5 min read

Top Cyber Threats Plaguing Mac Users in 2022


December 14, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Top Cyber Threats Plaguing Mac Users in 2022

Apple’s share of the global desktop market hasn’t changed much since last year, hovering at just over 15%. While far less common than the ubiquitous Windows, macOS still has enough users to attract attention from cybercriminals – especially since an excess of confidence leads many Mac fans to eschew a security solution. With 2022 drawing to a close, though, it’s time to take a fresh look at the top cyber threats Apple customers faced in the desktop realm.

A perpetual trio

Bitdefender data gathered over the 10 months from January to October 2022 reveals that macOS is still plagued by the same threats as before:

Trojans – Delivered through every avenue of attack imaginable, from social engineering techniques like spam and phishing, to infected torrents and warez downloads, to scams leveraging the victim’s favorite social networks.
Adware – Downloaded and installed with or without users consent, these freeware packages enable developers to make money from advertising other products, sometimes in an aggressive way and with spyware-like behavior. Adware typically installs itself, and it isn’t often honest about its intentions.
Potentially Unwanted Applications (PUAs) – Inhabting a gray area between nuisance and hazard, PUAs are most commonly found as freeware, repackaged applications, system cleaners or utilities with hidden functionality like data tracking and coin mining. PUAs sometimes also hijack the user’s browser, altering its functionality, changing the default search engine, installing plugins without consent, downloading additional software without asking permission, and even altering system settings.

As revealed in our latest Consumer Threat Landscape Report, Trojans accounted for 48% of attempted infections in 2021, followed by PUAs with a 37% share (factoring in coin miners, which we counted separately at the time), and Adware with 14%.

This year, the stats look like this:

·      Trojans remain the overall biggest threat to Macs, accounting for 54.7% of attacks.

·      PUA detections are down 17 percentage points, dropping to a 19.5% share in 2022.

·      Adware reports have risen by more than 11 percentage points since last year, reaching 25.5%. Adware activity was especially intense at the start of the year.

Come February, Trojan activity retook the lead, accounting for more than half of all file-based attacks on Macs – and remained relatively the same throughout the 10-month period.


Many of the Trojans caught in our net this year are old pieces of malware that keep landing on Macs via infected downloads. The most common piece of malware detected by our engines is the so-called ransomware EvilQuest, designed to not just to encrypt files and charge their owners money to unlock them, but also to phone back to base with stolen data in hand, including cryptocurrency wallets.

Because of its hit-and-miss capabilities, EvilQuest quite literally enjoyed 15 minutes of fame in 2020, when it first appeared on the scene. With the malware left out cold by its developers, most attacks today are immediately blocked – especially on Macs running an antivirus. EvilQuest tops our detections list because many warez and torrent sites still serve files tainted with the malware.

Trojans designed to exploit unpatched vulnerabilities, detected as ‘Exploit’ by our engines, were caught 8% of the time in the 10-month period. While the number may seem small, it’s enough to warrant incrementing your macOS to the latest version whenever Apple sends out an update.

Generic Trojan families were detected 19.5% of the time. Most of these attacks are designed to deliver secondary payloads with info-stealers or spyware.


Adware mostly infects Macs through the Adload Trojan (28.5%) which acts as an installer for a series of malware infections.

With a smaller but still formidable share, Bundlore adware accounts for 26.5% of adware infections in the 10-month period. As its name implies, Bundlore installs a bundle of adware applications – probably including one the user actually wanted, as it seeks to hide its nefarious goals, like intrusive pop-up ads that may redirect to malicious websites or data-gathering forms. Apps delivered through Bundlore are known to collect IP addresses, user names, search queries, visited URLs, and more.

Pirrit takes the third spot with a 16.3% attempted infection rate. Pirrit adware, delivered via application bundles, is designed to scoop up your personal data (name, email address, etc.) and share it with advertisers or hackers.

With a 13.8% share of the adware market, Genieo is a browser hijacker that typically impersonates an essential software update. Once downloaded, it installs itself without further user interaction and becomes almost impossible for users to remove. Genieo tracks browser usage and mines user data.

Potentially Unwanted Applications (PUA)

Most PUAs detected by our engines this year are generic in nature, meaning the apps’ individual characteristics are not easily classified or categorized. In other words, Generic PUAs do a little bit of everything, from tracking data and mining crypto to hijacking the user’s browser and delivering secondary payloads – some potentially classifiable as downright malware.

Installmiez was the most popular individual PUA name to come up over the 10-month period, with a 17.1% rate of detection. Installmiez is known to trigger a plethora of pop-up ads, file transfers and redirects, which may lead users to malicious sites.

Coin miners (11.5%) and pen-testing tools like Meterpreter (11.1%) also ended up in our net, since not all installs reveal their true intent Various so-called cleaner apps again made the rounds this year, pushing ads and directing users to bogus sites promoting scams and even malware.

2.2% of the PUAs we detected bore evidence of keylogging. And 1.6% of PUAs were jailbreaktools deployed intentionally by users seeking to eliminate restrictions on their iOS devices.

Protect your Mac

Most file-based threats targeting Macs remain predictable in nature, but it’s important to keep your guard up at all times. Bitdefender Antivirus for Mac offers real-time protection against all types of malware, including ransomware, and blocks and removes adware before it gets a chance to install itself on your system.

With Safe Files, you can prevent unauthorized changes to your most important files. Simply add folders to the watch list, and Bitdefender guards the files they store against ransomware and other threats. Only applications you explicitly deem trustworthy can access your Safe Files.

Time Machine Protection gives you the edge against malware that tries to encrypt or destroy your backups.

Our Traffic Light browser extension protects all your browsing, including your online shopping and banking, and can filter out inappropriate content. With automatic protection on, Bitdefender scans all links before you click on them, so you never unknowingly open harmful web pages.

Bitdefender AV for Mac also detects and removes Windows malware so you don’t pick it up and pass it on to PC users. Learn more at https://www.bitdefender.com/solutions/antivirus-for-mac.html.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like