Are you a new user?


Cybercriminals: Now Targeting Apple Users

Cybercriminals are using malicious ads and fake websites to distribute info-stealing malware targeting Mac users. Two distinct malware strains, Atomic Stealer and Realst, are being used in these campaigns, with different infection methods.

Atomic Stealer is spread through fake ads promoting the Arc Browser, redirecting users to look-alike sites that infect Macs with the malware.

Realst malware is distributed through a fake website offering free group meeting scheduling software, tricking users into installing the malware on their Macs. Realst can bypass the macOS Gatekeeper security feature, which verifies downloaded applications for malware before installation, highlighting its sophistication.

Recommendations to stay safe from Mac malware include being cautious with ads and fake software, sticking to reputable sources, and considering the use of Mac antivirus software for added protection.

The potential financial gains from infecting Macs with malware drive hackers to continue developing and spreading malicious campaigns, necessitating increased caution for Mac users while downloading software. https://www.tomsguide.com/computing/malware-adware/macs-under-threat-by-malicious-info-stealing-malware-spread-through-ads-and-fake-software-dont-fall-for-this (Apr. 01, 2024).


Although the editions of software being used to steal information are new, the social engineering methods are the same - trick users so they input sensitive information and/or download malicious software.

All device users should be wary of online advertisements, including offers of free software.

According to one source:

Statistics gathered between October and December 2019 by Avast's Threat Lab experts show that adware was responsible for 72 percent of all mobile malware, and the remaining 28 percent consisted of banking trojans, fake apps, lockers, and downloaders. https://www.prnewswire.com/news-releases/adware-accounts-for-72-of-all-mobile-malware-301020447.html

The same source provides these tips can help prevent adware attacks:

  • Only download apps from official app stores, like Google Play, because they have security measures in place to check apps before developers upload them, or download from the app's website directly for extra assurance

  • Check app ratings of other users in the store because it's still important to watch out for fakes. If an app has few stars and many negative comments, something might be amiss

  • Carefully review the permissions an app requests before downloading an app; if an app requests access to data that it doesn't need in order to function, it might be fraudulent

  • Check your banking and credit card statements to identify any unauthorized payments. Cybercriminals will select low-cost subscriptions so they're hard to spot

  • Use an antivirus solution on your phone to identify and stop any attempted attacks.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey: