The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!

Mac Malware Guide : What are the threats?

Published June 17th, 2012 at 3:26 PM EDT, modified July 27th, 2014 at 4:39 PM EDT

Classes of Malware

It is very important to understand that there are, by my definition, two different kinds of malware. One is the virus: malware that is capable of infecting a machine without user interaction. Some people further divide such malware, referring to viruses (programs that must attach to other programs) and worms (programs that spread without needing to attach to other programs). I personally do not find this distinction particularly useful, and will refer to both of these as viruses. Viruses always rely on some vulnerability in the system, as all systems strive to prevent untrusted code from running by itself.

The second kind of malware is called the trojan horse (or just “trojan”, for short). This malware is named after the famous wooden horse, filled with soldiers, that the Greeks tricked the Trojans into bringing into their city. Like the Trojan horse of legend, this class of malware relies on tricking the user into downloading, installing and running it. A trojan is only dangerous if it can trick you.

Viruses are, in my eyes, by far the more dangerous kind of malware. They often rely on security holes in the system that can allow the virus to sneak in without your knowledge. A trojan, on the other hand, relies on the user intentionally running it, and thus will not easily make its way onto a careful user’s machine.

Mac Malware

I have built a database of all known Mac malware over several years, assisted in part through collaboration with others in the Mac anti-malware community.  It’s always possible that it is not complete, of course, and new malware does appear from time to time.  If you discover something that is not on my list, please let me know!

Almost all of the malware that affects Macs lies firmly in the trojan category. There are a variety of “social exploits” (ie, ways to trick a human) that malware uses to get itself installed, but in the end, a wary user will probably not fall for them.  The only malware to-date that cannot be placed squarely in the trojan category is malware that uses vulnerabilities in third-party software to install itself.

For the most part, there’s very little to be concerned about. Most are rare, to varying degrees between very and extraordinarily, and half of them either never were or no longer are a threat. Almost all of the ones that are real threats can be handled by anti-malware features in versions of Mac OS X starting with 10.5 (Leopard).

You may see much lengthier lists of malware on the sites of some anti-virus software vendors. In my experience, much of what appears on these lists is ancient… worrying about those things is like losing sleep for fear of dinosaur attacks. There were many more Mac viruses in the days before Mac OS X (though nowhere near the current number of Windows viruses), but none of those viruses can in any way affect a modern Mac.

Mac Adware

Adware is software designed to display advertisements to the user, usually within the web browser, and it is usually unwanted software. Most anti-virus software does not actually detect adware, and when it does, it usually identifies it as a “PUA” (Potentially Unwanted Application) rather than as malware. Mac OS X does not protect you at all against most adware.

Adware for the Mac always comes in the form of a trojan. It may pretend to be something the user wants (most commonly, a video plug-in or player), or it may “piggyback” on a legitimate download from an unethical site (like Softonic or

Adware is the biggest threat affecting Mac users today. It is easy for a careless download to result in infection, and removal can be difficult. Fortunately, adware on the Mac has never been documented to be a serious threat, stealing no personal information beyond browsing habits (in some cases), and removal can be accomplished with the aid of my Adware Removal Guide.

Third-party software issues

Some malware is empowered by third-party software. The oldest example is the Word macro “virus,” which is seeing a little bit of a comeback since Microsoft added the scripting language they relied on back to the Mac version of MS Office, but those are pretty wimpy as malware goes. Older versions of MS Office also had a vulnerability that allowed a maliciously-crafted document to install executable code on the user’s machine. Similarly, Adobe Flash, if not kept updated, is a source of potential vulnerabilities that could let malware into the system.

Worst of all is Java. Java applets are used by some websites (not many at this point) for a variety of things. Unfortunately, Java has a history of vulnerabilities that can be, and have been, used to install malware. Further, Java applets can break out of their “sandbox” and get access to your system if you grant them permission, and they have been known to trick users into doing just that in order to install malware.

<- Table of contents How does Mac OS X protect me? ->

This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.