cyberstorehut security byte exclusively brings you Mosyle, the only Apple integrated platform. Simply work your Apple device and create an enterprise safe. Our unique integrated approach to management and security combines fully automated hardening and compliance, next-generation EDR, AI-powered Zero Trust, and cutting-edge Apple-specific security solutions for exclusive privilege management with the most powerful and modern Apple MDM on the market. As a result, the fully automated Apple Unified platform, currently trusted by over 45,000 organizations, can make millions of Apple devices function at an affordable cost. Request an extension test Understand why Mosil is everything you need to work with Apple today.
Every year, JAMF, the popular Apple device management platform, releases the Security 360: Annual Trends report. This analysis uses anonymized real-world data collected from 1.4 million Macs in 90 countries where JAMF software is installed.
Today, JAMF is available in the 2025 edition. This spans the past 12 months. This report offers a number of shocking insights, particularly a 28% surge in Infostealer malware, making it the leading Mac malware family type.
Important findings from the report
- 32% of organizations operate at least one device with critical (and patchable) vulnerabilities
- JAMF has identified around 10 million phishing attacks over the past year, with 150,000-200,000 of these attacks being classified as zero-day attacks
- 25% of organizations were affected by social engineering attacks
- Infostealers continues to grow in popularity. It is currently a major Mac malware family, accounting for 28.36% of all detected Mac malware
- 1 in 10 users clicked on a malicious phishing link
- Over 90% of cyberattacks are derived from phishing
Infostealers is beyond adware
“What started out as a machine for creative and executives has ingrained in the daily tasks of engineers and others. However, the continuous integration in the workplace makes it a bigger offensive surface for threat actors.”
It’s a long-term misconception that Macs can’t get malware. This may have been more true in the early 2000s, but certainly not today. Their increasing numbers put them on the map, for better or worse. Apple’s powerful built-in system security mechanisms are being sacrificed at record rates through Xprotect, both enterprises and personal Mac users. Today’s report from JAMF highlights which types of malware are causing the most chaos.
For the first time, InfoStealers overtaked adware as the dominant form of malware captured by JAMF users. Infostealers increased by 28.08%, outperforming adware at 28.36% of the total sample of malware samples analyzed.
If you follow Security Part-time jobs last year, this is no surprise. In fact, I was shocked that this was not yet the case among Jamf’s research.
As reported around this time last year, researchers have discovered attempts to target Mac users from state-sponsored hackers (DPRK) from North Korea (DPRK) through a troilized conference app. Of course, I’m talking about things other than the Beaverwelter.
Once infected, the malware establishes a connection between the Mac and the attacker’s command and control (C2) server, removing sensitive data such as iCloud keychain credentials. It was also discovered that the remote desktop application AnyDesk and keylogging software quietly installs against the background to take over the machine and collect keystrokes. Infostealers generally also target web browsers for credentials such as passwords and cryptocurrency wallet keys.
Often, being able to create infosealers, and all the forms of malware mentioned above, is extremely elusive that you can slip through anti-virus scanners like Virustotal without being detected. Cybercriminals are known to upload executables to platforms like Virustotal to ensure that malicious aspects are hidden enough to be detected by popular scanners. The downside is that you can see “good people” uploaded there.
So why is it becoming so popular?
We have seen Infostealers skyrocket over the past few years. Part of this is its accessibility and low barriers to entry. For example, underground crime groups are increasingly running malware as a service (MAAS) businesses. This is where malware developers create and maintain tools such as Infostealers and rent to affiliates with few technical skills. Affiliates get ready-made malware packages and oversee the person they like.
Other contributors include quick and excellent payments for attacks like ransomware. This can take Cybercriminal weeks or months for them to see the return.
Interestingly, Jamf’s report specifically mentions the abuse of Pyinstaller. Pyinstaller is a legitimate open source tool developer that is used to package Python scripts into standalone binaries. Attackers now use it to secretly package malicious Python scripts and send them to potential victims and run them on the machine. This is just one of many clever delivery techniques used.
How to protect against Infostealers
Apple pre-installs many valuable background services on every Mac to protect users from the horrors that lurk on the Internet, but in many cases these aren’t enough.
You may already know many of these tips, but I think it’s important to reflux again for the public.
- Do due diligence before installing anything outside the official Mac App Store
- Check across the link before opening them
- Uses strong, complex passwords and two-stage authentication (non-SMS, OTP is best if possible)
- Notes when granting permission to a Mac
- Keep your devices and applications up to date
Jamf’s security trends report is packed with dense and full of insights. I highly recommend reading. You can check it out here.
More about Apple Security
fOllow: Twitter/xLinkedIn, Threads
(TagStoTRASSLATE)Malware (T)Security Byte
