Mac owners will need to stay vigilant this year, according to the 2025 State of Malware report released by Malwarebytes.
The new annual report details the kinds of threats that Mac, Windows and Android owners should be aware of and expect to see in the coming year – and macOS infostealers are likely to be much more prevalent in 2025.
In the past, Mac owners could rely on Apple’s stringent protections and macOS' built-in antivirus XProtect. Now, though malware has evolved with the assistance of AI to become increasingly more effective and dangerous. MacOS stealers, which are malware that can siphon personal information like credit card numbers or personal data, are particularly concerning and Mac owners are at almost as much risk as Windows PC users this year.
Both personal and professional devices could be targeted, as these infostealers can take any data like passwords, authentication cookies or cryptocurrency and funnel it back to the threat actors, who can then use stolen credentials to steal additional information, access sensitive resources, or create social engineering attacks. And because AI can now be used to create and carry out many of these attacks, they are likely to increase in scale.
Examples of these infostealers include Poseidon and Atomic Stealer, which can steal cryptocurrency from over 160 different crypto wallets, passwords from web browsers, passwords from password managers like Bitwarden or KeepassXC and VPN configurations including Fortinet and OpenVPN.
How to protect yourself
The good news is that the majority of macOS infostealers– like most Mac-based malware – require the user to be fooled or tricked into installing it. Which means you are your own best line of defense.
Your best protection is to be extremely careful about where you download or acquire your software. Stick to the Mac App Store, followed only by legitimate websites of trusted developers.
At the same time, you're going to want to make sure your macOS devices are protected with the best Mac antivirus software, and never click on links from unexpected or unknown sources. If you receive a message, text, or email with a link, contact the sender to verify they sent it or manually visit the site to check your account. Always enable two-factor or multi-factor authentication, and for added protection, use a password manager or VPN if possible.
As the best MacBooks have become increasingly popular among both businesses and consumers, hackers have pivoted from targeting Windows PCs to going after Macs. If you're careful though and practice good cyber hygiene, you and your family should be safe from these increased threats.
