{"id":99669,"date":"2024-01-26T15:57:25","date_gmt":"2024-01-26T23:57:25","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=99669"},"modified":"2024-04-04T12:59:04","modified_gmt":"2024-04-04T19:59:04","slug":"the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/","title":{"rendered":"The Mac and iPhone malware of 2023\u2014and what to expect in 2024"},"content":{"rendered":"<p><img loading=\"lazy\" class=\"alignnone size-full wp-image-99675\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-malware-review-600x300-1.jpg\" alt=\"\" width=\"800\" height=\"400\" \/><\/p>\n<p>Earlier this month, we reflected on the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-security-and-privacy-in-2023-the-year-in-review\/\">top security and privacy news that impacted the Apple ecosystem in 2023<\/a>. Today, it&#8217;s finally time to review <strong>the most notable Mac malware and iPhone malware campaigns<\/strong> of the past year. We&#8217;ll also forecast what we can expect to see more of in 2024.<\/p>\n<p>In this article:<\/p>\n<ul>\n<li><a href=\"#chron\">A chronological overview at 2023&#8217;s Mac and iPhone malware, by month<\/a><\/li>\n<li><a href=\"#categ\">A review of notable 2023 Mac and iPhone malware by classification<\/a>\n<ul>\n<li><a href=\"#steal\">Stealers<\/a>\u00a0\u2022 <a href=\"#apt\">APTs<\/a> \u2022 <a href=\"#iphone\">iPhone mercenary spyware<\/a> \u2022 <a href=\"#pua\">PUAs\/Scam apps<\/a> \u2022 <a href=\"#misc\">Other malware<\/a> \u2022 <a href=\"#fbi\">FBI takedowns<\/a> \u2022 <a href=\"#ai\">AI&#8217;s impact on malware<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"#forecast\">Malware forecast for 2024<\/a><\/li>\n<li><a href=\"#learnmore\">How can I learn more?<\/a><a name=\"chron\"><\/a><\/li>\n<\/ul>\n<h3>Mac malware and iPhone malware chronology of 2023<\/h3>\n<p>Following are some notable events in macOS and iOS malware in 2023, broken down by month.<\/p>\n<h4><strong>January<\/strong><\/h4>\n<ul>\n<li>New variants of <strong>CoinMiner<\/strong> cryptojacking malware emerged online.<\/li>\n<li>SentinelOne reported about <a href=\"https:\/\/www.sentinelone.com\/labs\/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>SparkRAT<\/strong><\/a>, cross-platform malware, being used in an attack campaign dubbed DragonSpark. Although it has a Mac variant, no Macs were reported to have been infected as part of this campaign.<\/li>\n<li>News stories claimed there was a new Dridex banking Trojan for Mac; Trend Micro later retracted its write-up after realizing that their analysts had found a 2019 sample.<\/li>\n<\/ul>\n<h4><strong>February<\/strong><\/h4>\n<ul>\n<li>Patrick Wardle discovered previously unknown malware that he called <strong>iWebUpdate<\/strong>. It was first uploaded to VirusTotal in September 2018, and was undetected until Wardle discovered it on Valentine&#8217;s Day.<\/li>\n<li>Several companies wrote analyses of recent cryptojacking malware samples. The write-ups referred to the samples as variants of <strong>CoinMiner,<\/strong> <strong>I2Pminer<\/strong>, or <strong>XMRig<\/strong>.<\/li>\n<\/ul>\n<h4><strong>March<\/strong><\/h4>\n<ul>\n<li>The FBI shut down the <strong>NetWire<\/strong> (NetWeird) commercial spyware distribution site. Better late than never, but unfortunately, NetWire had enabled surreptitious spying on Mac users for 11 years.<\/li>\n<li>Samples of <strong>RustBucket<\/strong> malware were uploaded to VirusTotal for the first time.<\/li>\n<li>A research team developed <strong>BlackMamba<\/strong>, a proof-of-concept polymorphic keylogger. What&#8217;s interesting is that BlackMamba was created using a large language model (LLM). This demonstrated the utility of using ChatGPT-like chatbots to generate malicious code.<\/li>\n<li>3CX voice-over-IP software was compromised and distributed Trojanized software infected with <strong>SmoothOperator<\/strong> malware. The company&#8217;s servers were infected with the <strong>POOLRAT<\/strong> backdoor.<\/li>\n<\/ul>\n<h4><strong>April<\/strong><\/h4>\n<ul>\n<li>MalwareHunterTeam discovered the <strong>LockBit<\/strong> ransomware group\u2019s first Mac malware.<\/li>\n<li>The same team also discovered <strong>GoSorry<\/strong> macOS malware in April.<\/li>\n<\/ul>\n<h4><strong>May<\/strong><\/h4>\n<ul>\n<li>The FBI shut down the <strong>Turla\/Snake<\/strong> malware operation. A Mac variant of this malware was discovered in 2017.<\/li>\n<li>The &#8220;Charming Kitten&#8221; APT group used <strong>NokNok<\/strong> in the wild against a U.S.-based organization.<\/li>\n<\/ul>\n<h4><strong>June<\/strong><\/h4>\n<ul>\n<li>A Web developer first blogged about his concerns over the <strong>NightOwl<\/strong> app\u2019s behavior.<\/li>\n<\/ul>\n<h4><strong>July<\/strong><\/h4>\n<ul>\n<li>Guardz published a report of <strong>ShadowVault<\/strong> Mac malware sold on the Dark Web (without verifying that samples exist).