In 2024, nearly two dozen new macOS malware families were identified, with a total of 22 new strains discovered, marking a steady increase compared to previous years. This number is similar to the figures reported in 2023, but significantly higher than in 2021 and 2022. The new malware families include stealers, ransomware, backdoors, and downloaders, but do not account for previously known adware or other malware from prior years. The emergence of these malware families highlights a growing threat to macOS users and their data security.
Among the new stealers identified in 2024 are CloudChat, Poseidon, Cthulhu, BeaverTail, PyStealer, and Banshee. These malware strains primarily target cryptocurrency wallets, keys, and sensitive browser data. For example, CloudChat focuses on stealing cryptocurrency wallets, while PyStealer, Banshee, and Poseidon steal similar data in addition to browser information. BeaverTail, linked to North Korean hackers, is known to steal data and deploy additional malicious payloads, showing the increasing complexity of attacks targeting financial data.
The ransomware category saw the emergence of NotLockBit, which not only encrypts victims’ files but also has basic stealer functionality. In the backdoors and implants category, SpectralBlur and Zuru were highlighted, with the former linked to North Korean threat actors and possessing download, upload, and execute capabilities. Zuru, first spotted in 2021, has seen new samples in 2024, possibly representing a completely new variant. Another new backdoor, LightSpy, has been used for espionage and recently included destructive capabilities in its updates.
HZ Rat, also targeting users in China, allows attackers complete control over infected macOS devices.
Additional backdoors and downloaders in 2024 included Activator, HiddenRisk, RustDoor, RustyAttr, and others, many of which are tied to North Korean and Chinese cybercriminals. These malware strains provide a wide range of malicious functions, from cryptocurrency attacks to remote access and data theft. Wardle provided detailed technical information for each malware family, including infection vectors, persistence mechanisms, and sample downloads, helping researchers and security experts better understand the threats posed by these new macOS malware families.