Thursday, July 16, 2026
News

MacPaw releases ‘Mid-2026 macOS Threat Report’

MacPaw has released its "Mid-2026 macOS Threat Report."

Moonlock by MacPaw has just released its Mid-2026 macOS Threat Report, a close look at the most significant threats so far this year.

One theme stands out: Mac and Windows are no longer separate threat surfaces. Any Mac incident can now trigger a cross-platform follow-on attack, with campaigns running in parallel: same servers, same domains, same dropper, same operator, just a different binary. Here are some highlights from the report:

  • ClickFix is still the top attack method, tricking users into running the malware themselves.
  • Adware dominates detections at roughly 65%.
  • Odyssey leads stealer detections at 62.7%, spread mainly through fake Homebrew, TradingView, and LogMeIn lures.
  • AI tools are the new bait. Fake AI developer tools now rank second only to cracked Adobe and Creative Suite installers among impersonated apps.
  • “Apple certified” doesn’t mean safe. Over half of malicious Mach-O uploads were digitally signed, and 22% carried valid or recently revoked Apple Developer certificates, exactly how so much slips past Gatekeeper’s first prompt.

I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support. 

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.

Leave a Reply