<\/li>\n<li>Proofpoint wrote a report exposing <strong>NokNok<\/strong> malware.<\/li>\n<li>Intego wrote about several <strong>malicious and suspicious iOS App Store apps<\/strong>.<\/li>\n<\/ul>\n<h4><strong>August<\/strong><\/h4>\n<ul>\n<li>Guardz published a report of a Mac variant of <strong>HVNC<\/strong> malware sold on the Dark Web (without verifying that samples exist).<\/li>\n<li>YCombinator\u2019s Hacker News linked to the June blog post about <strong>NightOwl<\/strong>; Intego investigated and wrote a detailed report about it.<\/li>\n<li>Jamf published a report about a new <strong>XLoader<\/strong> variant.<\/li>\n<\/ul>\n<h4><strong>September<\/strong><\/h4>\n<ul>\n<li>Intego warned of even <strong>more scam apps in iOS App Store<\/strong><\/li>\n<li>Mac data-stealer malware roundup: <strong>AtomicStealer<\/strong>, <strong>MetaStealer<\/strong>, <strong>Realst<\/strong> all active in September<\/li>\n<\/ul>\n<h4><strong>October<\/strong><\/h4>\n<ul>\n<li><strong>KandyKorn<\/strong> malware emerged; Elastic published a report about it on Halloween.<\/li>\n<\/ul>\n<h4><strong>November<\/strong><\/h4>\n<ul>\n<li>Intego discovered <strong>fraudulent apps using the xAI company name<\/strong> in the iOS App Store and Google Play Store.<\/li>\n<li>Jamf documents the <strong>ObjCShellz<\/strong> malware.<\/li>\n<li>Patrick Wardle analyzed the <strong>Turtle ransomware<\/strong>, which was first uploaded to VirusTotal that month.<\/li>\n<\/ul>\n<h4><strong>December<\/strong><\/h4>\n<ul>\n<li>AT&amp;T published a report about <strong>JaskaGO<\/strong> malware.<\/li>\n<li>Kaspersky published a report about <strong>WSClient<\/strong> malware.<a name=\"categ\"><\/a><\/li>\n<\/ul>\n<h3>Mac malware and iPhone malware of 2023, by category<\/h3>\n<p>There are various ways by which malware can be classified. For this section, we&#8217;ll use broad categories like advanced persistent threats and stealer malware, wherever they best fit.<a name=\"steal\"><\/a> (Note that some malware may fit into multiple categories.)<\/p>\n<h4><strong>Stealer malware<\/strong><\/h4>\n<p>The most fascinating Mac malware trend of 2023 was the sharp rise in stealer malware. Stealers are designed to exfiltrate sensitive data, often extracted from Web browsers on a victim&#8217;s computer. The types of targeted data often includes usernames and passwords, authentication cookies that behave as login credentials, and cryptocurrency wallets.<\/p>\n<p>Early in the year, as ChatGPT gained popularity, malware makers took notice. In March, we wrote about\u00a0<strong>FakeGPT<\/strong> Chrome extensions that hijack Facebook accounts by stealing authentication cookies. (As a side note, in late May and early June, a developer found <a href=\"https:\/\/www.intego.com\/mac-security-blog\/wwdc-new-macs-macos-sonoma-ios-ipados-17-and-vision-pro-intego-mac-podcast-episode-295\/#:~:text=Malicious%20Chrome%20browser%20extensions\">dozens of malicious extensions in the Chrome Web Store<\/a>.)<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"rwNQQuPZrt\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/fakegpt-trojanized-chatgpt-chrome-extension-hijacks-facebook-accounts\/\">FakeGPT: Trojanized ChatGPT Chrome extensions hijack Facebook accounts<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;FakeGPT: Trojanized ChatGPT Chrome extensions hijack Facebook accounts&#8221; &#8212; The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/fakegpt-trojanized-chatgpt-chrome-extension-hijacks-facebook-accounts\/embed\/#?secret=rwNQQuPZrt\" data-secret=\"rwNQQuPZrt\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Several Mac-specific stealer families emerged in 2023. These included <a href=\"https:\/\/www.intego.com\/mac-security-blog\/macstealer-mac-trojan-malware-steals-passwords-wallets-and-files\/\"><strong>MacStealer<\/strong><\/a>, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/atomic-stealer-thieving-mac-malware-sold-via-telegram\/\"><strong>Atomic Stealer<\/strong><\/a> (aka <strong>AMOS<\/strong>, short for Atomic macOS Stealer, which was distributed as part of the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/epic-shenanigans-nothingburger-and-rcs-intego-mac-podcast-episode-319\/#:~:text=What%20is%20ClearFake\">ClearFake campaign<\/a>), <strong>MetaStealer<\/strong>, <strong>GoSorry<\/strong>, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-stealer-malware-realst-disguises-itself-as-video-games-is-macos-sonoma-ready\/\"><strong>Realst<\/strong><\/a> and <strong>PureLand<\/strong>. Various incarnations steal passwords, cryptocurrency wallets, authentication cookies, and other files from victims&#8217; Macs.<\/p>\n<p>Stealer malware is often available as &#8220;malware as a service,&#8221; sold via Dark Web forums and Telegram. It&#8217;s commonly delivered in the form of a Trojan horse; typically victims think they&#8217;re downloading illegally cracked copies of commercial software, and their Mac gets quietly infected when they run it.