Dark Web threat actors have increasingly targeted Mac computers [1] [2] [3], with a tenfold increase in attacks since 2019 [1], according to Accenture’s threat intelligence unit [1]. This trend has continued into 2023, with activity intensifying in the first half of the year [3]. The rising adoption of macOS in enterprise infrastructure has attracted the attention of these threat actors.


They have developed and advertised macOS-specific infostealer strains [2], sold tools and services targeting macOS systems [2], and offered macOS enterprise certificates for malware distribution [2]. Additionally, they are focused on bypassing macOS Gatekeeper to deploy malware through untrusted applications. The scarcity of macOS-specific tools and exploits has driven up their prices [2], making them highly profitable for skilled actors [2]. Some ransomware groups [2] [3], like LockBit 3.0 [2] [3], are also developing macOS-focused versions of their ransomware [2] [3]. Monitoring the dark web for threat intelligence on the latest tactics and procedures concerning threats to macOS is recommended to stay ahead of these evolving threats [3].


The increasing targeting of Mac computers by Dark Web threat actors poses significant risks to individuals and enterprises. The development and distribution of macOS-specific malware strains, along with the bypassing of security measures, highlight the need for enhanced cybersecurity measures for macOS systems. It is crucial for organizations to monitor the dark web for threat intelligence and stay updated on the latest tactics and procedures used by threat actors. By doing so, they can proactively mitigate the risks and protect their systems from evolving threats.


[1] https://www.darkreading.com/attacks-breaches/accenture-sees-big-mac-attacks
[2] https://www.accenture.com/us-en/blogs/security/dark-web-mac-os
[3] https://betanews.com/2023/08/07/cybercriminals-step-up-their-targeting-of-macos/