Malware Targeting Macs: The Prevention Steps Work For All Operating Systems

July 31, 2025

North Korean hackers have been targeting Mac users by disguising malware within seemingly harmless macOS applications.

These apps, which include a game called Minesweeper and a note-taking app referred to as Notepad, appear legitimate but are actually tools for infecting devices with malicious software.

The malware, discovered by Jamf Threat Labs, operates by hiding within these applications and using a technology called Flutter, which is often used to create apps that work on multiple devices. This technology's unique structure helps hackers conceal their malicious code, making it harder for experts to detect.

Once installed, the malware connects to a remote server to receive instructions, which could include running commands on the infected computer without the user's knowledge.

One method the malware uses is running AppleScripts, a type of script built for macOS systems, to quietly execute commands that can steal data or control the device. Alarmingly, some versions of this malware had been signed and approved by Apple's security system before experts identified the threat, indicating that the hackers were testing the limits of their schemes without raising suspicion.

This malware is not just a random act of cybercrime; it has ties to tactics and techniques often associated with North Korean hackers. Experts have identified similarities between this malware and previous attacks linked to North Korea, including the use of certain coding methods and domains known to be exploited by the country's cyber teams.

North Korea has a history of using cyberattacks to fund its operations or disrupt systems worldwide, often targeting financial systems or vulnerable individuals. In this case, the malware appears to be in the testing phase, potentially laying the groundwork for a larger attack in the future.

Commentary

Cybercriminals, including those from nation states, have traditionally avoided targeting Macs for several reasons.

First, the market share of macOS is significantly smaller compared to Windows, making it less attractive for cybercriminals who aim to maximize their impact.

Additionally, macOS is built on a Unix-based architecture, which is inherently more secure due to its permission-based system that restricts unauthorized access to critical system files. Apple's robust security measures, such as Gatekeeper, XProtect, and Notarization, also contribute to making macOS a less appealing target for hackers.

However, the malware targeting Macs in this instance is different because it uses advanced techniques to bypass these security measures.

To limit exposure from this and other types of malware, Mac users can take several precautions:

  • Only download applications from the official Mac App Store or from trusted developers. Avoid downloading software from unknown or suspicious websites.
  • Regularly update your macOS to ensure you have the latest security patches and updates. Apple frequently releases updates to address vulnerabilities.
  • Ensure that Gatekeeper is enabled to prevent the installation of untrusted apps. XProtect, macOS's built-in antivirus, should also be active to detect and block known malware.
  • Consider using reputable antivirus software that provides an additional layer of protection against malware.
  • Avoid opening email attachments or clicking on links from unknown or untrusted sources, as these can be vectors for malware distribution.
  • Regularly back up your data using Time Machine or another backup solution. This ensures that you can recover your data in case of a malware attack.

The final takeaway is no matter what type of device or operating system you use, the above loss prevention steps can help you lower your risk.


Sources: https://www.foxnews.com/tech/north-korean-hackers-use-disguised-apps-target-macs-hidden-malware; https://zatrana.com/why-macs-are-not-immune-to-cyber-attacks/https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/web; https://www.tomsguide.com/computing/online-security/new-macos-malware-uses-apples-own-code-to-quietly-steal-credentials-and-personal-data-how-to-stay-safe

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Do Employees Throw Other Employees Under The Bus? You Make The Call

A survey shows 61 percent of the workers surveyed claim to have been thrown under the bus, but 73 percent deny throwing others under the bus. What do you think?

Malware Targeting Macs: The Prevention Steps Work For All Operating Systems

North Koreans are using a new malware strain to target Macs. We go into the details, but also provide steps for all operating systems.

FMLA, Adverse Employment Actions, And Retaliation

An employee sues his healthcare employer under the FMLA. We review the facts and provide some background on the FMLA, retaliation, and adverse employment actions.

Using Due Diligence To Prevent Benefits Fraud And Self-Dealing

Several Apple employees are charged with a charity fraud scheme. We examine and provide some suggestions for limiting your organization's exposure.

Are You Part Of The Great Detachment? You Make The Call

An article coins the term "The Great Detachment". Are you detached? We want to know.