<\/p>\n<p>Perhaps the most interesting example in 2023 was <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-stealer-malware-realst-disguises-itself-as-video-games-is-macos-sonoma-ready\/\">Realst Stealer<\/a>, which the developers updated quickly to improve macOS Sonoma support. This malware was distributed via elaborate social media marketing campaigns for video games, targeting people interested in NFTs (non-fungible tokens) and blockchains. The malware was designed to secretively steal victims&#8217; cryptocurrency.<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"B0jsBzaMCQ\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-stealer-malware-realst-disguises-itself-as-video-games-is-macos-sonoma-ready\/\">Mac stealer malware Realst disguises itself as video games, is macOS Sonoma-ready<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Mac stealer malware Realst disguises itself as video games, is macOS Sonoma-ready&#8221; &#8212; The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/mac-stealer-malware-realst-disguises-itself-as-video-games-is-macos-sonoma-ready\/embed\/#?secret=B0jsBzaMCQ\" data-secret=\"B0jsBzaMCQ\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Mac stealer malware continued to evolve and re-emerge through the year; we reported in September that <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-data-stealer-malware-roundup-atomicstealer-metastealer-realst-all-active-in-september\/\">AtomicStealer, MetaStealer, and Realst all had active campaigns that month<\/a>.<\/p>\n<p>In December, AT&amp;T discovered and wrote about <strong><a href=\"https:\/\/cybersecurity.att.com\/blogs\/labs-research\/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows\" target=\"_blank\" rel=\"noopener nofollow\">JaskaGO<\/a><\/strong>, which included command-and-control capabilities and thus was arguably one of the most severe stealer samples of the year.<\/p>\n<p>There were also reports of stealer malware being sold via the Dark Web for which their existence was not immediately confirmed:<a name=\"apt\"><\/a>\u00a0<a href=\"https:\/\/www.intego.com\/mac-security-blog\/shadowvault-is-the-latest-mac-data-stealer-malware-reportedly\/\"><strong>ShadowVault<\/strong><\/a> and <a href=\"https:\/\/www.intego.com\/mac-security-blog\/did-chatgpt-find-mac-malware-on-the-dark-web-report-of-hvnc-macos-variant\/\"><strong>MacHVNC<\/strong><\/a>.<\/p>\n<h4><strong>Advanced persistent threats (APTs)<\/strong><\/h4>\n<p>There was a ton of Mac malware that APT groups developed and deployed in 2023. Most of them were attributed to threat actors commonly believed to be operating on behalf of North Korea, including the Lazarus Group and BlueNoroff.<\/p>\n<p>The 3CX VoIP company was compromised in March 2023. The company stated that its \u201cmacOS build server was compromised with <strong>POOLRAT<\/strong> backdoor\u201d malware. 3CX unknowingly distributed Trojanized copies of its own software that were infected with <strong>SmoothOperator<\/strong> malware. Infected computers would connect to a command-and-control server. There was some debate as to who was behind the attack; some reported it was the <a href=\"https:\/\/www.intego.com\/mac-security-blog\/topic\/lazarus-group\/\">Lazarus Group<\/a>, others claimed it was a Lazarus sub-group called Labyrinth Chollima, and still others believed it was UNC4736\u2014another group with ties to North Korea.<\/p>\n<p><strong>KandyKorn<\/strong>, a full-featured backdoor, emerged in October. Security researchers at Elastic <a href=\"https:\/\/www.elastic.co\/security-labs\/elastic-catches-dprk-passing-out-kandykorn\" target=\"_blank\" rel=\"noopener nofollow\">wrote about it on Halloween<\/a>. The malware was reportedly designed to infect blockchain engineers. Elastic attributed this threat to the Lazarus Group.<\/p>\n<p>At least two Mac malware campaigns were attributed to North Korean APT group BlueNoroff, which some believe to be a sub-group of, or at least to have ties with, Lazarus Group. The first was <a href=\"https:\/\/www.intego.com\/mac-security-blog\/rustbucket-apt-group-targets-macs-with-pdf-trojan-malware\/\"><strong>RustBucket<\/strong><\/a>, which spread in March via Trojan malware disguised as a PDF viewer. In November, Jamf reported on <a href=\"https:\/\/www.jamf.com\/blog\/bluenoroff-strikes-again-with-new-macos-malware\/\" target=\"_blank\" rel=\"noopener nofollow\"><strong>ObjCShellz<\/strong><\/a>, which was presumed to have spread through targeted social engineering attacks, like RustBucket.