The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


Mac Malware Guide : What are the threats?

Published June 17th, 2012 at 3:26 PM EDT, modified March 4th, 2014 at 5:35 PM EDT

Classes of Malware

It is very important to understand that there are, by my definition, two different kinds of malware. One is the virus: malware that is capable of infecting a machine without user interaction. Some people further divide such malware, referring to viruses (programs that must attach to other programs) and worms (programs that spread without needing to attach to other programs). I personally do not find this distinction particularly useful, and will refer to both of these as viruses. Viruses always rely on some vulnerability in the system, as all systems strive to prevent untrusted code from running by itself.

The second kind of malware is called the trojan horse (or just “trojan”, for short). This malware is named after the famous wooden horse, filled with soldiers, that the Greeks tricked the Trojans into bringing into their city. Like the Trojan horse of legend, this class of malware relies on tricking the user into downloading, installing and running it. A trojan is only dangerous if it can trick you.

Viruses are, in my eyes, by far the more dangerous kind of malware. They often rely on security holes in the system that can allow the virus to sneak in without your knowledge. A trojan, on the other hand, relies on the user intentionally running it, and thus will not easily make its way onto a careful user’s machine.

Mac Malware

I have built a database of all known Mac malware over several years, assisted in part through collaboration with others in the Mac anti-malware community.  It’s always possible that it is not complete, of course, and new malware does appear from time to time.  If you discover something that is not on my list, please let me know!

Almost all of the malware that affects Macs lies firmly in the trojan category. There are a variety of “social exploits” (ie, ways to trick a human) that malware uses to get itself installed, but in the end, a wary user will probably not fall for them.  The only malware to-date that cannot be placed squarely in the trojan category is malware that uses Java vulnerabilities to install itself.

For the most part, there’s very little to be concerned about. Most are rare, to varying degrees between very and extraordinarily, and half of them either never were or no longer are a threat. Almost all of the ones that are real threats can be handled by anti-malware features in versions of Mac OS X starting with 10.5 (Leopard).

You may see much lengthier lists of malware on the sites of some anti-virus software vendors. In my experience, much of what appears on these lists is ancient… worrying about those things is like losing sleep for fear of dinosaur attacks. There were many more Mac viruses in the days before Mac OS X (though nowhere near the current number of Windows viruses), but none of those viruses can in any way affect a modern Mac.

Third-party software issues

Some malware is empowered by third-party software. The oldest example is the Word macro “virus,” which is seeing a little bit of a comeback since Microsoft added the scripting language they relied on back to the Mac version of MS Office, but those are pretty wimpy as malware goes. Older versions of MS Office also had a vulnerability that allowed a maliciously-crafted document to install executable code on the user’s machine. Similarly, Adobe Flash, if not kept updated, is a source of potential vulnerabilities that could let malware into the system.

Worst of all is Java. Java applets are used by some websites (not many at this point) for a variety of things. Unfortunately, Java has a history of vulnerabilities that can be, and have been, used to install malware. Further, Java applets can break out of their “sandbox” and get access to your system if you grant them permission, and they have been known to trick users into doing just that in order to install malware.

<- Table of contents How does Mac OS X protect me? ->

Post to Twitter


This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.