macOS-targeting activity by dark web criminals is intensifying 

In 2022 and the first half of 2023, macOS-targeting activity on the dark web has intensified, according to a report from Accenture's Cyber Threat Intelligence (ACTI) unit.

Historically, dark web cyber criminals have focused their efforts on Windows. Previous macOS-related activity has been limited in scope owing to the comparatively smaller role played by macOS in enterprise infrastructure globally and the more advanced and niche skills required to target the Mac operating system. 

Yet, in 2022 and the first half of 2023, macOS-targeting activity has intensified, according to a report from Accenture’s Cyber Threat Intelligence (ACTI) unit. The report says here’s what’s on sale:

° Actors developing, maintaining and advertising macOS-specific infostealer strains;

° macOS-focused threat actors dedicated to selling tools and services targeting macOS systems;

° The sale of macOS enterprise certificates for malware distribution;

° The development and sale of macOS specific exploits including alleged zero-day exploits;

° A strong focus on macOS Gatekeeper bypass attacks;

° LockBit 3.0 developing specific ransomware strains; other groups showing interest.

Accenture says that cyber criminals’ keener interest in targeting the macOS operating system comes at a time when enterprise adoption of macOS is rising, “creating a perfect storm that could elevate the threat to businesses using macOS as part of their technology stack.”

“A combination of the increasing use of macOS in corporate environments, the high potential earnings of threat actors willing and able to target macOS and the surging demand for macOS tools and wares suggest this trend will continue,” says Accenture. “As technically advanced and well-resourced threat actors continue to pour time and money into developing macOS-specific attack vectors, the techniques and capabilities available to the wider dark web community increases. As more products become available, technical knowledge trickles down and potential barriers to entry are removed, leading to a flurry of new offerings catering to macOS-targeting by dark web criminals including more infostealers, ransomware strains, RATs, loaders, exploits and credential harvesters.”

The dark web is the hidden collective of internet sites only accessible by a specialized web browser. It is used for keeping internet activity anonymous and private, which can be helpful in both legal and illegal applications. While some use it to evade government censorship, it has been used for illegal activities

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.