Skip to main content

Malware threat report reveals risk on Mac compared to Windows and Linux

So far this year we’ve seen a few reports about malware that’s affecting Macs. Now Elastic Security Labs has released its spring 2023 Global Threat Report. It offers a big-picture look at the state of malware including how often it’s impacting Mac vs Windows and Linux, the most common malware overall, the most common malware on Mac, and more.

Looking across Windows, Linux, and Mac, Elastic’s latest research found that Trojans were the most common type of malware making up over 75% of the total. Cryptominers and ransomware were the next two common categories.

As for the distribution of malware found, roughly 54% of all instances were found on Linux endpoints, with ~39% happening on Windows systems when looking at all of Elastic’s data. And just 6% of the malware detections were found on Macs.

However, when looking at just the most recent data, 52% of malware was found on Windows, 47% on Linux, and just a tiny 1% being found on macOS.

While Malwarebytes earlier this year shared a report showing adware as the most prevalent type of malware on Mac, Elastic says that it found cryptominers as the dominant malware on Mac with a sprinkle of Rootkit showing up for early 2023.

And for the most common cryptominers found on Macs, XMRig accounted for almost 40% of instances across all of Elastic’s data.

Elastic highlights that XMRig could be used intentionally or legitimately, but it is widely used by malicious parties.

Elastic also believes that the use of cryptominers against Macs could be on the rise:

It should be noted that the distribution and victimology of macOS cryptominers could become increasingly popular and developers leverage MacOS and JavaScript for work-related tasks. Since Node Package Manager (NPM) is a common package manager for JavaScript, cryptominers could be distributed in malicious packages to macOS endpoints

The full 2023 report includes more details on Windows, Linux, cloud security trends, and more.

In related news, we recently saw what appears to be the first ransomware designed specifically for Apple Silicon Macs from the LockBit gang:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Michael Potuck Michael Potuck

Michael is an editor for 9to5Mac. Since joining in 2016 he has written more than 3,000 articles including breaking news, reviews, and detailed comparisons and tutorials.