According to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts on security. What is surprising is that nearly half of all macOS malware originates from the same source.
Elastic’s researchers claim that over 47% of macOS malware comes from the app MacKeeper. Ironically, the MacKeeper software suite purports to “keep your Mac clean and safe with zero effort,” but as Elastic explains, it is also a useful vector for attackers:
As Elastic explains, though MacKeeper is intended to help macOS users, “it can be abused by adversaries since it already has extensive permissions and access to processes and files.” An app meant to keep your computer safe can actually put it at greater risk.
Unfortunately, Elastic does not go into detail about MacKeeper, but a cursory search reveals that the software suite has a rather spotty history.
Specifically, MacKeeper has a reputation for being incredibly difficult to fully remove. There are countless guides for uninstalling MacKeeper online, which should not be something that requires a guide. There is also a fairly lengthy entry on The Malware Wiki about MacKeeper. That doesn’t seem like a site you’d want to see your software on.
The report is loaded with interesting data about malware. For example, Elastic Security Labs also found that trojans account for just over 80% of malware across every operating system. Cryptominers came in second at 11.3%, while ransomware was in third at 3.7%.
“Trojans continue to be a favored way to weaponize deliverable binaries that deploy stagers and droppers to carry out the intrusion, but can be multi-purposed with additional techniques,” Elastic explains. “Our team has commonly seen Trojans packed before delivery to the target to avoid potential mitigation by signature-based detection engines.