In early 2020, analysts at Malwarebytes reported a dramatic spike in the distribution of Mac threats. The security firm’s solutions had detected a fourfold year-over-year increase in malicious apps tailor-made to run on macOS machines. Back then, these unsetting statistics eclipsed the state of things in the Windows threat ecosystem, but there was an important nuance worth emphasizing.

Analysts at cybersecurity firm SentinelOne have recently shed light on a long-running macOS cryptomining malware strain codenamed OSAMiner. These would have been garden-variety findings if it weren’t for the fact that the infection has been playing a hide-and-seek game with researchers since around 2015. Its uniqueness stems from the use of what’s called run-only AppleScript files to download and execute the dodgy components.

Apple has made a bold move to pull the plug on app makers’ privacy foul play. The new rules now in effect require that every developer provides a clear-cut summary of what types of data their products collect. This is expected to raise users’ awareness of the potential privacy roadblocks they may hit down the road when using a particular application.

Apple’s terrific track record of keeping macOS safe from malicious apps is a double-edged sword. Recent findings of security enthusiasts about a Gatekeeper quirk demonstrate that the trade-off between security and privacy is a nontrivial one. Before elaborating on this issue further, let’s recall what this feature is intended to do in the first place. When a user tries to run an app, it checks the code against a database of known-harmful software.

The unorthodox Mac malware strain with backdoor capabilities has code overlaps and shares some behavior patterns with earlier threats distributed by the OceanLotus Advanced Persistent Threat group. Also referred to as APT32, this gang is considered to have a connection with the Vietnamese authorities. It has been previously spotted in plots aiming to perpetrate industrial espionage attacks...