The cyber threat landscape has changed, and with it, users’ perception. In the second edition of Moonlock’s Mac Security Survey, users reveal their top concerns and what they think about malware, AI risks, passwords, security software, and much more.
A fading myth, AI scares, “software that fixes it all,” and IT support, please
Since 2023, when Moonlock released the first Mac Security Survey, Apple users have increased their cybersecurity awareness levels.
Today, users are well aware that Apple devices are not immune to cyberthreats. They are also keeping a close eye on AI risks and are interested in cybersecurity solutions that mitigate the threat of malware.
But it’s not all good news. Users may be too heavily relying on software solutions, assuming that good cyber habits are no longer as important.
Mac Security Survey 2025: Key findings
Let’s look at the key findings of this new survey and how users’ insight into cybersecurity has changed in the past two years.
“Nothing can breach my Mac”
While in 2023, 28% of users believed that their Mac was impenetrable, today, that number has dropped to 15%.
This drop is a positive sign, as Moonlock has observed a significant increase in malware targeting macOS, especially infostealers. Knowing that your Mac isn’t failproof is the first step towards proper cybersecurity prevention.
AI scares Mac users
A staggering 72% of Mac users fear that AI accelerates advanced cyber threats. When it comes down to using AI for good, only 34% think AI-powered tools will protect them more.
Of even greater concern, half of all Mac users surveyed believe they do not have control over the data they share with AI.
Over-worrying about threats?
The survey also found that users may be overly concerned about threats. For example, 72% of users said identity theft is a top concern for them, but only 16% have ever experienced it.
This mismatch in perception versus reality may be amplified by the increased coverage of cybersecurity news and awareness campaigns. But all this worrying is not entirely baseless. The survey found that 66% of Mac users have faced at least 1 type of threat in the past 12 months.
Can software make up for poor cybersecurity habits?
More than half (64%) of users surveyed said “proper software” alone can fully protect them. Meanwhile, 58% of users say they reuse passwords on different accounts, and 59% save them in browsers — stealer malware’s favorite place to search for them.
A piece of software that magically takes care of all cybersecurity problems would be wonderful. Unfortunately, it’s a fantasy.
While antivirus and anti-malware solutions today are state-of-the-art technologies, they cannot cover all blind spots. And user habits are a major blind spot.
XProtect who?
Only 4% of Mac users named XProtect — Apple’s built-in anti-malware tool — as their antivirus software.
While they use iCloud Keychain, FileVault, and other Apple security features, for some reason, users don’t favor XProtect. In fact, 62% said the security tool most often purchased separately is an antivirus.
Tech support
Apple users report that they keep up with news and like to be informed on cybersecurity threats. Furthermore, 68% would jump at the opportunity to speak to a “qualified expert” about online security. This number has risen from 53% in 2023.
Interestingly, 1 in 3 Mac users turns to AI for IT and security advice. The same number still prefer old-school channels for tech support, such as forums, articles, videos, or simply asking friends.
Why have Mac users become more cybersecurity savvy?
As mentioned, the survey found that Mac users in 2025 are more on top of their cybersecurity game than they were in 2023, increasing their levels of awareness. We asked Moonlock Lab, our in-house research team, why they think that is.
“As more people experienced malware first-hand, their perception of Mac security may have soured,” said Mykhailo Pazyniuk, Malware Research Engineer at Moonlock Lab.
In 2024, malware detections on Macs protected by Moonlock Engine rose by 20% since 2023.
On the other hand, Moonlock noticed that detections in 2025 have dropped to near-previous levels. However, this drop doesn’t mean malware isn’t on the rise. Rather, it implies a more dangerous fact.
“macOS malware has become more serious and industrialized, and news about it leaves stronger impressions on Mac users,” said Pazyniuk.
macOS malware has become more serious and industrialized, and news about it leaves stronger impressions on Mac users.
Mykhailo Pazyniuk, Malware Research Engineer at Moonlock Lab
Cybersecurity awareness does not come without challenges
As macOS malware becomes more efficient, evasive, and sophisticated, users are trying to keep 1 step ahead of attackers by learning how cyberattacks work and evolve, and sticking with good digital practices.
But the increase in cybersecurity awareness opened up a whole new set of challenges for users. 32% of those surveyed said they find it hard to find reliable information on Mac security, and 68% wanted to talk to online experts.
About half (68%) said they know what to do or who to ask for help when they run into a problem with their Mac. Additionally, 36% worry often about getting things wrong on their Mac and are “afraid of failure.”
Are you worried about AI? You’re not alone
With AI being the big star of global tech, it’s no surprise that Mac users are concerned about the risks the technology poses.
The top concerns and thoughts they have on AI, according to the survey, are:
- How hackers can use AI to create more advanced threats (72%)
- Lack of control of the data that AI collects for them (54%)
- AI could make my security software more secure (34%)
“AI accelerates the cat-and-mouse game we’re in,” Kseniia Yamburh, Malware Research Engineer at Moonlock Lab, said in the report.