<\/p>\n<p>In June, an APT group targeted a Japanese cryptocurrency exchange with <a href=\"https:\/\/www.intego.com\/mac-security-blog\/jokerspy-backdoor-mac-malware-discovered-in-the-wild\/\"><strong>JokerSpy<\/strong><\/a> malware. JokerSpy&#8217;s origin was unconfirmed, but malware researcher Patrick Wardle <a href=\"https:\/\/objective-see.org\/blog\/blog_0x77.html#:~:text=hard%20coded%20C%26C%20server%20address%20overlapped%20with%20a%20other%20DPRK%20intrusions\" target=\"_blank\" rel=\"noopener nofollow\">noted<\/a> that it may have been a North Korean threat actor based on a reused IP address.<\/p>\n<p>JumpCloud reported on July 12 that it had been compromised, and would provide further details of the attack as they were uncovered. Malware used in the attack included <strong>FULLHOUSE.DOORED<\/strong>, <strong>STRATOFEAR<\/strong>, and <strong>TIEDYE<\/strong>. Mandiant investigated, and attributed the attack and malware to UNC4899, a North Korean threat actor that likely corresponds to 2022&#8217;s TraderTraitor Mac malware.<\/p>\n<p>In July, Proofpoint wrote about <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware\" target=\"_blank\" rel=\"noopener nofollow\"><strong>NokNok<\/strong><\/a>, a Mac port of GorjolEcho Windows malware. NokNok was distributed via a targeted email campaign. Proofpoint attributed this malware to the Charming Kitten APT group, associated with Iran. Although the company provided hashes for NokNok, the samples have not turned up on VirusTotal or other public repositories.<a name=\"iphone\"><\/a><\/p>\n<p>Apparently an Operation Triangulation implant for macOS (associated with TriangleDB, used against Russian iPhones)<\/p>\n<h4><strong>iPhone mercenary spyware<\/strong><\/h4>\n<p>Although most people assume that there isn&#8217;t any iPhone malware, that isn&#8217;t actually the case.<\/p>\n<p>There are several commercial &#8220;mercenary&#8221; spyware companies that sell their wares to government and law enforcement agencies. Unfortunately, governments have been caught abusing these tools to spy on journalists, politicians, dissidents, and their own citizens. The NSO Group\u2019s <strong>Pegasus<\/strong> spyware <a href=\"https:\/\/www.intego.com\/mac-security-blog\/topic\/pegasus\/\">continues to appear in headlines<\/a>. The Citizen Lab and Microsoft released reports indicating that QuaDream&#8217;s <strong>KingsPawn<\/strong> spyware was used to <a href=\"https:\/\/techcrunch.com\/2023\/04\/11\/quadream-spyware-hacked-iphones-calendar-invites\/\" target=\"_blank\" rel=\"noopener\">hack iPhone victims with rogue calendar invites<\/a>. Kaspersky Lab revealed that several vulnerabilities were chained together to infect iPhones in Russia with <a href=\"https:\/\/www.intego.com\/mac-security-blog\/topic\/triangledb\/\"><strong>TriangleDB<\/strong><\/a> spyware this year; Apple has since patched these vulnerabilities. In September, Apple patched vulnerabilities exploited by <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-patches-predator-exploited-vulnerabilities-for-ios-ipados-macos-watchos\/\"><strong>Predator<\/strong><\/a> spyware. Meanwhile, which it didn&#8217;t get as much attention in 2023, Italy-based RCS Lab also develops <strong>Hermit<\/strong> spyware.<\/p>\n<p>If you feel you have an elevated need to protect yourself from sophisticated threat actors, Apple users should use <a href=\"https:\/\/support.apple.com\/en-us\/HT212650\">Lockdown Mode<\/a>. This high-security mode is available on Macs, iPhones, and as of late 2023, the Apple Watch, too. It&#8217;s a bit inconvenient to use devices with Lockdown Mode enabled, as it&#8217;s designed to disable several common features, such as the ability to view PDFs in Safari or sent via iMessage. But, as <a href=\"https:\/\/citizenlab.ca\/2023\/04\/nso-groups-pegasus-spyware-returns-in-2022\/\" target=\"_blank\" rel=\"noopener\">reported by The Citizen Lab<\/a>, Lockdown Mode has been proven to limit such malware&#8217;s ability to infect iPhones.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/where-did-virusbarrier-ios-go\/\">Apple banned all antivirus software from the iOS App Store in 2015<\/a>. But perhaps in the future, at least in the EU given its new rules taking effect in March, we may see the return of antivirus apps that can run directly on iOS. In the meantime, <a href=\"https:\/\/offer.intego.com\/BlogMACAV_lbmxlkchf\">VirusBarrier X9<\/a> is the only Mac antivirus utility designed to <a href=\"https:\/\/support.intego.com\/hc\/en-us\/articles\/207114798-VirusBarrier-X9-How-to-Scan-iPhone-iPad-and-iPod-Touch\">scan iPhone, iPad, and iPod touch for a wide variety of malware files<\/a>.<\/p>\n<p><a name=\"pua\"><\/a>Of course, those are just the most sophisticated forms of malware that affects iPhones. See the next section for threats founds in the App Store.<\/p>\n<h4><strong>Potentially unwanted apps (PUAs\/PUPs) and fraudulent apps<\/strong><\/h4>\n<p>First, let&#8217;s talk about a potentially unwanted Mac app, then we&#8217;ll look at iOS and iPadOS threats (which can also be installed on Apple silicon Macs via the Mac App Store).