Phishing attacks on Mac users grew by 9% reaching 1.6M

The number of phishing attacks targeting users of Mac computers, iOS-based mobile devices, and the associated web services ecosystem to lure them into fraudulent schemes has reached 1.6 million in the first half of 2019.

This figure is around 9% greater than the attacks experienced in the whole of 2018. The growing number of users of popular digital devices is clearly attracting more and more cybercriminals. This is one of key finding of Kaspersky’s Threats to macOS Users Report 2019.

While the volume of malicious software threatening users of macOS and the iOS mobile platform is much lower than those threating users of Windows and Android platforms, when it comes to phishing — a platform-agnostic cyberthreat — things are quite different. As they rely on social engineering, most phishing attacks have nothing to do with software.

As Kaspersky’s recent research showed, the number of cases where users faced fraudulent web pages utilizing the Apple brand as a decoy has increased significantly in the first six months of the year, reaching 1.6 million. This figure is 9% higher than during the whole of 2018 when Kaspersky security solutions prevented more than 1.49 million attempts to access Apple-themed phishing pages. The research is based on threat statistics voluntarily shared by users of Kaspersky Security Network, a global cloud infrastructure designed for immediate response to emerging cyberthreats.

Among the most frequent fraud schemes are those designed to resemble the iCloud service interface and to steal credentials to Apple ID accounts. Links to such services usually come from spam emails which pose as emails from technical support. They often threaten to block user accounts should they not click the link.


Another widespread scheme is the use of scaremongering pages that try to convince the user that their computer is under serious security threat and it will only take a couple of clicks and a few dollars to solve those issues.

“While technically these fraud schemes are nothing new, we believe they pose an even greater danger to Apple users than similar schemes against users of other platforms such as Windows or Android. That is because the ecosystem around Macs and other Apple devices is generally considered a far safer environment. Therefore users might be less cautious when they encounter fake websites. Meanwhile, the successful theft of iCloud account credentials could lead to serious consequences. An iPhone or iPad could be remotely blocked or wiped out by a malicious user, for example. We urge users of Apple devices to pay more attention to any emails they receive claiming to be from technical support, which requests your details or ask you to visit a link,” said Tatyana Sidorina, security researcher at Kaspersky Lab.

In addition to a rise in phishing, the report also revealed other types of threats to users of macOS-based devices. The results have demonstrated some relatively positive tendencies: the most common threats for Mac users proved not to be critically dangerous malware, like banking Trojans, but instead AdWare threats, which are not necessarily fatal and defined as “potentially unwanted programs.” Most are threatening users by overloading their devices with unrequested advertisements, yet some of these programs might, in fact, turn out to be a disguise for more serious threats.


Kaspersky researchers also found out that the total number of phishing attacks detected in the first half of 2019 on Mac computers protected by Kaspersky solutions was almost 6 million. The whole of 2018 saw 7.3 million hits. About 39.95% of them were aimed at stealing users’ financial data. That is 10 percentage points more than in the first half of 2018. Some regions had more macOS users hit by phishing than others: Brazil leads this list with 30.9% of users attacked, India follows with 22.1% and France with 22%.

The most active malware to hit macOS users were variations of the Shlayer family, that succeeded in distribution by disguising itself as Adobe Flash Player updates.