So, what can AI really do for hackers today?
Given the AI concerns that users have, let’s look at what AI can and cannot do today, and what type of AI malware samples Moonlock Lab has already identified.
First off, AI-core-powered malware is only a theory at this point. However, bad actors do use AI in several ways, including:
- Enhancing, speeding up, and growing cyber attacks
- Boosting the performance of their social engineering tactics and processes
- Scaling cyberattacks customized for speed
- Developing deepfake videos, audio, and more convincing spear-phishing messages
- Automating the development of phishing or malicious landing pages that distribute malware
- Developing more convincing scripts for pig-butchering scams, toll scams, and other common scams being modernized by AI
Fortunately, cybersecurity teams are also leveraging the technology for good.
“Security teams are getting faster in detection, analysis, and blocking threats with the help of AI, too,” said Yamburh.
Moonlock has already identified malware in the wild that uses the OpenAI API to generate “highly personalized phishing content. They also found a botnet that uses AI for social engineering and phishing through libraries like Selenium.
On the other hand, Moonlock Lab has also identified a Russian-speaking attacker, barboris, using ChatGPT to create a macOS stealer packaged with PyInstaller, removing the need for any coding experience.
“This malware extracted data from iCloud Keychain and targeted crypto wallets,” said Yamburh.
Stealers, passwords, and keychain security
As has been the case for the past 2 years, information stealers are a major priority. This rather new malware, combined with a lack of good password habits, can be very damaging for Apple users.
“Infostealers are growing on Macs, and how people handle their passwords can determine whether the damage stays minor or ends in a total account takeover,” said Yamburh.
Infostealers are growing on Macs, and how people handle their passwords can determine whether the damage stays minor or ends in a total account takeover.
Kseniia Yamburh, Malware Research Engineer at Moonlock Lab
Yamburh explained that stealers have evolved to bypass browser security to access passwords stored there.
“The situation gets even worse when attackers also get access to corporate SSOs or Google Workspace,” said Yamburh. When this happens, bad actors can take complete control of a victim’s personal and work life.
While the Moonlock Mac Security Survey 2025 found that users are taking fewer risks since 2023 — with a higher percentage aware of the dangers of cracked software, skipping app updates, or accepting friend requests from strangers — passwords are still a big problem.
Nearly half of users said they use the same password for different accounts. They also said they save them in their browsers to avoid the hassle of typing them in. This is a major vulnerability.
A majority (72%) use iCloud Keychain as their password manager, a feature that stealers like AMOS have been known to breach.
Over 66% of users report cyberattacks against Macs in the past year
A shocking 66% of users surveyed reported a cyberattack in the past 12 months.
When it comes down to personal data breaches, only 27% answered “No” to the question, “Have you, your friends, or your family experienced the following in the past 12 months?”
Only 26% said the same about malware, viruses, or trojan cyberattacks, and only 24% did not report any case of account hacking or password theft.
The more well-known threats, like identity theft, account hacking, and data breaches, worry Mac users the most. Meanwhile, the least-known cyberattacks and malware, such as adware, infostealers, and crypto drainers, sit at the bottom of the list.
About half of those surveyed said they expect to experience a cyberattack in the near future, including crypto drainers, infostealers, spyware and keyloggers, deep fakes and AI-deception, insecure online payments, identity theft, social engineering, malware, and other breaches.
What security software do Mac users love?
Finally, when it comes to security software, Mac users rely on Apple’s in-house tech but also on third-party providers, especially when choosing an antivirus or anti-malware solution.
Only 9% of users said they do not use any specialized security tool whatsoever. Half use third-party password managers, 48% use antivirus software, and 34% use firewalls or network filters.
Fortunately, browsers with built-in security features are becoming rather popular, with 37% of those surveyed reporting using them. But adblockers and tracker blockers get more love, with 46% saying they use those.
About half (57%) still rely on macOS’s built-in firewall and network filter, and 62% use Time Machine to solve data loss issues. Finally, to encrypt files, about half (56%) use Apple’s own FileVault.
“This shows a strong level of trust in Apple’s native security ecosystem but also indicates that many users may not be exploring or adopting additional layers of protection beyond the defaults,” the Moonlock Mac Security Survey 2025 reads.
Final thoughts
Mac cybersecurity is in constant flux. As bad actors level up their game, turn to AI, and modernize scams, Mac users are shifting their priorities, too.
Today, users are more interested in keeping up to date with security issues and are actively looking for help, having lost their innocent belief that Macs cannot be breached. They are increasingly turning to in-house and third-party providers for security solutions.
While concerns and risks are abundant, the survey reveals a more engaged Mac community. And while gaps still exist and room for improvement remains abundant, users are more aware and genuinely interested in protecting their Macs, their accounts, and their data.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac and macOS are trademarks of Apple Inc.
