{"id":751,"date":"2024-05-09T08:28:23","date_gmt":"2024-05-09T08:28:23","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=751"},"modified":"2025-07-28T08:30:13","modified_gmt":"2025-07-28T08:30:13","slug":"operating-systems-and-the-malware-myths-that-still-persist-macos-windows","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/operating-systems-and-the-malware-myths-that-still-persist-macos-windows\/","title":{"rendered":"Operating Systems And The Malware Myths That Still Persist \u2013 MacOS & Windows"},"content":{"rendered":"\n
\"\"\/<\/figure>\n\n\n\n

In the last article we looked exclusively at Linux malware myths. In this part, both MacOS and Windows turn for a myth-busting session. First, we\u2019ll take a look at the stubborn myths that still cling to MacOS regarding malware and its supposed invulnerability to malicious software. Then, we\u2019ll take a look at Windows, who has been the whipping boy for these myths. Often if MacOS doesn\u2019t get malware then the Apple fan will support their argument by pointing the finger at Windows as being the issue.<\/p>\n\n\n\n

MacOS Myths<\/h2>\n\n\n\n

For those who have read our previous article regarding Linux malware and the stubborn myths regarding it some of these will sound awfully similar. First, we\u2019ll cover the myths, then we\u2019ll look at instances of MacOS malware that have surfaced in the wild to obliterate those myths.<\/p>\n\n\n\n

Macs Don\u2019t Get Malware<\/h3>\n\n\n\n

This myth seems to have its roots in an ad campaign Apple signed off on that essentially stated that Macs, Apple computers running MacOS about the original Apple Macintosh computers, don\u2019t get viruses. One such ad ran in 2006 and is still available to watch on YouTube<\/a>, and that still results in security researchers releasing audible sighs.<\/p>\n\n\n\n

Despite the advertisement\u2019s use of the term viruses, which was incorrectly used to describe malware on Windows machines for a time; Macs, and by extension MacOS can and does get malware infections, including malware specifically designed for the operating system.<\/p>\n\n\n\n

There isn\u2019t a lot of MacOS Malware<\/h3>\n\n\n\n

Similar in erroneous thinking to the market share myth regarding Linux malware, because MacOS does not share as much of the market as Microsoft\u2019s Windows, it\u2019s not worth it to develop malware for the platform.<\/p>\n\n\n\n

The statistics just don\u2019t support this assumption in any way. Since 2012 there has been a continued increase in MacOS malware as well as a most recent trend of cross-platform malware designed to infect Linux, MacOS, or Windows. This also does not include the potentially unwanted programs and adware that can infect Apple machines.<\/p>\n\n\n\n

MacOS is Somehow more Secure than Windows<\/h3>\n\n\n\n

This myth likely has its beginnings when Apple chose for its Mac products to be based on the UNIX operating system standard, a mature standard deemed to be security orientated. Since then MacOS has seen several security improvements that have, unfortunately, fed the myth. <\/p>\n\n\n\n

The truth is no system, even an operating system designed by Apple (sorry, not sorry, Apple fans), is not perfect and several methods have been seen that allow threat actors to bypass security features and install malware. The most recent of which was a zero-day exploit being declared and patched in 2023<\/a>. The flaw was actively being exploited in the wild and impacted MacOS and iOS devices.<\/p>\n\n\n\n

The counter some MacOS prophets will give to counter this reality is that MacOS comes with XProtect, an anti-malware application generally hidden from users and cannot be turned off. These are all certainly positives in MacOS\u2019s favor. However, it should be noted that XProtect is signature-based, meaning it can only prevent malware infections that Apple security researchers have seen. Against a dreaded zero-day exploit that grants a threat actor privileged access to a machine, very little can be done bar a patch being released as a matter of priority.<\/p>\n\n\n\n

MacOS Malware in the Wild<\/h2>\n\n\n\n

One of the myths that also still circulate the Internet is that MacOS malware, while it exists, is limited to adware and potentially unwanted programs (PUPs). This section is dedicated to showing that far more malicious forms of malware, including ransomware, can infect MacOS and iOS devices.<\/p>\n\n\n\n

KeRanger<\/h3>\n\n\n\n

In 2016, the first detected instance of ransomware that can infect Apple machines was detected, KeRanger<\/a>. Researchers from Palo Alto summarized their discovery by stating,<\/p>\n\n\n\n

\u201cOn March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware \u201cKeRanger.\u201d The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.<\/p>\n\n\n\n

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site (hxxps:\/\/download.transmissionbt.com\/files\/Transmission-2.90[.]dmg) Transmission is an open source project. It\u2019s possible that Transmission\u2019s official website was compromised and the files were replaced by re-compiled malicious versions, but we can\u2019t confirm how this infection occurred.\u201d<\/p>\n\n\n\n

Calisto Backdoor<\/h3>\n\n\n\n

In 2018, the Calisto Backdoor was discovered<\/a> after remaining undetected on infected machines for at least two years before its discovery by security researchers. In later campaigns the backdoor was distributed in the form of an unsigned DMG image posing as Intego\u2019s Internet Security X9 for MacOS. The threat looked convincing enough to trick users, especially users not acquainted with Intego\u2019s security application or those merely assuming it was legitimate. It should be noted that the backdoor uses a hidden directory named \u201c.calisto\u201d to store keychain storage data, data extracted from the user login window, network connection information, and Google Chrome data. All information that can result in significant financial loss for the victims.<\/p>\n\n\n\n

OSX.Imuler Trojan<\/h3>\n\n\n\n

The earliest of the selected examples, the OSX.Imular Trojan was discovered in 2011<\/a>. The impressive featured trojan is also capable of stealing sensitive information and dropping other malware strains. The malware\u2019s features include:<\/p>\n\n\n\n