The top 10 types of malware that can infect your Mac

Ray Fernandez

Jul 25, 20236 min read

The top 10 types of malware that can infect your Mac (Header image)

Apple defines malware as “malicious software, which includes viruses, worms, trojan horses, and other programs that can harm your Mac or your privacy.” And while experts still do not agree on the exact quantity of malware that exists today, there are roughly 10 types of computer viruses in which malware can be categorized.

The 10 main types of computer malware to be aware of

As is the case on other devices, malware on a Mac can be installed when clicking or downloading items from emails, messages, and websites. Some malware can cause severe damage to a system, lead to financial losses, and impact a user significantly. Some types of malware are merely annoying, while others may be used to launch devastating attacks. 

In general, all malware falls within 10 types:

  1. Viruses
  2. Worms 
  3. Trojans
  4. Keyloggers
  5. Ransomware
  6. Spyware
  7. Adware
  8. Browser hijackers
  9. Rootkits
  10. Botnets

1. Viruses: The oldest type of malware

A virus is coded malware that usually breaches a computer as an executable or a word file program. 

Once a virus executes, it will replicate and can modify codes, programs, and critical parts of the system. It can cause a computer to slow down, make it vulnerable, or even cause the system to collapse. And while viruses may be the oldest type of malware, they are still a relevant and severe threat.

For example, in 2021, the security firm Red Canary detected the Silver Sparrow virus. Silver Sparrow can breach Mac computers that run on Intel chips or the new M1 chip. Macworld says Silver Sparrow infected approximately 30,000 macOS systems in 153 countries. No one knows what this virus does, but it connects to a server once an hour. Security experts assure us it is a severe threat and could be gearing up for a powerful attack. 

Viruses continue to evolve despite being the oldest tool in the arsenal of cybercriminals, and Mac users are no exception when it comes to virus attacks. CleanMyMac X, powered by Moonlock Engine, is the simplest way to detect and remove viruses on a Mac.

The Malware Removal module in CleanMyMac X, powered by Moonlock Engine

2. Worms: Malware that spreads through security vulnerabilities 

Worms use computer networks to spread. Unlike viruses, which need a program to run, worms do not need a host. They can also link to other connected systems and spread beyond the device. Worms often prey on security vulnerabilities. Open source code and code sharing, very popular among modern developers, are perfect opportunities for worms to thrive.

In August 2020, a worm linked to projects posted on Github, where millions of developers host and share code, began spreading through Mac computers. The malware known as XCSSET can access data of Safari, login Apple details, Google, Paypal, Skype, Telegram, and others. 

Cybercriminals use worms to steal data and credentials, inject code, and execute ransomware and crypto-jacking attacks. They can spread rapidly, and their shapeshifting capabilities make them very dangerous.

3. Trojans: Malware that unpacks other malware

Trojan horses, or simply “trojans,” gain access to a system and unpack different types of malware. They often present themselves as harmless, legitimate software and work in the background without the user knowing it. Worst of all, they can open backdoors for attackers to access devices.

For example, in 2021, a trojan called XcodeSpy spread through Xcode, a free application development environment created by Apple for developers to create apps that run on macOS, iOS, tvOS, and watchOS. Those who coded XcodeSpy used the code-sharing platform to create a trojan that, once installed on a Mac, opens backdoors and can download additional malware.

Sentinel Labs, the organization that discovered the trojan, says XcodeSpy can take screenshots, capture audio and video, upload and download files, and more.

4. Keyloggers: Malware that records what you type

The essence of a keylogger is straightforward. It is coded to register everything a person types. Cybercriminals use keyloggers to get passwords, credentials, financial information, and personal data. 

Keyloggers rarely come alone in an attack. They are employed in conjunction with other malicious software. The 2014 Ventir Trojan, for example, gains access and unpacks a backdoor, spyware, and a keylogger. And while keyloggers are not as sophisticated as other malware, they still pose a serious risk to data theft and privacy, giving away every single strike of a keyboard to a cybercriminal.

5. Ransomware: Viruses that demand a ransom

Ransomware is the fastest growing trend in cyber attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asserts that by 2021, there was one incident of ransomware every 11 seconds. Most ransomware attacks target small, medium, and large businesses.

In April 2021, the group Sodinokibi (REvil) executed a ransomware attack on Quanta, the Taiwan-based company that manufactures MacBooks. Attackers asked for $50 million in exchange for the encryption key. Quanta did not pay the ransom, and in retaliation, REvil leaked MacBook schematics and components.

6. Spyware: Eyes and ears on your device

Spyware is malware that installs in stealth mode on a device and spies on users. It can record audio, phone calls, text messages, screen activity, and video. Plus, it can access webcams and even install programs and change settings. 

The most infamous modern spyware is Pegasus. Pegasus was developed by the Israeli cyber-arms company NSO Group and is used by governments to spy on citizens, activists, and journalists, violating fundamental human rights. And while Pegasus targets iPhone and Android devices, smartphones are often linked to personal computers, meaning your Mac might be vulnerable.

7. Adware: The nightmare of ads

Alongside viruses, adware is one of the oldest types of malware around. Adware will bombard users with irrelevant ads. This type of malware slows down a computer, can make it crash, and may eventually damage the system. 

The main goal of an adware attack is to either disrupt a user by making it difficult for them to use their system or to reap money from the ads.

8. Browser hijackers: Viruses that take control of your browser

A browser hijacker, also known as a browser virus, is malware coded to take control of a browser. It can change browser settings and direct users to fake search engines or malicious pages. This type of malware is mostly just annoying and usually causes no immediate harm. However, users who are directed to malicious pages might download more dangerous malware.

Hackers tend to use legitimate or trusted sites to mount their attacks. Most browser hijackers use Akamai is not malware — it is a leading content delivery network used by companies like Facebook to stream audio and video and host downloads. But hackers use Akamai to control browsers and access browsing data.

Browser hijackers will slow down your Mac and occupy CPU and network bandwidth. They tend to breach computers through malicious pop-up warnings, bundling, and browser extensions.

9. Rootkits: Malware that steals admin privileges

Rootkit attacks are sophisticated and designed to give an attacker administrator root privileges. This kind of malware hides deep in the operating system. Often the only way of eliminating it is by reinstalling the OS. 

Rootkits give attackers privileges to control every aspect of a device. They can be used as backdoors to download malware and launch ransomware or botnet attacks. Additionally, rootkit malware can go on the offensive when users attempt to remove it. 

For example, the Thunderstrike malware, which appeared in 2015, installed a rootkit via Thunderbolt port using an infected host. Once installed, it could cause all sorts of damage, thanks to the administrator privileges the malware grants.

10. Botnets: Malware that infects multiple devices

Cybercriminals use the power of several computers to run botnet attacks, and each bot can infect another system. These are used for DDoS attacks, crypto-jacking, keylogging, and launching massive bulk malicious campaigns.

The first botnet attack to become world-famous was the Earth Link spammer, launched in 2000. The botnet sent over 1.25 million phishing email scams mimicking legitimate websites, Human Security explains. Another botnet attack in 2016, known as the Mirai botnet, left most of the east coast of the United States without internet access. 

While Mac security features may be the most impressive in the tech community, cybercriminals are getting more sophisticated in their attacks. Their toolbox is vast, and they are constantly creating new techniques to breach the Mac OS. Knowing what types of malware can affect your Mac and how they work is key to protecting your digital life.

Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.