- Mac users need to stop believing that macOS is safer than Windows
- Generative AI has helped non-coders to create their own malware
- Social engineering continues to be the most common attack method
Cybersecurity experts from Moonlock are warning of the increasing prevalence of sophisticated macOS malware created with the help of generative AI.
In its 2024 Threat Report, Moonlock explored how publicly available tools like ChatGPT have enabled hackers to work around the technical barriers they were previously subject to in order to create malicious software more quickly.
The research found screenshots posted to darknet forums showing hackers using artificial intelligence to guide them through the development of Mac-bound malware step by step.
AI is helping to build macOS malware
Among the examples given was a case involving Russian-speaking threat actor ‘barboris,’ who admitted to building macOS malware without any prior coding experience thanks to generative AI. With natural language prompts, barboris was able to create an infostealer capable of targeting Keychain credentials and cryptocurrency wallet information.
The reported summarizes: “The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns.”
Moonlock explains that the rise of malware-as-a-service (MaaS) has also made macOS malware more accessible than ever. Cheapening MaaS options are lowering the barriers for attackers and making macOS malware more common that it used to be.
The researchers claim that the rise of MaaS has made cybercrime into a collaborative effort, creating new roles for creators and distributors.
Previously, Apple’s desktop operating system was favored over its Windows counterpart for being less susceptible to cyberattacks, however the researchers explained that the notion that macOS is still as safe is now a dated one.
Users are being advised to treat macOS as they would any other operating system or internet-connected device, by keeping software updated with security patches, only downloading apps from trusted sources such as the Mac App Store, and installing renowned third-party security tools.
However, while the threat environment may be shifting, social engineering remains the most common way of forcing entry, and all users should be wear of handing out sensitive information unless it is absolutely necessary.
“We expect a surge in the variety of stealers targeting macOS in 2025,” noted Mykhailo Pazyniuk, Malware Research Engineer at Moonlock. “During 2024 we’ve observed different threat actors trying to bypass Apple’s protection mechanisms, emphasizing on users as the weakest link in this attack chain. Therefore, threat actors haven’t bothered much with finding exploits in macOS itself just yet.”
“One thing is certain – since many stealers eventually did their job and managed to exfiltrate sensitive user data and their crypto assets, the market of MaaS and macOS exploits will continue to grow in 2025, possibly offering more ways to stay undetected for antivirus software,” Pazyniuk said.