Mac Threat Detections on the Rise in 2019 According to Malwarebytes Report

[MacRumors]

Mac threat detections were on the rise in 2019, according to data shared by Malwarebytes, a company that makes anti-malware software for Macs and Windows PCs.

Looking at the top 25 threat detections in 2019, six of those were Mac threats, with Mac threats accounting for 16 percent of total detections. Malwarebytes found this number significant because its Mac user base is 1/12 the size of the PC user base, but Malwarebytes does not provide direct year-over-year comparisons of Mac malware numbers.

Mac adware​

Perhaps 16 percent doesn't sound impressive, but when you consider the number of devices on which these threats were detected, the results become extremely interesting. Although the total number of Mac threats is smaller than the total number of PC threats, so is the total number of Macs. Considering that our Mac user base is about 1/12 the size of our Windows user base, that 16 percent figure becomes more significant.

For the first time in 2019, Mac malware broke into the top five most-detected threats, accounting for the second and fifth-most detected threats during the year.

The number two malware was Mac adware known as NewTab, accounting for four percent of overall detections across platforms. NewTag is adware that uses browser extensions to modify the content of webpages, and it's found in Chrome. It is no longer able to be installed in Safari because of changes Apple has made to extensions.

The number five malware, PUP.PCVARK, was responsible for three precent of total detections. PUP.PCVARK (with PUP standing for potentially unwanted program) is a collection of Mac programs not intentionally installed by the user.

Malwarebytes says there were 9.8 detections per Mac in 2019, compared to 4.2 detections per device for Windows PCs. That may sound significant, but there are caveats with that data point.

All of the machines used for these figures have Malwarebytes installed, and Mac users tend to believe antivirus software is unnecessary. Macs represented in this data may have "already had some kind of suspected infection" prompting users to install the Malwarebytes software, which would skew the numbers.

For that reason, Malwarebytes believes the overall threat detection rate for all Macs is not as high as its data sample suggests.

Though Malwarebytes suggests Mac malware is on the rise, it's worth noting that the threats Macs are facing consist primarily of adware and "potentially unwanted programs." There are more nefarious malware programs able to infect Macs, but these are more targeted and limited in scope, so unlikely to affect most Mac users.

Article Link: Mac Threat Detections on the Rise in 2019 According to Malwarebytes Report

 

[DoctorTech]

So we have a scary looking chart but we don't really know if the data is accurate and some of what we are calling malware might be things users intentionally added to their browsers that we decided to call "potentially unwanted programs".

I have been a Malwarebytes user for several years now and I like their software but I hate this type of scare tactic "journalism" / marketing.

 

[calzon65]

Most malware/viruses will still target Windows because of its significant market share but Apple best not become complacent.

 

[Lalatoon]

So I guess the pre-installed Windows Defender is doing its job. I think its about time that macOS should have an in-house av. The first thing I did after setting up my Macbook Air was to install MalwareBytes and security apps from Objective-See.

 

[TomMcIn]

Number 2 goes with Google Chrome so is really a Google problem. Would have been helpful if they told the readers how PUP.PCVARK gets on to a system.

 

[now i see it]

but is it hazardous to eat a Big Mac?

 

[Swazaloo]

"Mac Threat Detections on the Rise" . -- Says company who stands to profit from people buying their software to treat said detections.

 

[ThrowerGB]

This article looks to have been written by MacRumors. The comments so far point out a number of questionable and potentially highly misleading items. Shame on MacRumors for merely passing on the questionable MalWareBytes information without more serious analysis.

 

[joelypolly]

Pretty balanced article honestly since they call out that the data is biased as customer may have installed due to suspicion of having being infected and that overall rates are probably much lower than samples provided.

 

[dannyyankou]

All of the machines used for these figures have Malwarebytes installed, and Mac users tend to believe antivirus software is unnecessary. Macs represented in this data may have "already had some kind of suspected infection" prompting users to install the Malwarebytes software, which would skew the numbers.

This is actually a very good point. Most PC owners install anti-virus software by default, but a lot of Mac owners only install it if they already have malware.

