Calisto

A trojan infecting devices running macOS that gathers information on an infected system and sends the data to a command-and-control server, and enables remote access to the system and screen sharing.

Read More
NJCCIC
Shlayer

A macOS malware spread via a fake Adobe Flash Player update, distributed via BitTorrent file sharing sites. The malware leverages shell scripts to install adware.

Read More
MacOS MalwareNJCCICshlayer
MaMi

A DNS hijacker that can exploit devices running macOS. Researchers suspect it is being developed into a remote access trojan (RAT) with more advanced features.

Read More
MacOS MalwareNJCCICmami
Wirelurker

Wirelurker is a mobile Trojan affecting Mac OS X and iOS devices. The malware will infect a Mac device, then lay dormant, waiting for an iOS device to be connected by USB, where it will download itself on to the iOS device through the USB cable. 

Read More
MacOS MalwareNJCCICWirelurker
Filecoder.E

Filecoder.E targets macOS, is written in the Swift programming language, and it is distributed via BitTorrent through a file named “Patcher,” masquerading as a software pirating application. Once opened, the Torrent contains an application bundle for the victim to install.

Read More
MacOS MalwareNJCCICFilecoder.E
Dok

A trojan targeting Mac OSX, typically distributed via email and uses a persistent pop-up to obtain a victim's password. It then gains administrative privileges and downloads the Tor client, redirecting traffic through Tor and allowing the threat actors to intercept all outgoing traffic.

Read More
OceanLotus

A trojan targeting Mac OS X systems first reported on in May 2015, packaged as an application bundle masquerading as an Adobe Flash Player update. A separate OceanLotus variant discovered in June 2017 is distributed via a ZIP file, likely sent as an attachment in an email.

Read More
MacSpy

A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.

Read More
Proton

Proton is a remote access trojan (RAT) targeting macOS, first dispatched in late 2016. It is being advertised on Russian underground hacking forums, YouTube videos, and a custom website.

Read More
FruitFly

Quimitchin, referred to by Apple as “Fruitfly,” is a Trojan used to target the Mac OS X operating system. Researchers at Malwarebytes discovered the Trojan in cyberespionage attacks targeting biomedical research centers.

Read More
Komplex

Komplex is a Trojan that targets systems running Mac OSX, specifically those used in the aerospace industry. It is distributed via malicious email attachments disguised as a PDF file and exploits a vulnerability in the MacKeeper antivirus application to deliver the payload.

Read More
MacOS MalwareNJCCICKomplex