Stealers on the Rise: A Closer Look at a Growing macOS Threat unit42.paloaltonetworks.com/macos-ste…

We recently identified a growing number of attacks targeting macOS users across multiple regions and industries. Our research has identified three particularly prevalent macOS infostealers in the wild, which we will explore in depth: Poseidon, Atomic and Cthulhu. We’ll show how they operate and how we detect their malicious activity.

Infostealers can sometimes be viewed as a less worrisome type of threat due to their more limited functionality compared to, for example, remote access Trojans. But by exfiltrating sensitive credentials, financial records and intellectual property, infostealers often lead to data breaches, financial losses and reputational damage. These are all things organizations need to take seriously. A recent analysis of these attacks shows that infostealers account for the largest group of new macOS malware in 2024. In our own telemetry, we detected a 101% increase of macOS infostealers between the last two quarters of 2024.