Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices

1. Pro
2. Security

Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices News By Sead Fadilpašić published 4 February 2026

Microsoft shares recommendations and mitigations for macOS users

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Image credit: MacFormat)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Microsoft warns macOS now faces a rapidly expanding malware and infostealer ecosystem
• Threat actors use social engineering and malicious ads to deliver DMG installers with variants like DigitStealer, MacSync, and AMOS
• Attackers target browser sessions, cloud tokens, and developer credentials, while abusing legitimate tools like WhatsApp and Google Ads for propagation

Gone are the days when Windows was always the number one target for cybercriminals - as new research has found macOS is equally as important, with users facing a “rapidly expanding” ecosystem of malware, social engineering tactics, and legitimate but weaponized tools.

A Microsoft report found hackers are using social engineering techniques such as ClickFix (faking a problem and offering a “solution”), and malicious advertising campaigns, to deliver disk image (DMG) installers.

These installers then drop all sorts of nasties, but a few malware variants stand out - DigitStealer, MacSync, and Atomic macOS Stealer (AMOS). Microsoft also said that cross-platform malware, like the ones written in Python, is accelerating infostealer activity since it allows threat actors to quickly adapt across mixed environments.

You may like

• Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe
• New MacOS malware exploits trusted AI and search tools
• New macOS malware chain could cause a major security headache - here's what we know

Long-running aggregation effort

Most of the time, the crooks are interested in stealing sensitive data. However, that no longer means just passwords - it also includes browser sessions, keychains, cloud tokens, and developer credentials, since these secrets enable account takeovers, supply chain compromise, BEC and ransomware attacks and, in some cases, direct cryptocurrency theft.

Microsoft also observed the abuse of legitimate tools and services. For example, it has seen hackers compromising people’s WhatsApp accounts and then using them to propagate infostealers and other malware.

In other cases, they’ve seen malicious ad campaigns running on the Google Ads network, promoting a fake PDF editor that not only deploys an infostealer, but also establishes persistence, too.

The company has also shared a long list of recommendations and mitigations that businesses should follow, including educating employees about phishing, monitoring for suspicious Terminal activity, and inspecting network egress for POST requests to newly registered or suspicious domains.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Also, businesses should turn on cloud-delivered protection in Defender, deploy cloud-based machine learning protections, run EDR in block mode, and more.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS Microsoft Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe    New MacOS malware exploits trusted AI and search tools    New macOS malware chain could cause a major security headache - here's what we know    Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware    Glassworm returns once again with a third round of VS code attacks    Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket    Latest in Security Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files    Coinbase reveals insider breach did take place, customer info compromised    Russian hackers are targeting a new Office 365 zero-day, so patch now or face attack    Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe    Malwarebytes and ChatGPT team up to check all of those suspicious texts, emails, and URLs with one simple phrase    AI agent social media network Moltbook is a security disaster - millions of credentials and other details left unsecured    Latest in News AMD CEO assures us that Steam Machine is on track to ship 'early this year'    Alexa+ is now available for free to everyone in the US – but be cautious    A devious new Apple Pay scam is hitting millions – here’s how to stay safe    AMD graphics card makers rumored to be looking at more price hikes    Fitbit co-founders are launching a new fitness tracking service that caters to the whole family    Samsung just quietly ended support for the Galaxy S21 series    LATEST ARTICLES

1. 1Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices
2. 2AMD graphics card makers rumored to be looking at more price hikes — and they might abandon 16GB GPUs like Nvidia
3. 3Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files
4. 4'Valve is on track to begin shipping its AMD-powered Steam Machine early this year': AMD's CEO says gaming PC remains on course — and I'm hopeful it could arrive in March
5. 5Quordle hints and answers for Thursday, February 5 (game #1473)