of the Mac badware used to revolve around greyware and potentially unwanted apps, the balance has tilted this year in favour of more potent Trojans. The EvilQuest malware, for instance, has been active since late 2020 and continues to perfect itself. This shows in the number of unique samples that kept coming since 2020, but it’s not just an increase in samples – it’s also an increase in the quality of malware,” he explained.

Unwanted Applications

These applications, commonly found as freeware, repackaged applications or utility apps, represent a quarter (25.3%) of threats to macOS, according to the researchers.

Some PUAs can hijack a user’s browser, changing the default search engine and installing plugins without consent, and “highly aggressive” ones can modify third-party apps, download additional (unsolicited) software, and alter system settings.

The report found that PUA detections on Macs are crypto miners and 1% are jailbreak utilities.

Bitdefender said that developers have “flooded” the market with such apps, some of which are persuasive enough to get users to disable restrictions and run apps from any source.


The report found that adware, a tactic used by developers to generate money by automatically generating adverts on users’ screens, accounted for over a fifth (22.6%) of threats targeting macOS.

These infect systems after users wilfully download things like freeware programs, fake installers, software downloaded from torrents and wares sites, pirated programs, malicious links and malvertising.


Botezatu highlighted another interesting development in the macOS landscape, which is the development of highly sophisticated malware written for cyber-espionage purposes.

“Information stealers such asXloader and Macma and cross-platform Trojans such as JokerSpy and WildPressure are just some of the extremely potent threats that have recently started targeting high-profile victims. Unlike average malware, these threats are carefully written and sometimes leverage unpatched vulnerabilities, while others are capable of targeting multiple architectures, such as Intel x86 and ARM M1/M2,” he explained.

How to Keep Macs Secure

Bitdefender observed that one of the key security issues with Macs is users “procrastinating” over updating software and deploying Apple security patches. In addition, the “vast majority” of Mac owners use older generations of macOS that do not receive the latest security updates.

In addition to staying up to date with the latest OS version and applying the newest security patches, the researchers advised users to never download software from unofficial sources, like torrents and warez sites. 

Image credit: Shahid Jamil / Shutterstock.com

What’s hot on Infosecurity Magazine?