<\/p>\n<p>In August, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/did-the-nightowl-app-really-join-macs-to-a-botnet-army\/\">Intego published a detailed investigative report about an app called <strong>NightOwl<\/strong><\/a>. A blog post claimed that the software joined Macs to a botnet army, so we investigated. It turned out that NightOwl had been sold by the original developer to a different software development team, and they had made some sketchy changes. While the app wasn&#8217;t observed doing anything overtly malicious, it contained code that indicated that could potentially let users&#8217; Macs be leveraged by unscrupulous third parties using a &#8220;residential proxy&#8221; service. Read our report for more details.<\/p>\n<p>And now let&#8217;s shift to potentially unwanted and fraudulent apps found in the iOS and iPadOS App Stores.<\/p>\n<p>Throughout the year, many mobile app developers engaged in unethical behavior, and somehow their apps were still approved by human App Store reviewers.<\/p>\n<p>One developer published a <a href=\"https:\/\/www.intego.com\/mac-security-blog\/after-backlash-apple-removes-fake-threads-app-unethical-loan-apps-from-app-store\/\"><strong>fake Threads app<\/strong><\/a>, designed to look like Meta&#8217;s (ostensibly &#8220;Instagram&#8217;s&#8221;) new social network app, that charged exorbitant subscription fees. It was available in regions where the real Threads app had not yet launched, making it especially likely that victims in those regions could encounter it and think it was the real Threads app.<\/p>\n<p>Later in the year, after Elon Musk-owned xAI announced its Grok chatbot (a ChatGPT competitor), Intego reported on <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-and-google-host-fake-xai-grok-chat-bot-apps-in-their-app-stores\/\"><strong>multiple fake xAI apps<\/strong><\/a> in the App Store\u2014none of which were actually affiliated with the AI startup.<\/p>\n<p>Meanwhile, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apples-ios-app-store-continues-to-host-scammy-unethical-apps\/\"><strong>fraudulent loan apps<\/strong><\/a> were a persistent problem in the App Store throughout 2023. In some countries\u2014such as India, Indonesia, Nigeria, the Philippines, and Thailand\u2014financial loan apps are very popular. One researcher named Babu singlehandedly found and reported <strong>more than 200 fraudulent loan apps<\/strong> to Apple in 2023. Based on Babu&#8217;s research, these fraudulent apps likely had millions of cumulative downloads throughout 2023; in a particular one-week period in August, just five of fraud apps had garnered hundred of thousands of downloads, as Intego <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apples-ios-app-store-continues-to-host-scammy-unethical-apps\/\">reported<\/a> in September.<a name=\"misc\"><\/a><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Completed 6 months today since I started eating <a href=\"https:\/\/twitter.com\/hashtag\/FraudLoanApps?src=hash&amp;ref_src=twsrc%5Etfw\">#FraudLoanApps<\/a> for breakfast, lunch and dinner.<\/p>\n<p>\ud83d\udd38Total Apps Removed = 2344<br \/>\ud83d\udd38Google Play Store = 2125<br \/>\ud83d\udd38iOS App Store = 219<\/p>\n<p>&#8230;and this is just a beginning \ud83e\udd77<\/p>\n<p>&mdash; Babu \uea00 (@pooniawalla) <a href=\"https:\/\/twitter.com\/pooniawalla\/status\/1738554863951175762?ref_src=twsrc%5Etfw\">December 23, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h4><strong>Miscellaneous malware<\/strong><\/h4>\n<p>Other examples of Mac malware include various <strong>CoinMiner<\/strong> variants; these are cryptocurrency mining software, often installed by threat actors as part of a cryptojacking campaign. The term <a href=\"https:\/\/www.intego.com\/mac-security-blog\/topic\/cryptojacking\/\">cryptojacking<\/a> refers to mining for cryptocurrency using someone else&#8217;s computing resources, without their explicit permission or consent.<\/p>\n<p>Worth a brief mention is <strong>SparkRAT<\/strong>: an open-source, cross-platform remote access tool that has been in development since 2022. SentinelOne <a href=\"https:\/\/www.sentinelone.com\/labs\/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation\/\" target=\"_blank\" rel=\"noopener nofollow\">wrote<\/a> in <a name=\"fbi\"><\/a>January 2023 that SparkRAT had been used in an attack campaign dubbed DragonSpark, although they did not report that any Macs were infected as part of this campaign.<\/p>\n<h4><strong>FBI takedowns of malware<\/strong><\/h4>\n<p>The FBI was involved in takedowns of at least two Mac-connected malware operations in 2023.<\/p>\n<p>In March, the FBI and collaborators <a href=\"https:\/\/www.intego.com\/mac-security-blog\/fbi-shuts-down-11-year-old-netwire-rat-malware\/\">shut down the distribution servers of <\/a><a href=\"https:\/\/www.intego.com\/mac-security-blog\/fbi-shuts-down-11-year-old-netwire-rat-malware\/\"><strong>NetWire<\/strong> (aka NetWeird)<\/a>, which was commercial spyware. Unfortunately, NetWire had enabled surreptitious spying on Mac users for 11 years; Intego first reported about it in 2012.