Apple MacBook laptop

8 new threats to Mac security in 2023

Contrary to popular opinion, Macs are far from invulnerable. In fact, every day, cybercriminals develop new tools and programs to make it easier to access the valuable data stored on Apple machines. In 2023 alone, dozens of new malware and new vulnerabilities have been discovered, demonstrating that Mac users need to go out of their way to stay safe from attack. Here are some of the worst threats to Mac users so far in 2023, which should compel users to download additional antivirus solutions for Mac devices.

Downfall Vulnerability

Though not malware in itself, this gaping vulnerability in Intel processors allowed easier access into both Macs and PCs for the better part of a decade — though it was only just discovered by security researchers in August 2023. All Mac users with processors from 2015 or later might need to take extra precautions to keep their devices safe until Apple releases a macOS update to address the vulnerability.

Exploit hVNC

This hacking malware allows threat actors to gain control of insecure Macs remotely through hVNC, or Hidden Virtual Network Computing — a variation of a legitimate tool for managing remote work. Most victims of hVNC attacks are totally unaware that their devices are being monitored and managed by cybercriminals. Fortunately, Exploit hVNC is spread like any other malware, which means the right antivirus tools and appropriate cyber hygiene should keep Mac users safe.


ShadowVault is one of the latest Ransomware as a Service (RaaS) offerings from the dark web, meaning that anyone willing to pay $500 per month can use the ransomware to launch attacks. This particular ransomware searches Macs for usernames, passwords, payment card numbers and crypto wallets before locking down all other data and demanding ransoms from victims. Mac users should know better than to pay ransoms, which rarely fix their malware problem; instead, they should prepare for ransomware with services from reputable security providers, which not only defend against most ransomware infections but also assist in recovery from successful ransomware attacks.


JokerSpy is what’s known as a backdoor malware, which means that once it finds its way onto a Mac, it rapidly creates a backdoor through which its operators can easily come and go as they please. Backdoor malware can have devastating repercussions because even after the removal of the initial infection, hackers will continue to have access to a user’s device until the backdoor itself is discovered and closed, which usually requires expert assistance.


AMOS stands for Atomic macOS Stealer, and this malware was named such due to its targeting of macOS and its relentless efforts to steal private information about macOS user accounts, Mac system information and private files on the Desktop and in the Documents folder. Fortunately, experts know a good amount about how AMOS operates and how it is spread — via unsigned .dmg files — so Mac antivirus tools should block infections with ease.


This sneaky AppleScript file was created by an elite North Korean hacking agency dedicated to obtaining intelligence for the government. It spreads by masquerading as a PDF viewer application and activates when Mac users read a particular file. Once on a device, the malware searches for useful information. Because attacks have been highly targeted, focused on finance-related institutions, it seems likely that this malware was created for North Korean revenue generation.


MacStealer scours a Mac user’s browsers — specifically Firefox, Chrome and Brave — for passwords, cookies and credit card data, and it sends this valuable info back to its operators. Perhaps most interesting about MacStealer is its effectiveness on the latest macOS updates, which is uncommon; usually, Mac malware takes advantage of more outdated operating systems to more easily infiltrate devices and steal data.


XMRig is actually a legitimate, open-source utility that users can install to perform their own crypto-mining. Unfortunately, criminals have hijacked it and hidden it in a pirated copy of Final Cut Pro to take advantage of the processing power of unsuspecting victims. XMRig will run in the background, with Mac users none the wiser, and any cryptocurrency mined is sent directly to the hacker’s wallet.

Mac users tend to rest on outdated misconceptions about their devices’ inherently superior security rather than take any meaningful steps to protect themselves from cyber attack. However, with more users migrating to Apple devices, threat actors are working hard to create malware that can penetrate Macs’ defenses.

Share This