One of the oft-cited reasons for Macs’ new-found popularity in organizations is their perceived “better security.” While the “Macs don’t get malware” trope has been sufficiently disproven by reality, there is still a strong sense of “but they’re safer than the rest.”
“Despite perceptions, Macs are no more ‘secure by design’ than any other computing device,” he says. “They can, and are, regularly compromised and need to be factored into the organization’s overall security strategy as a primary target for threat actors.”
Stokes says 2024 saw a marked increase in macOS-focused crimeware, in particular, infostealers-as-a-service including Amos Atomic, Banshee Stealer, Cuckoo Stealer, Poseidon and others. These stealers eschew persistence and seek to steal everything from a single intrusion, including credentials for online and cloud accounts.
There’s no quick fix for either the “universal password” or the easy-to-fake password dialog. These are technologies that have been baked into the OS since its earliest days; nobody should expect Apple to address these any time soon.
“Consequently, we expect malware authors to continue abusing both throughout 2025,” Stokes says. “
We also expect compromising software the user is known or required to run will also be a firm favorite in the year ahead. Keep a careful eye on productivity apps that are mandated across the organization as well as IDEs and other development tools.
I hope you’ll help support Apple World Today by becoming a patron. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