<\/p>\n<p>Later, in May, the FBI and other U.S. and international agencies worked together to <a href=\"https:\/\/www.cybercom.mil\/Media\/News\/Article\/3389285\/us-and-allies-identify-and-expose-russian-intelligence-gathering-snake-malware\/\" target=\"_blank\" rel=\"noopener\">shut down <strong>Turla&#8217;s Snake<\/strong> malware operation<\/a>, as we reported on in <a href=\"https:\/\/www.intego.com\/mac-security-blog\/snake-malware-lockdown-mode-and-apple-app-subscriptions\/\">episode 291<\/a> of the Intego Mac Podcast. <a name=\"ai\"><\/a>A Mac variant of the Snake malware was discovered six years prior; Intego <a href=\"https:\/\/www.intego.com\/mac-security-blog\/snake-malware-ported-from-windows-to-mac\/\">reported<\/a> about it in May 2017.<\/p>\n<h4><strong>AI&#8217;s impact on malware in 2023<\/strong><\/h4>\n<p class=\"p1\">It&#8217;s undeniable that AI tools similar to ChatGPT have made it easier for less sophisticated coders to write malware. Back in February, we wrote that &#8220;<a href=\"https:\/\/www.intego.com\/mac-security-blog\/chatgpt-is-malware-makers-new-a-i-partner-in-crime\/\">ChatGPT is malware makers\u2019 new A.I. partner in crime<\/a>,&#8221; as it had been repeatedly jailbroken (i.e. its guardrails circumvented) to write malware, phishing messages, and other potentially harmful content.<\/p>\n<p class=\"p1\">In July, reports emerged about WormGPT, which threat actors were beginning to use to generate phishing e-mails targeted at businesses; we discussed this on <a href=\"https:\/\/www.intego.com\/mac-security-blog\/shadowvault-wormgpt-and-apples-re-released-rapid-security-response-intego-mac-podcast-episode-301\/\">episode 301<\/a> of the Intego Mac Podcast. WormGPT is specifically designed for black-hat\u00a0 hackers&#8217; use; thus it&#8217;s only available via the Dark Web, making it more difficult for law enforcement to shut down.<\/p>\n<p>In early November, Elon Musk-owned artificial intelligence startup xAI launched Grok, its own ChatGPT-like chatbot. While not specifically designed for malware or phishing content creation, it&#8217;s able to do both, sometimes with a bit of prodding. Unlike ChatGPT, which simply blocks such queries, <a href=\"https:\/\/twitter.com\/theJoshMeister\/status\/1733315517598019743\" target=\"_blank\" rel=\"noopener\">Grok provides the requested output while warning about ethical considerations<\/a>. The company hasn&#8217;t said whether additional guardrails may be put in place eventually. Grok isn&#8217;t free; currently the only way to access it is to pay $16 per month for <a href=\"https:\/\/help.twitter.com\/en\/using-x\/x-premium\" target=\"_blank\" rel=\"noopener\">X Premium+<\/a>, the highest paid tier of X (formerly known as Twitter).<\/p>\n<p>In December, <a href=\"https:\/\/huggingface.co\/WhiteRabbitNeo\" target=\"_blank\" rel=\"noopener\">WhiteRabbitNeo<\/a> launched as a tool for offensive and defensive cybersecurity. With a ChatGPT-like interface, it&#8217;s specifically designed for red, blue, and purple teamers (i.e. people hired to ethically attack and\/or defend corporate environments). Its usage agreement prohibits use by militaries as well as a variety of unethical uses such as intentionally spreading misinformation. But, of course, there&#8217;s no way to prevent less-ethical individuals from violating the usage agreement.<\/p>\n<p>It&#8217;s important to emphasize that any tool can be used for good or for evil. The same AI tools that black-hat threat actors use to create malware can also be used by white-hat security researchers trying to make the world safer for everyone.<a name=\"forecast\"><\/a><\/p>\n<h3>Malware forecast for 2024<\/h3>\n<p>Given the sharp rise in <strong>stealer malware<\/strong> in 2023, and the lack of mitigations for such threats, we expect this trend to continue well into 2024. Browser makers should work together to identify better ways to safeguard browser data on the client side. And more importantly, Internet standards bodies should work with providers of Web services to validate that authentication cookies have not been stolen from a victim and reused by an attacker.<\/p>\n<p>Due to the lack of changes recently to Apple&#8217;s app review and vetting processes, we&#8217;ll likely continue to see more <strong>fraud apps in the App Store<\/strong>. Moreover, it remains to be seen exactly how iPhone apps will be distributed outside of the App Store in the EU, in order for Apple to comply with the Digital Markets Act (DMA); sideloaded apps, or apps obtained through a third-party app store, <a href=\"https:\/\/www.intego.com\/mac-security-blog\/if-apple-allows-sideloading-in-ios-17-how-will-iphone-security-be-affected\/\">could potentially also be a new threat vector<\/a> through which PUA or malware could make its way onto iPhones.