A macOS malware spread via a fake Adobe Flash Player update, distributed via BitTorrent file sharing sites. The malware leverages shell scripts to install adware.
A DNS hijacker that can exploit devices running macOS. Researchers suspect it is being developed into a remote access trojan (RAT) with more advanced features.
A cryptocurrency-mining trojan targeting macOS that hides in pirated applications and secretly mines the Monero cryptocurrency using the user's CPU resources.
Wirelurker is a mobile Trojan affecting Mac OS X and iOS devices. The malware will infect a Mac device, then lay dormant, waiting for an iOS device to be connected by USB, where it will download itself on to the iOS device through the USB cable.
Filecoder.E targets macOS, is written in the Swift programming language, and it is distributed via BitTorrent through a file named “Patcher,” masquerading as a software pirating application. Once opened, the Torrent contains an application bundle for the victim to install.
A trojan targeting Mac OSX, typically distributed via email and uses a persistent pop-up to obtain a victim's password. It then gains administrative privileges and downloads the Tor client, redirecting traffic through Tor and allowing the threat actors to intercept all outgoing traffic.
A cryptocurrency mining trojan targeting the Mac operating system (OSX). It was the second-most widespread Mac malware variant in June 2017, accounting for 21.6 percent of all detections.
A trojan targeting Mac OS X systems first reported on in May 2015, packaged as an application bundle masquerading as an Adobe Flash Player update. A separate OceanLotus variant discovered in June 2017 is distributed via a ZIP file, likely sent as an attachment in an email.
A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.
Proton is a remote access trojan (RAT) targeting macOS, first dispatched in late 2016. It is being advertised on Russian underground hacking forums, YouTube videos, and a custom website.
The Adwind Trojan, also referred to as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRAT, is a remote access tool (RAT) discovered as Frutas in 2012. The Trojan's backdoor is written in Java allowing it to run on multiple platforms including Windows, Mac OS, Linux, and Android.