Apple devices are believed to be pretty secure—that’s what the company will tell you as well. You might have seen the tagline “Privacy. That’s Apple.” in their promotions. However, the tech landscape is changing, and even Apple products aren’t beyond cybercriminals’ reach. A new report suggests that Mac users will need to be more vigilant this year, as AI advancements are helping hackers breach even the most secure systems. I have consistently reported on how Mac malware is targeting users, and experts now believe this will only get worse.
The rise of cyberattacks on Apple devices
Mac malware is not what it used to be. For years, the biggest threats were annoying adware and browser hijackers, more of a nuisance than a real danger. But that is changing fast. As highlighted by Malwarebytes, a new wave of information stealers is taking over, and they are far more dangerous, going after passwords, authentication cookies, credit card details, and even cryptocurrency.
This shift started in mid-2023 with the arrival of Atomic Stealer, also known as AMOS, a piece of malware that looked much more like something you would see on Windows than the typical Mac threats. AMOS was not just effective; it was easy to use and sold as a service for one thousand dollars a month with a slick web-based control panel. That success led to the rise of even more dangerous variants.
One of them, Poseidon, launched in mid-2024 and quickly became the dominant Mac stealer, responsible for seventy percent of infections. It can drain over one hundred sixty different cryptocurrency wallets, steal passwords from browsers and password managers, and even grab VPN credentials.
At the same time, cybercriminals have doubled down on malvertising, using fake ads on Google and Bing to trick users into downloading malware instead of real software. These campaigns are highly targeted, allowing attackers to pinpoint Mac users and serve fake downloads based on their searches. With AI now being used to create and execute many of these attacks, they are likely to increase in scale.
4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH
Things are worse for Android users
While Mac malware is evolving, the situation on Android is even more alarming. Phishing attacks on the platform have reached staggering levels, with thousands of malicious apps designed to steal credentials and bypass security measures.
So far, in 2024, researchers have detected 22,800 phishing-capable apps, alongside 3,900 apps designed to read OTPs from notification bars and 5,200 apps capable of extracting OTPs from SMS messages. These numbers highlight how widespread and effective Android phishing malware has become.
Just like phishing emails, phishing apps trick users into handing over their usernames, passwords, and two-factor authentication codes. Once stolen, these credentials can be sold or used for fraud, identity theft, or further cyberattacks. Because phishing apps require minimal code and fewer permissions than traditional malware, they are much easier to sneak onto app stores, including Google Play.
Many phishing apps look like regular, fully functional software. Some impersonate games or utilities, while others appear as cracked versions of popular apps like TikTok, WhatsApp, or Spotify. Some stay dormant for days to avoid detection before launching their attacks. Others rely on ad functionality to redirect users to phishing sites, making the malicious code harder to trace.
Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
5 tips to protect yourself from Mac malware
Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious info stealer malware.
1) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store, Google Play Store, or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.
3) Keep your software updated: Keep your software updated: Ensure that both macOS, Android, and all installed applications are up to date. Apple and Android frequently release security patches and updates that address vulnerabilities. Enable automatic updates for macOS, Android, and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.
4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here—it generates and stores complex passwords for you, making them difficult for hackers to crack.
It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed Password Managers of 2025 here.
5) Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, Gogle account, email, and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.
HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET
Kurt’s key takeaway
The days when Mac users could assume they were safe are long gone. Cybercriminals are evolving their tactics, with Mac malware shifting from simple adware to advanced information stealers, and Android phishing apps are also becoming harder to detect and more widespread than ever. From stealing passwords and authentication cookies to intercepting OTPs and draining cryptocurrency wallets, these threats are growing in both sophistication and scale. No platform is immune, and as cybercriminals continue refining their techniques, users, and organizations must stay ahead with strong security measures.
Do you trust official app stores like the App Store and Google Play, or do you think they need to do more to prevent malware? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.