<\/p>\n<p>Each year we continue to see more macOS malware written by sophisticated and well-funded attack groups. And in 2023, there were more reports than ever about iOS APT malware. We fully anticipate observing more Mac-targeted and iPhone-targeted <strong>APT malware<\/strong> surfacing throughout 2024.<\/p>\n<p>And everyone always wants to know how the rise of AI will impact malware. Given the ease at which attackers with little to no coding experience can now get LLMs to write code for them, it won&#8217;t be surprising to see more chatbot-generated malware in 2024. So yes, there will be more <strong>AI-generated malware<\/strong> in 2024. However, it may not always be easy to identify malware as being generated by AI. Threat developers often reuse code anyway, and chatbots are trained on publicly available data, including malware for which source code is readily available online.<a name=\"staysafe\"><\/a><\/p>\n<h3>How can I keep my Mac safe from malware?<\/h3>\n<p><img loading=\"lazy\" class=\"alignright size-medium wp-image-54214\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png\" alt=\"Intego X9 software boxes\" width=\"200\" height=\"100\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-300x150.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch-150x75.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2016\/06\/X9-Mac-Antivirus-Launch.png 600w\" sizes=\"(max-width: 200px) 100vw, 200px\" \/>Intego VirusBarrier X9, included with <strong><a href=\"https:\/\/offer.intego.com\/BlogMACAV_lbmxlkchf\">Intego&#8217;s Mac Premium Bundle X9<\/a><\/strong>, can protect against, detect, and eliminate all of the malware covered in this write-up, and a lot more.<\/p>\n<p>If you believe your Mac may be infected, or to prevent future infections, it&#8217;s best to use antivirus software from a trusted Mac developer. VirusBarrier is award-winning antivirus software, designed by Mac security experts, that includes <a href=\"https:\/\/www.intego.com\/mac-security-blog\/why-your-antivirus-needs-real-time-scanning\/\">real-time protection<\/a>. It runs natively on both Intel- and Apple silicon-based Macs, and it&#8217;s compatible with Apple&#8217;s current Mac operating system, macOS Sonoma.<\/p>\n<p>If you use a Windows PC, <a href=\"https:\/\/www.intego.com\/lp\/route-podcast-intego\/?channel=Podcast_Intego&amp;lpx=buy\"><strong>Intego Antivirus for Windows<\/strong><\/a> can keep your computer protected from malware.<a name=\"learnmore\"><\/a><\/p>\n<h3>How can I learn more?<\/h3>\n<p>We&#8217;ll discuss this topic on episode 329 of the Intego Mac Podcast; follow the podcast in <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\">Apple Podcasts<\/a>, <a href=\"https:\/\/open.spotify.com\/show\/4qhPQ87mHqBx8Q6jMKj38P\">Spotify<\/a>, or <a href=\"https:\/\/podcast.intego.com\/\">wherever you prefer to listen<\/a> to make sure you don&#8217;t miss it!<\/p>\n<p>For some additional details about of the Mac malware of 2023, you can read <a href=\"https:\/\/objective-see.org\/blog\/blog_0x77.html\" target=\"_blank\" rel=\"noopener nofollow\">Patrick Wardle&#8217;s<\/a> and <a href=\"https:\/\/www.sentinelone.com\/blog\/macos-malware-2023-a-deep-dive-into-emerging-trends-and-evolving-techniques\/\" target=\"_blank\" rel=\"noopener nofollow\">Phil Stokes&#8217;s<\/a> write-ups.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img class=\"alignleft\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\" alt=\"\" width=\"80\" \/><\/a>Each week on the <a href=\"https:\/\/podcast.intego.com\/\" target=\"_blank\" rel=\"noopener\"><strong>Intego Mac Podcast<\/strong><\/a>, Intego&#8217;s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" rel=\"noopener\"><strong>follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n<p>You can also subscribe to our <a href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-security-newsletter\/\"><strong>e-mail newsletter<\/strong><\/a> and keep an eye here on <a href=\"https:\/\/www.intego.com\/mac-security-blog\"><strong>The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don&#8217;t forget to follow Intego on your favorite social media channels: <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Twitter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Twitter-logo-icon-64.png\" alt=\"Follow Intego on Twitter\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Facebook\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Facebook-logo-icon-64.png\" alt=\"Follow Intego on Facebook\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on YouTube\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/YouTube-logo-icon-64.png\" alt=\"Follow Intego on YouTube\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.pinterest.com\/intego\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(0, 