Antivirus software developer Malwarebytes has published its 2021 State of Malware Report, which shows that consumer malware threat detections on Macs dropped 38% in 2020, while Mac detections for businesses jumped year-over-year.
Malwarebytes detected a total of 120,855,305 threats in 2019, dropping to 75,285,427 threats in 2020. Consumer threats fell 40%. However, threat detections for business users grew 31%, thanks to businesses shifting their operations to remote online work due to the COVID-19 pandemic.
While there was a drop in the detections of adware and potentially unwanted programs (PUPs), malware, which includes backdoors, data stealers, and cryptocurrency stealers/miners, increased by more than 61%.
Malware still only accounted for 1.5% of all threat detections on the Mac, the rest were categorized as Adware and PUPs. PUPs include “cleaning” apps such as MacKeeper, Mac Adware Cleaner, and many others. Apps like that represented more than 76% of detections, while adware represented around 22%.
Malwarebytes says the most unusual Mac malware during 2020 was ThiefQuest, which was spread by installers found on torrent sites. The malware would encrypt files, then provide ransom instructions for decrypting the files. However, the instructions did not provide the correct contact information for removing the encryption and was actually a cover for something more malicious.
Upon further investigation, we learned that the ransomware activity was really a cover for massive data exfiltration, including MS Office and Apple iWork documents, PDF files, images, cryptocurrency wallets, and more. This kind of malware, known in the Windows world as a “wiper,” had never before been seen on Macs.
Even more interesting, the malware would inject malicious code into executable files found in the Users folder, such as components of Google Software Update, in a virus- like manner, another rarity in the Mac world. The combination of these features made ThiefQuest not only the most unusual Mac malware in 2020, but perhaps the most unusual Mac malware ever.
Adware techniques on the Mac in 2020 included admin password phishing, automated browser extension installations, and more.
Malwarebytes’ full report is available on the Malwarebytes website.