 

[dantroline]

So I guess the pre-installed Windows Defender is doing its job. I think its about time that macOS should have an in-house av. The first thing I did after setting up my Macbook Air was to install MalwareBytes and security apps from Objective-See.

I don't think the solution for Apple is band-aid solutions like AV software but system level auditing suites and integrity checks, log files and so on. Third parties can then sell log processing and viewing apps for dummies.

I had Kaspersky on some machines for a few years which detected MS viruses in emails only. But if your computing habits are not tidy I suppose it's a different story.

 

[Attirex]

“Floors Are Dirtier Than Ever According to Swiffer Analysis.”

 

[ikir]

So I guess the pre-installed Windows Defender is doing its job. I think its about time that macOS should have an in-house av. The first thing I did after setting up my Macbook Air was to install MalwareBytes and security apps from Objective-See.

If users download from Mac App Store they are fine, these malware comes 90% from pirate website like in Windows land

 

[tuckerjj]

So I guess the pre-installed Windows Defender is doing its job. I think its about time that macOS should have an in-house av. The first thing I did after setting up my Macbook Air was to install MalwareBytes and security apps from Objective-See.

It already has it, XProtect.

 

[PickUrPoison]

This article looks to have been written by MacRumors. The comments so far point out a number of questionable and potentially highly misleading items. Shame on MacRumors for merely passing on the questionable MalWareBytes information without more serious analysis.

I think the last paragraph takes the expected spin from the vendor and puts it in perspective:

Though Malwarebytes suggests Mac malware is on the rise, it's worth noting that the threats Macs are facing consist primarily of adware and "potentially unwanted programs." There are more nefarious malware programs able to infect Macs, but these are more targeted and limited in scope, so unlikely to affect most Mac users.

 

[Lalatoon]

If users download from Mac App Store they are fine, these malware comes 90% from pirate website like in Windows land

I find macoS App Store very limited. App Store is not that safe actually as reported by malwarebytes in tihs ariticle https://blog.malwarebytes.com/threat-analysis/2018/09/mac-app-store-apps-are-stealing-user-data/
and the report even said that some malicious apps were reported to Apple December 2017 but is still available in the app store - the article was published sept 2018.
[automerge]1576563162[/automerge]

It already has it, XProtect.

That I did not notice. I infected my machine with a malware and only the malwarebytes detected it and i did not notice any notification from the system about the infection. It was different with Windows Defender in which it was able to detect a php script containing malicious code but not the malwarebytes.

 

[MandiMac]

That I did not notice. I infected my machine with a malware and only the malwarebytes detected it and i did not notice any notification from the system about the infection. It was different with Windows Defender in which it was able to detect a php script containing malicious code but not the malwarebytes.

Wait: Which OS is your machine with the malware running on? I'm guessing Windows 10, because Windows Defender does not run on macOS as far as I know. And said malicous code: Was that a Windows malware? macOS won't recognize Windows viruses as such, because they have no effect on Mac systems. If you share a network between macOS and Windows computers, it is advised to install an antivirus system on your Mac - if only to catch Windows viruses and malware to protect your Windows installations.

 

[Lalatoon]

Wait: Which OS is your machine with the malware running on? I'm guessing Windows 10, because Windows Defender does not run on macOS as far as I know. And said malicous code: Was that a Windows malware? macOS won't recognize Windows viruses as such, because they have no effect on Mac systems. If you share a network between macOS and Windows computers, it is advised to install an antivirus system on your Mac - if only to catch Windows viruses and malware to protect your Windows installations.

Sory if i was not clear... what i did was infect macOS with a malware as part of the hardening process for the os. Xprotect or whatever anti-malware system macOS natively setup in the system did not detect the malware because i did not receive any notifcation from the system but Malwarebytes did detect it.

Now on the Windows side, a different laptop of course, I did not bother going through the process of hardening it because i thought that it would be very hard to make it work so I just made sure that WIndows Defender is up to date and installed Malwarebytes. To my surprise Windows Defender was able to detect a php script that I know contains malicious code. Malwarebytes in Windows did not detect it.