0, 0, 0.2); border-radius: 8px;\" title=\"Follow Intego on Pinterest\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Pinterest-logo-icon-64.png\" alt=\"Follow Intego on Pinterest\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/intego\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on LinkedIn\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/LinkedIn-logo-icon-64.png\" alt=\"Follow Intego on LinkedIn\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow Intego on Instagram\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/10\/Instagram-logo-icon-64.png\" alt=\"Follow Intego on Instagram\" width=\"16\" \/><\/a>\u00a0<a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener\"><img style=\"border-width: 1px; border-style: solid; border-color: rgba(255, 255, 255, 0.2); border-radius: 8px;\" title=\"Follow the Intego Mac Podcast on Apple Podcasts\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" alt=\"Follow the Intego Mac Podcast on Apple Podcasts\" width=\"16\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.<\/p>\n","protected":false},"author":14,"featured_media":99673,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[1486,86,4722],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Mac and iPhone malware of 2023\u2014and what to expect in 2024 - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-26T23:57:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-04T19:59:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg\",\"width\":400,\"height\":260,\"caption\":\"Apple Mac iPhone malware year in review for 2023 calendar icon logo virus emoji\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/\",\"name\":\"The Mac and iPhone malware of 2023\\u2014and what to expect in 2024 - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage\"},\"datePublished\":\"2024-01-26T23:57:25+00:00\",\"dateModified\":\"2024-04-04T19:59:04+00:00\",\"description\":\"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Mac and iPhone malware of 2023\\u2014and what to expect in 2024\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"The Mac and iPhone malware of 2023\\u2014and what to expect in 2024\",\"datePublished\":\"2024-01-26T23:57:25+00:00\",\"dateModified\":\"2024-04-04T19:59:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage\"},\"wordCount\":3114,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg\",\"keywords\":[\"iOS Malware\",\"Malware\",\"Stealer Malware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/","og_locale":"en_US","og_type":"article","og_title":"The Mac and iPhone malware of 2023\u2014and what to expect in 2024 - The Mac Security Blog","og_description":"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.","og_url":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2024-01-26T23:57:25+00:00","article_modified_time":"2024-04-04T19:59:04+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg","width":400,"height":260,"caption":"Apple Mac iPhone malware year in review for 2023 calendar icon logo virus emoji"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/","name":"The Mac and iPhone malware of 2023\u2014and what to expect in 2024 - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage"},"datePublished":"2024-01-26T23:57:25+00:00","dateModified":"2024-04-04T19:59:04+00:00","description":"From Mac to iPhone, and from stealer malware to APTs, we review the major Apple malware of 2023. We also forecast what types of malware we can expect to see more of in 2024.","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"The Mac and iPhone malware of 2023\u2014and what to expect in 2024"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"The Mac and iPhone malware of 2023\u2014and what to expect in 2024","datePublished":"2024-01-26T23:57:25+00:00","dateModified":"2024-04-04T19:59:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#webpage"},"wordCount":3114,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg","keywords":["iOS Malware","Malware","Stealer Malware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/the-mac-and-iphone-malware-of-2023-and-what-to-expect-in-2024\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/01\/2023-apple-year-in-security-review-400x260-1.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-pVz","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/99669"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=99669"}],"version-history":[{"count":13,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/99669\/revisions"}],"predecessor-version":[{"id":100148,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/99669\/revisions\/100148"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/99673"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=99669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=99669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=99669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}