Adware – The Most Prolific Form of Malware on macOS

Did you know? Adware can monitor Mac activities without consent, and some forms try to disable anti-malware protection.


Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Years ago, Apple fans believed Macs were safe from malware. Now, everyone from regular users to power users to Apple itself knows that’s simply not true.

Cybercrime is on the rise, so the idea of malware increasingly targeting the mostly overlooked macOS make sense. In recent years, Apple has created a variety of security layers in a bid to strengthen the security of its desktop OS and protect its users.

With the new macOS High Sierra, encrypting your data with FileVault can keep ransomware at bay. Gatekeeper makes downloading new apps safer. And Safari, the web browser that ships with every Mac, now has intelligent mechanisms to thwart advertisers engaging in cross-site tracking.

However, often these safeguards are not enough to stay out of harm’s way when using a Mac. For example, Apple can’t always prevent users from unknowingly getting infected with adware.

Mere nuisance or real threat?

Adware, or advertising-supported software, is usually delivered for free to the user, but comes with strings attached. Sometimes, ad-supported applications hijack the browser's home page and send it to an advertiser's search engine, where every search term comes with affiliate recommendations.

Other times, these applications install trial software. Once the trial has ended, though, the app will often nag the user to pay a license fee, which is shared between the app vendor and the adware application author.

While adware isn’t as malicious as other forms of malware, it can still pose serious threats to users:

  • Adware monitors users’ activities without their consent
  • Ads produced by adware are often not closable.
  • Adware sometimes attempts to disable anti-malware protection using stolen certificates
  • Since advertisers sometimes aggressively profile users and their devices, adware can cross into a grey area, becoming fully fledged spyware

The usual suspects

Certain pieces of malware are more prolific than others, so the same names usually show up in our telemetry. In the past 12 months, Genio – by far the best-known piece of adware – could always be found in the top 10. Next in line were Pirrit, SurfBuyer, and Spigot.

Apple's XProtect anti-malware mechanism identifies Genieo as malware (as it does many other “potentially unwanted applications,” or PUAs), but Pirrit is a relatively new name on the macOS adware scene. Researchers found Pirrit is mostly benign, as it merely serves up ads. However, because it has access to a lot of areas on the targeted systems, it could presumably be used to steal personal data or intellectual property.

Adware versus the rest of the pack

Bitdefender telemetry for the October 2016 - September 2017 period shows adware is still a flourishing business, holding third place (out of nine malware categories) with a 10% plus share on macOS.

PUA takes the lion’s share, accounting for more than 35% of the malware on Macs. Considering adware is essentially part of the PUA ecosystem, we can regard adware as the most prolific form of malware on Apple computers.

While some rate adware as a mere nuisance, Bitdefender believes Mac users are entitled to a safe and hassle-free experience. Bitdefender Antivirus for Mac works side-by-side with macOS’s XProtect and Gatekeeper to warn users when aggressive malware is bundled with their favorite software, allowing them to avoid infection.

To learn more, or to download your 30-day free trial, visit Bitdefender Antivirus for Mac.