Perhaps on the macOS experiment Malwarebytes catched the malwarre first before the macOS anti-malware system was able to catch it. But I had to perform manual scan in Malwarebytes to detect the malware. With that I think Windows Defender is a more effective system because right after I unzip or extract a container containing a malware it automatically detects it and that behaviour I did not notice when I am on macOS.

 

[MandiMac]

Sory if i was not clear... what i did was infect macOS with a malware as part of the hardening process for the os. Xprotect or whatever anti-malware system macOS natively setup in the system did not detect the malware because i did not receive any notifcation from the system but Malwarebytes did detect it.

I'm completely with you that Windows Defender is (or should be) all a Windows user needs. But about that malware: Was it a malware program that affected macOS or only Windows? Because Xprotect does not detect Windows malware. You can positively have all the Windows malware on your Mac system - it won't affect your system at all because the code won't work. Xprotect won't see a problem there and that's why you don't get a notification. Malware for macOS, however, should be detected by Xprotect.

 

[Wanted797]

on a previous version of my MacBook (before I did a clean install) I had avast antivirus.

Randomly avast went crazy with spam messages of ‘threat detected’ scans would not stop it. I installed malware bytes which fixed it but only after I knew something was wrong so that would skew the data significantly.

 

[MandiMac]

on a previous version of my MacBook (before I did a clean install) I had avast antivirus.

Randomly avast went crazy with spam messages of ‘threat detected’ scans would not stop it. I installed malware bytes which fixed it but only after I knew something was wrong so that would skew the data significantly.

Exactly my experience as well: Free anti-virus software scaring you into installing more anti-virus software. Never had a problem with malicious software - all I'm doing is working on a standard non-Admin user and thinking when something wants my Admin password.

 

[nihil0]

If you use legal sw and don't visit dubious website, there is no chance in hell you would get a virus on Mac or on Win for that matter

 

[BulkSlash]

what i did was infect macOS with a malware

Out of curiosity, how did you do that? Is malware able to bypass the block MacOS puts on executing programs without the user first giving permission in the Security & Privacy section of the MacOS settings app?

 

[Lalatoon]

I'm completely with you that Windows Defender is (or should be) all a Windows user needs. But about that malware: Was it a malware program that affected macOS or only Windows? Because Xprotect does not detect Windows malware. You can positively have all the Windows malware on your Mac system - it won't affect your system at all because the code won't work. Xprotect won't see a problem there and that's why you don't get a notification. Malware for macOS, however, should be detected by Xprotect.

It was a malware design for macOS. There are a lot of malware test file or the actual malware itself that can be use for testing. In my case I tried using a malware test file that is pretty recent.

I think I have an idea why xprotect was not able to detect it, i downloaded the malware from a different laptop and copied it to a usb (exfat formatted) then transfer it to macOS. With this process it means the file does not have the Quarantine flag set because it was not downloaded from the Internet using macOS. Quarantine flag are only set if the file was downloaded from the Internet using an application that properly support this feature like Safari. I've read that XProtect will not be able to protect the system from files that does not have the Quarantine flat set. Here's some info about it from Malwarebytes article

XProtect

A hidden feature of the system that you’d never know was there, XProtect is a basic anti-malware feature also tied to Quarantine. XProtect has a relatively small number of rules for identifying known malicious apps, and every quarantined app that you attempt to open is run past XProtect first. If it matches any of the rules, macOS will not allow you to open it.





XProtect suffers from the same problems as Gatekeeper, in that it can’t protect against anything that doesn’t have a Quarantine flag. There’s a bigger problem, however: at the time of this writing, the most recent rule added to XProtect was on March 13, 2018. So it’s missing rules for nearly an entire year of new malware! The future of XProtect is unclear, but it’s definitely not protecting you against current threats.

heres the whole page

https://blog.malwarebytes.com/101/2019/02/macos-protect-malware/

 

[urtules]

So I guess the pre-installed Windows Defender is doing its job. I think its about time that macOS should have an in-house av. The first thing I did after setting up my Macbook Air was to install MalwareBytes and security apps from Objective-See.

Mac OS already has built in anti-malware protection. It's a database which is updated and it blocks certain apps from running. It just completely invisible to the user, as it should be, and doesn't take any system resources. Every time you launch an application it is verified. Please correct me if I'm wrong.