Click to Skip Ad
Closing in...

Half of all macOS malware comes from this one app

Updated Nov 23rd, 2022 3:59PM EST
macOS-Monterey
Image: Apple

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

According to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts on security. What is surprising is that nearly half of all macOS malware originates from the same source.

Elastic’s researchers claim that over 47% of macOS malware comes from the app MacKeeper. Ironically, the MacKeeper software suite purports to “keep your Mac clean and safe with zero effort,” but as Elastic explains, it is also a useful vector for attackers:

As Elastic explains, though MacKeeper is intended to help macOS users, “it can be abused by adversaries since it already has extensive permissions and access to processes and files.” An app meant to keep your computer safe can actually put it at greater risk.

A chart showing macOS malware popularity.
A chart showing macOS malware popularity. Image source: Elastic Security Labs

Unfortunately, Elastic does not go into detail about MacKeeper, but a cursory search reveals that the software suite has a rather spotty history.

Specifically, MacKeeper has a reputation for being incredibly difficult to fully remove. There are countless guides for uninstalling MacKeeper online, which should not be something that requires a guide. There is also a fairly lengthy entry on The Malware Wiki about MacKeeper. That doesn’t seem like a site you’d want to see your software on.

The report is loaded with interesting data about malware. For example, Elastic Security Labs also found that trojans account for just over 80% of malware across every operating system. Cryptominers came in second at 11.3%, while ransomware was in third at 3.7%.

“Trojans continue to be a favored way to weaponize deliverable binaries that deploy stagers and droppers to carry out the intrusion, but can be multi-purposed with additional techniques,” Elastic explains. “Our team has commonly seen Trojans packed before delivery to the target to avoid potential mitigation by signature-based detection engines.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.