According to Malwarebytes' 2025 State of Malware report released this week, macOS stealers are a growing kind of malware on the Mac.
.jpg)
Historically, VSearch adware and the Genieo browser hijacker have been the most common types of Mac malware. However, dangerous malware is becoming more prevalent, and in 2024, a new wave of information-stealing spyware was discovered.
Stealers are made to find passwords, cryptocurrency, authentication cookies, credit card information, and other important data that thieves can exploit to profit.
When a Mac user looks for a legitimate software product and then uses a malicious Google or Bing search ad to download an infected replica version of the software they were looking for, malicious apps that steal information are usually installed. Based on search terms, operating system, software, and location, attackers can show tailored advertisements for malicious software.
The information stealer known as Atomic Stealer (AMOS), which first appeared in 2023, is frequently employed, and criminals are increasingly using a variant of AMOS called Poseidon. Poseidon claims to be able to steal passwords from online browsers and certain password managers, in addition to cryptocurrencies from over 160 wallets. Poseidon downloads have tricked unwary Mac users into installing the virus by impersonating trustworthy Mac programs, such as the Arc Browser.
According to Malwarebytes, macOS stealers like as Poseidon provide hackers access to private data, credentials, and the ability to craft convincing social engineering scams.
It is crucial to confirm that software is being downloaded from a reputable developer and not a fake website in order to prevent this type of attack.
