Learn about the sharp increase in infostealer malware targeting macOS, including threats like DigitStealer and Eternidade Stealer, and how they compromise user data.
© RusPhotoBank
Microsoft researchers have documented a sharp increase in infostealer attacks targeting macOS, definitively debunking the myth of Apple's ecosystem being inherently more secure. While such malware previously focused primarily on Windows, since late 2025, more campaigns have been aimed specifically at Mac users. Attackers are actively leveraging cross-platform languages like Python and disguising malicious code as legitimate applications—such as PDF editors, utilities, and document services.
Modern macOS infostealers, including DigitStealer, MacSync, and Atomic macOS Stealer, deeply integrate into the system by utilizing native tools, AppleScript, and fileless techniques. This allows them to stealthily extract data from browsers, keychains, and active sessions, bypassing traditional security measures. One notable case involved the fake application Crystal PDF, which spread via advertising and SEO manipulation on Google and, once installed, stole users' cookies and credentials.
Experts are particularly alarmed by Eternidade Stealer, which uses WhatsApp for chain propagation. After compromising a victim's account, the malware automatically sends infected files to their contacts and monitors device activity, waiting for logins to banking services or cryptocurrency exchanges. This approach significantly amplifies the scale of attacks, making them especially dangerous for home macOS users.