2025 Apple Mac Security Report: Information theft malware surges by 28%, becoming the number one threat

Passionategeekz June 18th news, every year, Apple device management platform Jamf releases its “Security 360: Annual Trend Report”, which provides a comprehensive outlook on the macOS threat situation that enterprises and users are currently facing. This analysis is based on anonymous real data collected from 1.4 million Mac computers with Jamf software installed in 90 countries.

Today, Jamf released the 2025 edition of the report covering the data over the past 12 months. The report reveals a lot of shocking information, the most notable of which is the surge in information-stealer malware (infostealer malware) by 28%, making it the dominant type of malware on the Mac platform.

The main findings of Passionategeekz’s report:

• 32% of organizations have critical (and patchable) vulnerabilities in at least one device.

• Jamf has identified approximately 10 million phishing attacks over the past year, with 150,000 to 200,000 being classified as zero-day attacks.

• 25% of organizations are affected by social engineering attacks.

• Information theft malware continues to be popular, becoming the number one type in the Mac malware family, accounting for 28.36% of all detected Mac malware.

• One out of every 10 users clicked on the malicious phishing link.

• More than 90% of cyberattacks originate from phishing

“Once considered exclusive to creatives and executives, the equipment is now increasingly integrated into the daily work of more people, such as engineers. But with its continued integration at work, it has become a bigger target in the eyes of attackers,” said Jaron Bradley, director of Jamf Threat Lab.

There has been a long misunderstanding that Mac computers will not be infected with malware. This view may have been established in the early 2000s, but it is obviously not the case now. The increasing number of Mac computers has made it the focus of attackers. Although Apple provides powerful built-in system security mechanisms with XProtect, corporate and individual Mac users are still victims at record rates. Jamf’s report today highlights what types of malware are causing the greatest damage.

This is the first time that Jamf users have discovered that information stealing malware has surpassed adware and become the most common type of malware. The growth rate of information theft malware reached 28.08%, accounting for 28.36% of all malware samples analysed.

Once infected, the malware establishes a connection between the Mac and the attacker’s command-and-control (C2) server, stealing sensitive data, such as iCloud Keychain credentials. It was also found that it quietly installs remote desktop application AnyDesk and keyboard record software to take over the device and collect key records. Information theft malware also usually targets web browsers, stealing credentials such as passwords and cryptocurrency wallet keys.

Information theft malware is hard to detect because they can pass detection silently like antivirus scanners like VirusTotal. Cyber ​​criminals often upload executable files to platforms such as VirusTotal to ensure malicious behavior is hidden well enough to avoid being detected by popular scanners.

In recent years, the popularity of information theft malware has risen sharply, partly because they are easy to access and have low barriers to entry. For example, underground criminal gangs are increasingly carrying out “Malware-as-a-Service” (MaaS) services. In this mode, malware developers create and maintain tools like information stealing malware and rent them to affiliates with less technical capabilities. These affiliates get ready-made malware packages that can be targeted at any time they want to attack.

Other contributors include the ability to quickly gain considerable benefits compared to attacks such as ransomware, which can take weeks or even months to see rewards from cybercriminals.

Interestingly, Jamf’s report specifically mentions the abuse of PyInstaller. PyInstaller is a legitimate open source tool that developers use to package Python scripts into standalone executables. Nowadays, attackers have begun to use it to secretly package malicious Python scripts and then send them to potential victims to execute on their devices.

Apple has pre-installed many valuable backend services on every Mac computer to protect users from potential threats on the Internet, but these measures are often not enough.

How to prevent information theft malware

• Always conduct a full investigation before installing any unofficial Mac app store applications.

• Before opening the link, hover over the link to confirm.

• Use strong and complex password combinations and enable two-factor authentication (avoid SMS verification if possible, prefer one-time password (OTP)).

• Be extra cautious when granting permissions on your Mac.

• Keep devices and applications updated.

Advertising statement: The external redirect links (including, not limited to, hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All articles from Passionategeekz include this statement.